Real-Time Application of Deep Learning to Intrusion Detection in 5G-Multi-Access Edge Computing
Abstract
In this thesis, we explore networks for 5G mobile telecommunication, with a real-time
detection of malicious traffic using Deep Learning (DL) and 5G mobile telecommunication
testbeds. To investigate the performance of the core network, Software Defined Networking
(SDN) and Programming Protocol-independent Packet Processors (P4) were selected due to
the potential for programming at the both control and data forwarding layer. SDN and P4 have
predominately been researched on an individual basis with limited research combining the
two to evaluate improvements to the performance of SDN. We have conducted experiments
to explore the hypothesis that combining programmability at both the control plane and
data plane provides a platform with better performance in comparison to that achieved with
SDN+OvS multi-path, grid and transit-stub network models.
A real-time 5G mobile telecommunication testbed has been constructed combining
both software and hardware components. A P4 switch was integrated into the 5G testbed
motivated by the performance gains observed in our initial experiments with P4 and OvS
switch. Service providers use Multi-access Edge Computing (MEC) technology to provide
services on-the-go with low latency, high availability, and high bandwidth, however, MEC
nodes are subject to low processing power, which leaves them susceptible to adversaries
that may target the platform for malevolent purposes. As a result, we built a 5G testbed that
included an MEC node to generate datasets representing both malicious and non-malicious
traffic for use in evaluating algorithms intended to detect malicious network traffic.
A new Intrusion Detection System (IDS) has been developed using a 3-layer
Convolutional Neural Network (CNN), capable of identifying malicious network traffic.
The IDS employs a new injective algorithm capable of encoding network traffic without
loss of information as improved RGB images. A separate algorithm capable of decoding
RGB images back to network traffic was also developed. The IDS was evaluated in terms
of its computational complexity in for example: time, memory and CPU utilisation for the
encoding and decoding algorithms, and its accuracy and loss during training and detection.
We also applied a Convolutional Neural Network to the dataset created on our testbed and
for comparative purposes, to the publicly available datasets UNSW NB-15 and InSDN. The
5G-MEC datasets and detection rate suggest that the employment of current public datasets
for research into 5G-MEC security are now inappropriate.
Lastly, we proposed, developed, deployed and evaluated a Real-Time Deep Learning
Network Intrusion Detection System (RTDL-NIDS) in an MEC node located in the newly
developed 5G-MEC mobile telecommunication testbed in real-time. The deployed Network
Intrusion Detection System, conducts a soft real-time detection. The time spent on each
detection cycle can be defined as a parameter in the RTDL-NIDS. Hence, this system can be
categorised as a soft real-time system. The RTDL-NIDS conducts an initial detection based
on known signatures, followed by the encoding of network traffic to images, detection of
malicious traffic using our CNN algorithm, and finally decoding of the images to identify
the sources of malicious users. We implemented the RTDL-NIDS to function in real-time to
collect conclusive results over the application of DL to the intrusion detection problem in
5G-MEC.
Publication date
2024-01-29Published version
https://doi.org/10.18745/th.27473https://doi.org/10.18745/th.27473
Funding
Default funderDefault project
Other links
http://hdl.handle.net/2299/27473Metadata
Show full item recordThe following license files are associated with this item: