Attack Detection and Mitigation in MEC-Enabled 5G Networks for AIoT

Abstract

In recent years, AIoT (Artificial Intelligence of Things) applications have received lots of attention since it exploits widely deployed IoT devices to collect data and perform an action while leveraging AI to obtain knowledge and insights. When deploying AIoT in 5G networks, Multi-access Edge Computing (MEC) is appropriate for enabling local management of IoT devices and computation of machine learning (ML) algorithms. Facing the multitude of threats in the ML data layer, IoT service layer, and 5G communications layer, MEC should enable corresponding detection and mitigation schemes to protect AIoT applications. In this article, we examine the existing security solutions located in each layer and discuss the interrelated challenges. For example, a network-traffic-based IDS solution in MEC might capture IoT malware but fail to identify a growing file-less attack. We suggest that firmware emulation in IoT endpoint should be included to provide system-level behaviors to network-based detectors in MEC so that file-less attacks can be distinguished. The potential of a backdoor attack aiming to poison data or corrupt ML models cannot be ignored in AIoT applications, and a corresponding detector should be implemented in MEC. Due to the rise of low-cost Software-Defined Radio (SDR), malicious attacks using rogue base stations (BSs) have become more popular. It implies that security protection at MEC in the communications layer is necessary. This article, therefore, proposes a novel platform, M3Inspector, where inspectors located in mobiles and AIoT machines collect information from surrounding BSs and provide them to MEC. MEC determines the rogue BS and makes a notification to users subscribing to the local service. A realistic 5G experimental platform with rogue BSs is developed. The results demonstrate that attack detection and mitigation can be implemented in the MEC paradigm to significantly improve the security protection of AIoT from the perspectives of rogue BS attacks and file-less attacks.