Session Management for Security Systems in 5G Standalone Network

As 5G telecom services evolve rapidly across a broad technological environment, network security in 5G landscape emerges as a critically challenging issue. One of typical network security tools is an intrusion prevention system (IPS) that monitors a network for malicious activity across the cyber-attack chain and takes action to prevent it. Vulnerabilities in 5G core networks become more varied and protocols become increasingly complex, whereby conventional Next Generation Firewall (NGFW) is not enough anymore to respond to cyber attacks. As a typical 5G vulnerability attack, PFCP-in-GTP and IPSec disable attack are highly complex to detect and cannot identify attackers without integrated session management. However, the 5G core network uses various protocols such as Non-Access Stratum (NAS), Hyper Text Transfer Protocol (HTTP), Packet Forwarding Control Protocol (PFCP), and GPRS Tunnelling Protocol (GTP), and packets of the interface used by each protocol are managed as identities that are difficult to identify. Analyzing the relationship of these interfaces in real time is an important key to integrated session management. In addition, unlike existing 4G, as 3rd Generation Partnership Project (3GPP) specs mandate encrypting 5G Standalone (SA) user IDs, it is much more difficult to identify from which user traffic has occurred in IPSs exclusive for cellular network. With regard to the above subject, this paper introduces an efficient session management scheme for users not affordable in conventional NFGW but necessarily useful for security systems in 5G SA. Furthermore, this study compared performances between conventional NGFWs and a 5G IPS system with the scheme employed, to ascertain that the scheme is feasibly implementable in 5G SA network. The actual test results show a detection rate of 99.7% and reasonable resource overhead (Memory usage 37.8%, CPU usage 42–44%).