# Design of an AI-driven secure 5G-SDN framework with federated reinforcement learning for anomaly detection, mitigation, and attack forensics

**Authors:** R. Shameli, Sujatha Rajkumar

PMC · DOI: 10.3389/frai.2026.1701944 · Frontiers in Artificial Intelligence · 2026-02-10

## TL;DR

This paper introduces a new AI-powered 5G network security framework that uses advanced machine learning techniques to detect and respond to cyber threats efficiently.

## Contribution

The novel framework combines EfficientNet-KD, Transformer networks, SNNs, FRL, and blockchain for secure and scalable 5G-SDN intrusion detection.

## Key findings

- The framework achieved 97.75% detection accuracy with 15 ms latency using benchmark datasets.
- It reduced energy consumption by 40% compared to traditional CNN and LSTM methods.
- Blockchain technology ensured reliable attack forensics and log integrity.

## Abstract

The increasing adoption of Software-Defined Networking (SDN) in 5G networks has revolutionized network management. However, this paradigm shift has introduced critical security vulnerabilities, including data-plane anomalies, control-layer intrusions, and Distributed Denial-of-Service (DDoS) attacks. Existing intrusion detection approaches based on Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks suffer from high computational overhead, long detection latency, and limited scalability, making them unsuitable for real-time 5G-SDN environments.

This article proposes a novel multi-layered security framework for 5G-SDN that integrates EfficientNet with Knowledge Distillation (KD), Transformer Networks, Spiking Neural Networks (SNNs), Federated Reinforcement Learning (FRL), and blockchain technology. EfficientNet-KD enables lightweight and accurate anomaly detection at the data-plane layer. Transformer networks capture long-range temporal dependencies to enhance control-layer attack detection. SNNs are employed for ultra-low-latency attack classification by mimicking human brain neural processing. FRL supports decentralized and privacy-preserving mitigation across SDN controllers, improving scalability, while blockchain technology ensures the integrity and immutability of attack logs for forensic reliability.

The proposed framework was evaluated using multiple benchmark datasets, including CICIDS2017, UNSW-NB15, IoT-23, and InSDN. Experimental results demonstrate an average detection accuracy of 97.75%, detection latency of 15 ms, and less than 5% throughput degradation. Each detection consumes only 0.25 J of energy, achieving a 40% reduction in energy usage compared to traditional CNN- and LSTM-based approaches.

The results verify that the proposed framework provides a scalable, energy-efficient, and low-latency intrusion detection and mitigation solution for 5G-SDN environments. By integrating lightweight deep learning, neuromorphic computing, decentralized learning, and blockchain-based security, the framework effectively addresses the limitations of existing methods and offers a robust approach for securing next-generation 5G-SDN networks.

## Full-text entities

- **Genes:** LIF (LIF interleukin 6 family cytokine) [NCBI Gene 3976] {aka CDF, DIA, HILDA, MLPLI}
- **Diseases:** poisoning (MESH:D011041), anomaly (MESH:D000013), FRL (MESH:D007859)
- **Chemicals:** SDN (-), FL (MESH:D005459)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12929375/full.md

## Figures

10 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12929375/full.md

## References

44 references — full list in the complete paper: https://tomesphere.com/paper/PMC12929375/full.md

---
Source: https://tomesphere.com/paper/PMC12929375