Malicious anomaly detection/localization in 5G systems through group behaviour profiling based on federated machinelLearning

通过基于联邦机器学习的群体行为分析来检测/定位 5G 系统中的恶意异常

• 批准号: 567658-2021
• 负责人: Gherbi, AbdelouahedA
• 金额: $ 1.89万
• 依托单位: École de technologie supérieure
• 依托单位国家: 加拿大
• 项目类别: Alliance Grants
• 财政年份: 2022
• 资助国家: 加拿大
• 起止时间: 2022-01-01 至 2023-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=754221
• 关键词: Malicious; anomaly; detection; localization; 5G

Cloud computing and virtualization technologies including Network Function Virtualization and Software Defined Networking are now widely adopted in different industries including the highly sensitive and critical telecom industry. In particular, these technologies are increasingly deployed in the fifth generation (5G) of core networks. The adoption of these technologies provides great advantages such as flexibility and network programmability. However, it also increases the complexity of the system and expands the system attack surface, which requires special attention from a security perspective. While all aspects of cyber security (prevention, detection, mitigation, forensic, and auditing) are important, detection capabilities in particular play a significant role in securing the telecom systems, which in turn can be further specialized in attack detection, malware detection, and anomaly detection. Furthermore, the scope of anomaly detection can be further narrowed down to entities behavioral anomaly detection. For example, in this branch of detection, we would know if a specific component (e.g. microservice) is acting normal or abnormal based on its network and host interactions and activities. With the help of Machine Learning (ML), single entity normal behavior profiling and anomaly detection have been studied and improved extensively in recent years in the cybersecurity domain. However, fewer works consider profiling group behavior of multiple entities as their objective. This is due to the high dynamicity and complexity of the virtualized system, where this complexity is exacerbated with consideration of group behavior profiling, which requires a global view of the system. The main objective of this project is to investigate, design, and evaluate machine learning approaches to support the detection, identification, and localization of malicious anomalies in complex virtualized infrastructure deployed in 5G edge and core networks.

包括网络功能虚拟化和软件定义网络在内的云计算和虚拟化技术目前已广泛应用于不同的行业，包括高度敏感和关键的电信行业。特别是，这些技术越来越多地部署在第五代（5G）核心网络中。采用这些技术提供了灵活性和网络可编程性等巨大优势。但同时也增加了系统的复杂性，扩大了系统的攻击面，需要从安全角度予以特别关注。虽然网络安全的所有方面（预防、检测、缓解、取证和审计）都很重要，但检测能力在保护电信系统方面发挥着重要作用，而电信系统又可以进一步专门用于攻击检测、恶意软件检测和异常检测。进一步将异常检测的范围缩小到实体行为异常检测。例如，在这个检测分支中，我们将根据其网络和主机交互和活动来了解特定组件（例如微服务）的行为是否正常或异常。在机器学习（ML）的帮助下，单实体正常行为分析和异常检测近年来在网络安全领域得到了广泛的研究和改进。然而，很少有研究将分析多个实体的群体行为作为他们的目标。这是由于虚拟化系统的高动态性和复杂性，在考虑群体行为分析时，这种复杂性加剧了，这需要系统的全局视图。该项目的主要目标是研究、设计和评估机器学习方法，以支持在5G边缘和核心网络中部署的复杂虚拟化基础设施中恶意异常的检测、识别和定位。