ÌÇÐÄVlog

Fifth generation mobile networks (5G) leverage the power of edge computing to move vital services closer to end users. With critical 5G core network components located at the edge there is a need for detecting malicious signalling traffic to mitigate potential signalling attacks between the distributed Network Functions (NFs). A prerequisite for detecting anomalous signalling is a network traffic dataset for the identification and classification of normal traffic profiles. To this end, we utilise a 5G Core Network (5GC) simulator to execute test scenarios for different 5G procedures and use the captured network traffic to generate a dataset of normalised service interactions in the form of packet captures. We then apply machine learning techniques (supervised learning) and do a comparative analysis on accuracy, which uses three features from the traffic meta-data. Our results show that the identification of 5G service use by applying ML techniques offer a viable solution to classifying normal services from network traffic metadata alone. This has potential advantages in forecasting service demand for resource allocation in the dynamic 5GC environment and provide a baseline for performing anomaly detection of NF communication for detecting malicious traffic within the 5G Service Based Architecture (SBA).

This article discusses how the gap between early 5G network threat assessments and an adversarial Tactics, Techniques, Procedures (TTPs) knowledge base for future use in the MITRE ATT&CK threat modelling framework can be bridged. We identify knowledge gaps in the existing framework for key 5G technology enablers such as SDN, NFV, and 5G specific signalling protocols of the core network. We adopt a pre-emptive approach to identifying adversarial techniques which can be used to launch attacks on the 5G core network (5GCN) and map these to its components. Using relevant 5G threat assessments along with industry reports, we study how the domain specific techniques can be employed by APTs in multi-stage attack scenarios based on historic telecommunication network attacks and motivation of APT groups. We emulate this mapping in a pre-emptive fashion to facilitate a rigorous cyber risk assessment, support intrusion detection, and design defences based on common APT TTPs in a 5GCN.

The threat landscape is evolving with tremendous speed. We are facing an extremely fast-growing attack surface with a diversity of attack vectors, a clear asymmetry between attackers and defenders, billions of connected IoT devices, mostly reactive detection and mitigation approaches, and finally big data challenges. The clear asymmetry of attacks and the enormous amount of data are additional arguments to make it necessary to rethink cybersecurity approaches in terms of reducing the attack surface, to make the attack surface dynamic, to automate the detection, risk assessment, and mitigation, and to investigate the prediction and prevention of attacks with the utilization of emerging technologies like blockchain, artificial intelligence and machine learning.This book contains eleven chapters dealing with different Cybersecurity Issues in Emerging Technologies. The issues that are discussed and analyzed include smart connected cars, unmanned ships, 5G/6G connectivity, blockchain, agile incident response, hardware assisted security, ransomware attacks, hybrid threats and cyber skills gap. Both theoretical analysis and experimental evaluation of state-of-the-art techniques are presented and discussed. Prospective readers can be benefitted in understanding the future implications of novel technologies and proposed security solutions and techniques.  Graduate and postgraduate students, research scholars, academics, cybersecurity professionals, and business leaders will find this book useful, which is planned to enlighten both beginners and experienced readers.