Multi-Stage Threat Modelling and Security Monitoring in 5GCN

TL;DR

This paper discusses the challenges of security monitoring in the dynamic, reconfigurable 5G Core Network (5GCN) and proposes solutions for threat detection and resource allocation to enhance security.

Contribution

It introduces a multi-stage threat modeling framework and security monitoring strategies tailored for the evolving architecture of 5GCN.

Findings

Identification of key threats to 5G networks

Proposed placement strategies for security monitoring

Framework for early detection of multi-stage attacks

Abstract

The fifth generation of mobile networks (5G) promises a range of new capabilities including higher data rates and more connected users. To support the new capabilities and use cases the 5G Core Network (5GCN) will be dynamic and reconfigurable in nature to deal with demand. It is these improvements which also introduce issues for traditional security monitoring methods and techniques which need to adapt to the new network architecture. The increased data volumes and dynamic network architecture mean an approach is required to focus security monitoring resources where it is most needed and react to network changes in real time. When considering multi-stage threat scenarios a coordinated, centralised approach to security monitoring is required for the early detection of attacks which may affect different parts of the network. In this chapter we identify potential solutions for overcoming these challenges which begins by identifying the threats to the 5G networks to determine suitable security monitoring placement in the 5GCN.