SENTINEL: Self Protecting 5G Core Control Plane from DDoS Attacks for High Availability Service

Current advancements in the 5G network slicing admit a huge number of users avail a variety of services from the 5G Core network (5GC). While this is impressive, it opens the doors to security threats that could harm the smooth functioning of the 5GC as well as the legitimate users availing its services. This paper presents SENTINEL - a novel self protecting 5GC in the control plane by leveraging the Self Organizing Network (SON) paradigm. SENTINEL is fabricated as an autonomous framework, which protects itself in the control plane operations of 5GC from Distributed Denial of Service (DDoS) attack attempts by malicious users. Precisely, we build it as an Artificial Intelligence-based Hierarchical Temporal Memory (HTM) framework along with eXpress Data Path (XDP) and extended Berkeley Packet Filter (eBPF) based slice aggregator to aid in protecting the slice when the malicious users attempt a DDoS attack. While the attack is aimed at the 5GC control plane, the SENTINEL isolates the suspected malicious users with a sensitivity of '85.59%' from the 5GC. Thereby, it keeps the High Availability (HA) service for legitimate users intact, without incurring additional resources.