NLP-based Cross-Layer 5G Vulnerabilities Detection via Fuzzing Generated Run-Time Profiling

TL;DR

This paper presents an automated, machine learning-based method for detecting vulnerabilities and unintended behaviors in 5G stacks by analyzing run-time profiling data generated during fuzz testing, achieving high accuracy.

Contribution

It introduces a novel approach combining run-time profiling, feature space construction, and machine learning classification to detect 5G vulnerabilities automatically.

Findings

Detection accuracy ranges from 93.4% to 95.9%.

Effective in identifying and prioritizing real-time vulnerabilities.

Applicable to critical 5G infrastructure and applications.

Abstract

The effectiveness and efficiency of 5G software stack vulnerability and unintended behavior detection are essential for 5G assurance, especially for its applications in critical infrastructures. Scalability and automation are the main challenges in testing approaches and cybersecurity research. In this paper, we propose an innovative approach for automatically detecting vulnerabilities, unintended emergent behaviors, and performance degradation in 5G stacks via run-time profiling documents corresponding to fuzz testing in code repositories. Piloting on srsRAN, we map the run-time profiling via Logging Information (LogInfo) generated by fuzzing test to a high dimensional metric space first and then construct feature spaces based on their timestamp information. Lastly, we further leverage machine learning-based classification algorithms, including Logistic Regression, K-Nearest Neighbors, and Random Forest to categorize the impacts on performance and security attributes. The performance of the proposed approach has high accuracy, ranging from $ 93.4 \% $ to $ 95.9 \% $, in detecting the fuzzing impacts. In addition, the proof of concept could identify and prioritize real-time vulnerabilities on 5G infrastructures and critical applications in various verticals.