Generating full-stack 5G security datasets: IP-layer and core network persistent PDU session attacks

Abstract

With the increasing number of users accessing the Internet over 5G systems, security concerns have become a major challenge that needs to be addressed. This paper proposes a solution to this challenge by proposing a system to train defenders to handle cyber attacks and develop intrusion detection systems that can timely notify of security events, also within the 5G core itself. This paper builds on our previous contributions on a containerized 5G testbed and proposes a novel set of full-stack attacks targeting networked hosts and 5G Network Functions (NFs) alike. Importantly, we identify the potential to generate persistent Packet Forwarding and Control Protocol (PFCP) Denial of Service (DoS) attacks to deprive end users of connectivity to the data network, even in the event of a handover to another gNodeB. This framework is envisaged to facilitate the generation of highly diverse and realistic datasets, containing malicious GPRS Tunneling Protocol (GTP) and PFCP traffic captured over 5G interfaces, thereby enhancing the security of next-generation networks.