Author(s)

YaDi Fu

Affiliation(s)

School of Cyber Security, Beijing University of Posts and Telecommunications, Beijing 100876, China.

Corresponding Author

YaDi Fu

ABSTRACT

With the proliferation of 5G networks, increasing attention has been directed toward associated security risks. The N4 interface, serving as the interface between the user plane and control plane in 5G architecture, encompasses functionalities including session management and policy enforcement, and is susceptible to risks such as session hijacking. PFCP, as the application layer protocol of the N4 interface, can be effectively monitored through anomaly detection to identify abnormal behaviors within the N4 interface. Consequently, this paper proposes an autoencoder algorithm model implemented with Transformer neural networks. During the training process, the model learns the sequential characteristics of normal PFCP bidirectional flows. In the detection phase, data is processed through the encoder and decoder, and the model computes the Euclidean distance between the reconstructed data and the original data to derive an anomaly score. Additionally, this paper employs publicly available datasets to experimentally validate the efficacy of the algorithmic model in detecting PFCP traffic anomalies.

KEYWORDS

5G security; Signaling detection; N4 interface; PFCP

CITE THIS PAPER

YaDi Fu. 5G abnormal signaling detection based on auto-encoder. AI and Data Science Journal. 2025, 2(1): 18-22. DOI: https://doi.org/10.61784/adsj3009.

REFERENCES

[1] Kim, H. 5g core network security issues and attack classification from network protocol perspective. Internet Serv. Inf. Secur., 2020, 10(2): 1-15.

[2] Eric Ruzomberka, David J, Love, Christopher G, Brinton, et al. Challenges and Opportunities for Beyond-5G Wireless Security. IEEE Secur. Priv., 2023, 21(5): 55-66. 

[3] Xinxin Hu, Caixia Liu, Shuxin Liu, et al. Signalling Security Analysis: Is HTTP/2 Secure in 5G Core Network?. 10th International Conference on Wireless Communications and Signal Processing, IEEE, 2018: 1-6.

[4] George Amponis, Panagiotis, Radoglou-Grammatikis, Thomas Lagkas, et al. Threatening the 5G core via PFCP DoS attacks: the case of blocking UAV communications. EURASIP J. Wirel. Commun. Netw., 2022, 2022(1): 124-150.

[5] Radivilova T, Kirichenko L, Lemeshko O, et al. Analysis of Anomaly Detection and Identification Methods in 5G Traffic. 2021 11th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), IEEE, 2021: 1108-1113.

[6] Maimo, L F, Gomez, Gómez, ángel Luis Perales, Clemente, Félix J, García, et, al. A self-adaptive deep learning-based system for anomaly detection in 5g networks. IEEE Access, 2018, 6, 7700-7712. DOI: 10.1109/ACCESS.2018.2803446.

[7] Harsh Sanjay Pacherkar, Guanhua Yan. PROV5GC: Hardening 5G Core Network Security with Attack Detection and Attribution Based on Provenance Graphs. Proceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks, ACM, 2024, 254-264.

[8] Robert Pell, Mohammad Shojafar, Sotiris Moschoyiannis. LSTM-Based Anomaly Detection of PFCP Signaling Attacks in 5G Networks. IEEE Consumer Electron. Mag., 2025, 14(1): 56-64.

[9] Ashish Vaswani, Noam Shazeer, Niki Parmar, et al. Attention is all you nee. arXiv preprint arxXiv: 1706.03762, 2017.

[10] Yingfei Xu, Yong Tang, Qiang Yang. Deep Learning for IoT Intrusion Detection based on LSTMs-AE[C]. AIAM2020: 2nd International Conference on Artificial Intelligence and Advanced Manufacture, ACM, 2020, 64-68.

[11] Gousiya Begum, S, Zahoor Ul Huq, A P, Siva Kumar. Fuzzy K-Means with M-KMP: a security framework in pyspark environment for intrusion detection. Multim. Tools Appl., 2024, 80(30): 73841-73863.