Zero-Touch Security Management for mMTC Network Slices: DDoS Attack Detection and Mitigation

Massive machine-type communications (mMTCs) network slices in 5G aim to connect a massive number of MTC devices, opening the door for a widened attack surface. Network slices are well isolated, resulting in a low impact on other running slices when attackers control IoT devices belonging to an mMTC network slice (i.e., in-slice attack). However, the impact of the in-slice attacks on the shared infrastructure components with other slices, such as the 5G core network (CN), can be harmful, considering the massive number that can be part of mMTC slice. In this article, we propose a zero-touch security management solution that uses machine learning (ML) to detect and mitigate in-slice attacks on 5G CN components, focusing on Distributed Denial-of-Service (DDoS) attacks. To this aim, we propose: 1) a novel closed-control loop that assists the 5G CN in detecting and mitigating attacks; 2) an ML algorithm that predicts the upper bound of expected MTC devices Attach Requests during a time interval (or an event); 3) a detection algorithm that analyzes an event and uses the ML output to compute a probability that a specific device has participated to an attack; 4) a mitigation algorithm that disconnects and blocks MTC devices suspected to be part of an attack; and (5) a proof-of-concept implementation on top of a 5G facility.