Real-Time Application of Deep Learning to Intrusion Detection in 5G-Multi-Access Edge Computing

Abstract

In this thesis, we explore networks for 5G mobile telecommunication, with a real-time detection of malicious traffic using Deep Learning (DL) and 5G mobile telecommunication testbeds. To investigate the performance of the core network, Software Defined Networking (SDN) and Programming Protocol-independent Packet Processors (P4) were selected due to the potential for programming at the both control and data forwarding layer. SDN and P4 have predominately been researched on an individual basis with limited research combining the two to evaluate improvements to the performance of SDN. We have conducted experiments to explore the hypothesis that combining programmability at both the control plane and data plane provides a platform with better performance in comparison to that achieved with SDN+OvS multi-path, grid and transit-stub network models. A real-time 5G mobile telecommunication testbed has been constructed combining both software and hardware components. A P4 switch was integrated into the 5G testbed motivated by the performance gains observed in our initial experiments with P4 and OvS switch. Service providers use Multi-access Edge Computing (MEC) technology to provide services on-the-go with low latency, high availability, and high bandwidth, however, MEC nodes are subject to low processing power, which leaves them susceptible to adversaries that may target the platform for malevolent purposes. As a result, we built a 5G testbed that included an MEC node to generate datasets representing both malicious and non-malicious traffic for use in evaluating algorithms intended to detect malicious network traffic. A new Intrusion Detection System (IDS) has been developed using a 3-layer Convolutional Neural Network (CNN), capable of identifying malicious network traffic. The IDS employs a new injective algorithm capable of encoding network traffic without loss of information as improved RGB images. A separate algorithm capable of decoding RGB images back to network traffic was also developed. The IDS was evaluated in terms of its computational complexity in for example: time, memory and CPU utilisation for the encoding and decoding algorithms, and its accuracy and loss during training and detection. We also applied a Convolutional Neural Network to the dataset created on our testbed and for comparative purposes, to the publicly available datasets UNSW NB-15 and InSDN. The 5G-MEC datasets and detection rate suggest that the employment of current public datasets for research into 5G-MEC security are now inappropriate. Lastly, we proposed, developed, deployed and evaluated a Real-Time Deep Learning Network Intrusion Detection System (RTDL-NIDS) in an MEC node located in the newly developed 5G-MEC mobile telecommunication testbed in real-time. The deployed Network Intrusion Detection System, conducts a soft real-time detection. The time spent on each detection cycle can be defined as a parameter in the RTDL-NIDS. Hence, this system can be categorised as a soft real-time system. The RTDL-NIDS conducts an initial detection based on known signatures, followed by the encoding of network traffic to images, detection of malicious traffic using our CNN algorithm, and finally decoding of the images to identify the sources of malicious users. We implemented the RTDL-NIDS to function in real-time to collect conclusive results over the application of DL to the intrusion detection problem in 5G-MEC.