Slice-Aware Spoofing Detection in 5G Networks Using Lightweight Machine Learning

TL;DR

This paper introduces a lightweight, slice-aware machine learning framework for detecting spoofing attacks in 5G networks, improving accuracy while maintaining real-time performance on edge hardware.

Contribution

It presents a novel slice-aware detection approach using simple classifiers trained on traffic features, enhancing spoofing detection in 5G slices with low computational overhead.

Findings

Detection accuracy improved by up to 5%.

F1-scores ranged from 0.93 to 0.96.

Real-time operation achieved on commodity hardware.

Abstract

The increasing virtualization of fifth generation (5G) networks expands the attack surface of the user plane, making spoofing a persistent threat to slice integrity and service reliability. This study presents a slice-aware lightweight machine-learning framework for detecting spoofing attacks within 5G network slices. The framework was implemented on a reproducible Open5GS and srsRAN testbed emulating three service classes such as enhanced Mobile Broadband (eMBB), Ultra-Reliable Low-Latency Communication (URLLC), and massive Machine-Type Communication (mMTC) under controlled benign and adversarial traffic. Two efficient classifiers, Logistic Regression and Random Forest, were trained independently for each slice using statistical flow features derived from mirrored user-plane traffic. Slice-aware training improved detection accuracy by up to 5% and achieved F1-scores between 0.93 and 0.96 while maintaining real-time operation on commodity edge hardware. The results demonstrate that aligning security intelligence with slice boundaries enhances detection reliability and preserves operational isolation, enabling practical deployment in 5G network-security environments. Conceptually, the work bridges network-security architecture and adaptive machine learning by showing that isolation-aware intelligence can achieve scalable, privacy-preserving spoofing defense without high computational cost.