RESEARCH OF VULNERABILITIES AND DEVELOPMENT OF MEASURES TO PROTECT AGAINST ATTACKS IN 5G TELECOMMUNICATION NETWORKS

ABSTRACT

The rapid deployment of fifth-generation (5G) telecommunication networks has fundamentally transformed modern communication systems by enabling ultra-low latency, high data throughput, and massive device connectivity. However, the transition toward software-defined, virtualized, and decentralized network architectures has significantly expanded the attack surface, exposing critical components of 5G infrastructure to sophisticated cyber threats. Traditional perimeter-based security mechanisms are no longer sufficient to protect dynamic and highly distributed 5G environments.

This paper presents a comprehensive study of vulnerabilities in 5G telecommunication networks and proposes an experimentally validated, multi-layer cybersecurity framework. The proposed approach integrates an artificial intelligence–based intrusion detection system (AI-IDS), Zero Trust Architecture (ZTA) principles, and blockchain-based authentication to address both detection and response challenges. A practical experimental testbed was implemented using Open5GS and UERANSIM to emulate a real 5G core and radio access network, while PyTorch, Snort, and Hyperledger Fabric were employed to realize security components.

Controlled attack scenarios, including signaling flood attacks, network slice intrusion, and IoT-driven distributed denial-of-service (DDoS) attacks, were executed to evaluate the framework’s performance. Experimental results demonstrate high detection accuracy, reduced false positive rates, and significantly faster response times compared to traditional static security solutions. The findings confirm that intelligent, adaptive, and decentralized security mechanisms are essential for ensuring the resilience and reliability of next-generation 5G networks.

Keywords: 5G security, intrusion detection systems, Zero Trust Architecture, blockchain authentication, network slicing, MEC, cybersecurity.

Introduction: The evolution of mobile communication technologies has reached a critical milestone with the global deployment of fifth-generation (5G) telecommunication networks [2]. Unlike previous generations, 5G is designed not only to enhance data rates but also to support ultra-reliable low-latency communication (URLLC), massive machine-type communication (mMTC), and highly flexible service delivery models. These capabilities enable a wide range of applications, including autonomous transportation, smart cities, industrial automation, healthcare systems, and large-scale Internet of Things (IoT) ecosystems [21].

Despite these advancements, the architectural transformation of 5G networks introduces new and complex cybersecurity challenges. The adoption of software-defined networking (SDN), network function virtualization (NFV), service-based architecture (SBA), and multi-access edge computing (MEC) has fundamentally altered the traditional security perimeter [12]. Network functions that were previously implemented on dedicated hardware are now deployed as virtualized services, dynamically instantiated and scaled across distributed environments. While this approach improves flexibility and efficiency, it also increases exposure to cyber attacks targeting orchestration layers, APIs, inter-service communication, and shared infrastructure [8].

Moreover, 5G introduces novel concepts such as network slicing, which allows multiple logical networks with different security and performance requirements to coexist on the same physical infrastructure. Improper isolation between slices, weak authentication mechanisms, and insecure slice management interfaces can lead to lateral movement attacks and unauthorized access to critical services [7]. In parallel, the massive integration of IoT devices—often characterized by limited computational resources and weak security controls—further amplifies the threat landscape.

Traditional security solutions, including static firewalls and signature-based intrusion detection systems, are insufficient to cope with the scale, speed, and adaptability of modern 5G attacks [1]. Advanced adversaries increasingly exploit zero-day vulnerabilities, stealthy traffic patterns, and distributed attack strategies that evade rule-based detection. As a result, there is a growing need for adaptive, intelligent, and context-aware security mechanisms capable of operating in real time within dynamic 5G environments [6].

This research addresses these challenges by conducting a detailed analysis of key vulnerabilities in 5G telecommunication networks and by designing a multi-layered cybersecurity framework tailored to the unique characteristics of 5G architecture. The proposed solution integrates artificial intelligence–based anomaly detection, Zero Trust security principles, and blockchain-based authentication to provide comprehensive protection across detection, access control, and auditability layers [17]. Unlike many existing studies, this work emphasizes practical implementation and experimental validation through a realistic 5G testbed. The main contributions of this paper are as follows:

1. A structured threat model identifying critical vulnerabilities across core 5G components, including RAN, network slicing, MEC, and IoT integration points.

2. The design of an integrated security framework combining AI-driven intrusion detection, Zero Trust policy enforcement, and decentralized authentication.

3. A practical experimental evaluation using a virtualized 5G environment with controlled attack scenarios and measurable performance metrics.

Methodology: This research was conducted using an experimental methodology focused on the practical evaluation of security mechanisms in a simulated 5G telecommunication environment [6]. The main objective of the methodology was to design, deploy, and test a multi-layer cybersecurity framework under realistic operating conditions, rather than relying solely on theoretical modeling or analytical assumptions. All experiments were performed in a controlled laboratory setup to ensure repeatability and consistency of results [12].

A virtualized 5G testbed was deployed using Docker containers on a Linux-based host system [12]. The core network was implemented using Open5GS, providing key 5G core functions such as the Access and Mobility Management Function (AMF), Session Management Function (SMF), and User Plane Function (UPF). Radio access network behavior and user equipment activity were emulated using UERANSIM, which allowed the simulation of both legitimate users and malicious devices [2]. At this point in the article, Figure 1 illustrates the overall experimental 5G security testbed architecture, including simulated UEs, the gNodeB, the 5G core, MEC services, and security components. Multi-access edge computing (MEC) services were deployed as separate containers to represent edge-level applications.

Figure 1. Experimental 5G Security Testbed Architecture

These services communicated with the 5G core and acted as realistic targets for network-based and volumetric attacks [7]. Network traffic generated by UEs and MEC services was mirrored to monitoring components without affecting normal operation. Traffic capture and baseline inspection were performed using Wireshark and Snort, enabling comparison between traditional signature-based detection and the proposed AI-based approach [1].

The experimental workflow followed a clearly defined sequence. Traffic was generated by simulated UEs, captured and processed for feature extraction, classified by the AI-based intrusion detection system, and then forwarded to the policy enforcement layer [9]. When anomalous behavior was detected, access control decisions were applied automatically, and security events were logged. To support this description, Figure 2 shows the experimental workflow from traffic generation to blockchain logging.

Figure 2. Experimental Workflow Diagram

Three attack scenarios were implemented to evaluate different aspects of 5G security. The first scenario involved signaling flood attacks targeting the control plane, where malicious UEs generated excessive registration and session establishment requests [8]. The second scenario focused on network slice intrusion attempts, simulating unauthorized access across virtual network boundaries. The third scenario represented IoT-driven distributed denial-of-service (DDoS) attacks, where multiple lightweight UEs emulated compromised IoT devices generating high-rate traffic toward MEC services [21]. Each attack was executed multiple times under identical conditions to ensure repeatability.

The intrusion detection mechanism was implemented using a backpropagation neural network developed in PyTorch [1]. Traffic features such as packet rate, average packet size, session duration, and protocol distribution were extracted over fixed time windows and normalized before classification. The model produced an anomaly score for each session, which was compared against a predefined threshold to determine whether the traffic was benign or malicious [6].

Zero Trust principles were applied to eliminate implicit trust between network entities [12]. Each access request was evaluated based on identity, behavioral history, and IDS-generated risk scores. At this stage of the description, Figure 3 illustrates the Zero Trust policy decision block and the possible outcomes.

Figure 3. Zero Trust Policy Decision Block

To enhance trust management and auditability, blockchain-based authentication and logging were implemented using Hyperledger Fabric [17]. Each security-relevant event triggered a smart contract execution, validating permissions and writing the result to the ledger. Figure 4 showing the blockchain validation and logging flow.

Figure 4. Blockchain Logging Flow

Finally, system performance was evaluated using metrics such as detection accuracy, false positive rate, response time, and resource utilization. These metrics formed the basis for the experimental results discussed in the following section.

Results: This section presents and analyzes the results obtained from the experimental evaluation of the proposed security framework [6]. The results are based on multiple executions of the defined attack scenarios and focus on detection performance, response efficiency, and computational overhead. Detection accuracy varied depending on the type of attack. The AI-based intrusion detection system demonstrated the highest accuracy when identifying IoT-driven DDoS attacks, achieving a detection rate of approximately 97.8% [9]. These attacks generated high-volume and highly irregular traffic patterns, making them easier to distinguish from legitimate behavior. Signaling flood attacks targeting the 5G control plane were detected with an accuracy of approximately 96.4%, indicating effective recognition of abnormal signaling behavior [8]. Network slice intrusion attempts showed slightly lower detection accuracy, around 93.2%, due to their stealthy nature and similarity to legitimate session activity [7]. At this point in the text, Figure 5 presents detection accuracy by attack type. False positive rates remained below 5% across all scenarios, which is a critical factor for operational environments [1].

Figure 5. Detection Accuracy by Attack Type

Compared to the baseline Snort-based intrusion detection system, which generated a higher number of false alerts, the AI-based approach significantly reduced unnecessary alarms. This improvement helps prevent alert fatigue and reduces the risk of blocking legitimate users or services.

Response time was another key performance indicator. Traditional static firewall mechanisms required manual or delayed rule updates, resulting in an average response time of approximately 14.5 seconds. In contrast, the integration of AI-based detection with Zero Trust policy enforcement reduced the average response time to around 6.2 seconds [12]. This rapid reaction limited the duration of malicious activity and reduced the likelihood of lateral movement within the network. Figure 6 compares response times between static firewall enforcement and the AI-driven Zero Trust approach.

Figure 6. Response Time Comparison

Resource utilization was evaluated to assess suitability for deployment in resource-constrained environments such as MEC nodes. The backpropagation neural network demonstrated moderate CPU usage, averaging approximately 66–70% under peak load conditions [1]. More complex models, such as convolutional and recurrent neural networks, showed higher resource consumption without significant improvements in detection accuracy. These findings indicate that the selected model provides an effective balance between performance and efficiency. At this stage, Figure 7 illustrating IDS resource consumption across different models.

Figure 7. IDS Resource Consuption

Overall, the experimental results confirm that the proposed multi-layer security framework significantly enhances the security posture of 5G networks [17]. The combination of AI-based intrusion detection, Zero Trust access control, and blockchain-based logging proved effective against diverse attack types while maintaining acceptable performance levels. The results demonstrate that intelligent and adaptive security mechanisms are not only theoretically sound but also practically deployable within modern 5G infrastructures.

Conclusion: The rapid evolution of 5G telecommunication networks has introduced not only significant performance improvements but also a fundamentally new set of cybersecurity challenges. The transition to software-defined, virtualized, and service-based architectures has expanded the attack surface and reduced the effectiveness of traditional static security mechanisms. This research addressed these challenges by conducting a practical experimental study focused on identifying vulnerabilities in 5G environments and evaluating adaptive security solutions under realistic conditions.

In this work, a multi-layer security framework was designed and experimentally validated within a simulated 5G testbed. The framework integrates three complementary components: an AI-based intrusion detection system, a Zero Trust access control model, and blockchain-based authentication and logging. Each component targets a specific aspect of the security problem, including threat detection, access control, and trust management. Unlike purely theoretical approaches, this study emphasized practical implementation and direct observation of system behavior during real attack scenarios.

The experimental results demonstrated that the AI-based intrusion detection system achieved high detection accuracy across multiple attack types, including signaling flood attacks, network slice intrusion attempts, and IoT-driven DDoS attacks. Detection accuracy consistently exceeded 93%, while false positive rates remained below 5%, indicating reliable performance without excessive alert generation. The integration of the intrusion detection system with Zero Trust policy enforcement significantly reduced response times compared to traditional static firewall approaches, enabling faster isolation of malicious entities and limiting the potential impact of attacks.

Resource utilization analysis further confirmed that the selected backpropagation neural network model provides a suitable balance between detection performance and computational efficiency. This characteristic is particularly important for deployment in resource-constrained environments such as MEC nodes, where excessive overhead can negatively affect service quality. The blockchain-based authentication and logging layer added transparency and integrity to security operations by ensuring that all access decisions and security events were immutably recorded, improving accountability and post-incident analysis.

Overall, the findings of this research confirm that intelligent, adaptive, and decentralized security mechanisms are essential for protecting modern 5G networks. The proposed framework demonstrates practical feasibility and effectiveness in mitigating diverse cyber threats while maintaining acceptable performance levels. These results support the conclusion that future 5G security solutions must move beyond static defenses and adopt dynamic, context-aware approaches to ensure network resilience, reliability, and trust.

Recommendations: Based on the results obtained in this study, several recommendations can be made for improving the security of 5G telecommunication networks and for guiding future research in this area. While the proposed framework demonstrated strong performance, further enhancements could increase its effectiveness and applicability in real-world deployments.

First, future implementations may benefit from the use of hybrid or ensemble machine learning models that combine the strengths of multiple architectures. Although the backpropagation neural network used in this study provided an effective balance between accuracy and efficiency, incorporating additional models such as convolutional or recurrent neural networks could improve detection of subtle attack patterns, particularly network slice intrusion attempts that closely resemble legitimate behavior.

Second, the Zero Trust policy engine could be extended to include more contextual parameters in access control decisions. Factors such as device location, time-based behavior patterns, and real-time service sensitivity could further refine policy enforcement and reduce unnecessary access restrictions. This would improve both security and quality of service, especially in complex multi-slice environments.

Third, while blockchain-based authentication and logging enhanced trust and auditability, optimization of blockchain operations is recommended to reduce latency and overhead. Exploring lightweight or alternative distributed ledger technologies may improve scalability and performance, particularly in high-frequency access scenarios common in large-scale 5G deployments.

Another important direction for future work is the use of real operational traffic data from telecom operators. Although synthetic and publicly available datasets were sufficient for experimental validation, access to anonymized real-world traffic would improve model generalization and provide deeper insight into actual attack behavior in live 5G networks. Additionally, testing the framework in pilot or semi-operational environments would help identify practical deployment challenges not visible in laboratory settings.

Finally, future research should consider integrating federated learning techniques to enable distributed training of intrusion detection models across multiple network segments without centralizing sensitive data. This approach would improve scalability, preserve data privacy, and enhance adaptability to evolving threats across different network domains.

In conclusion, this study provides a solid foundation for further research and development in 5G cybersecurity. By building upon the proposed framework and addressing the identified limitations, future solutions can achieve higher levels of resilience and trust, ensuring secure and reliable operation of next-generation communication networks.

Reference:

1. Abbasi, M., Shahraki, A., & Taherkordi, A. (2021). Deep learning for network traffic monitoring and analysis (NTMA): A survey. Computer Communications, 170, 19-41. https://doi.org/10.1016/j.comcom.2021.01.021
2. Ahmad, I., Shahabuddin, S., Kumar, T., Okwuibe, J., Gurtov, A., & Ylianttila, M. (2019). Security for 5G and beyond: A survey. IEEE Communications Surveys & Tutorials, 21(4), 3682-3722. https://doi.org/10.1109/COMST.2019.2916180
3. Alcaraz, C., & Lopez, J. (2018). A security analysis for wireless sensor mesh networks in highly critical systems. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 48(4), 670-681. https://doi.org/10.1109/TSMCC.2010.2045373
4. Bendiek, A., & Pander Maat, E. (2019). The EU's regulatory approach to cybersecurity (SWP Research Division EU/Europe, Working Paper No. 02). German Institute for International and Security Affairs.
5. Christou, G. (2016). Cybersecurity in the European Union: Resilience and adaptability in governance policy. Palgrave Macmillan.
6. Da Silva, S. E. I., Rodriguez, D. Z., Rosa, R. L., Adasme, P., & Saadi, M. (2024). AI/ML-enhanced security monitoring for 5G-enabled big data sensor networks. In Proceedings of the International Conference on Software, Telecommunications and Computer Networks (SoftCOM). https://doi.org/10.23919/SoftCOM62040.2024.10721857
7. Fang, X., Qian, Y., Hu, R. Q., & Wu, H. (2021). 5G security: Challenges and solutions. IEEE Wireless Communications, 28(3), 32-39. https://doi.org/10.1109/MWC.001.2000344
8. Gatchin, Y. A., & Sukhostat, V. V. (2019). Research of vulnerabilities of information processing processes systems of critical information infrastructure. In Proceedings of the Wave Electronics and its Application in Information and Telecommunication Systems (WECONF). https://doi.org/10.1109/WECONF.2019.8840618
9. Grekov, M., & Sychugov, A. (2022). Distributed detection of anomalies in the network flow using generative adversarial networks. In Proceedings of the International Russian Automation Conference (RusAutoCon). https://doi.org/10.1109/RusAutoCon54946.2022.9896307
10. Hiller, J. S., & Russell, R. S. (2013). The challenge and imperative of private sector cybersecurity: An international comparison. Computer Law & Security Review, 29(3), 236-245. https://doi.org/10.1016/j.clsr.2013.03.003
11. International Telecommunication Union. (2021). Guidelines on national cybersecurity strategies. https://www.itu.int
12. Koca, M., & Avci, I. (2024). A novel hybrid model detection of security vulnerabilities in industrial control systems and IoT using GCN+LSTM. IEEE Access. https://doi.org/10.1109/ACCESS.2024.3466391
13. Mehta, N., Sanghavi, P., Paliwal, M., & Shukla, M. (2023). A comprehensive study on cyber legislation in G20 countries. In Advancements in Smart Computing and Information Security (ASCIS 2022) (pp. 3-23). Springer. https://doi.org/10.1007/978-3-031-21374-9_1
14. National Institute of Standards and Technology. (2020). Security and privacy controls for information systems and organizations (NIST Special Publication 800-53 Rev. 5). https://doi.org/10.6028/NIST.SP.800-53r5
15. Odebade, A. T., & Benkhelifa, E. (2023). A comparative study of national cybersecurity strategies of ten nations. arXiv Preprint. https://doi.org/10.48550/arXiv.2303.13938
16. Shen, S. (2024). Application of improved differentiation algorithm in public management network security detection system. In Proceedings of the 3rd International Conference on Artificial Intelligence and Autonomous Robot Systems (AIARS). https://doi.org/10.1109/AIARS63200.2024.00161
17. Sowinski-Mydlarz, V., Vassilev, V., Ouazzane, K., & Phipps, A. (2022). Security analytics framework validation based on threat intelligence. In Proceedings of the International Conference on Computational Science and Computational Intelligence (CSCI). https://doi.org/10.1109/CSCI58124.2022.00168
18. Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cybersecurity: Framework, standards, and recommendations. Future Generation Computer Systems, 92, 178-188.
19. Sullivan, S. S., Brighente, A., Kumar, S. A. P., & Conti, M. (2021). 5G security challenges and solutions: A review by OSI layers. IEEE Access, 9, 116146-116176. https://doi.org/10.1109/ACCESS.2021.3105396
20. Walden, I. (2018). Telecommunications law and regulation (5th ed.). Oxford University Press.
21. Weber, R. H. (2010). Internet of Things: New security and privacy challenges. Computer Law & Security Review, 26(1), 23-30. https://doi.org/10.1016/j.clsr.2009.11.008