Machine learning-based co-resident attack detection for 5G clouded environments

作     者：Jin, Meiyan Tang, Hongbo Qiu, Hang Yang, Jie 

作者机构：Zhengzhou Univ Sch Cyberspace Secur Zhengzhou 450002 Henan Peoples R China Informat Engn Univ Inst Informat Technol Zhengzhou 450002 Henan Peoples R China 

出 版 物：《COMPUTER NETWORKS》 (Comput. Networks)

年 卷 期：2025年第258卷

核心收录：

学科分类：0810[工学-信息与通信工程] 0808[工学-电气工程] 08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：National Key Research and Development Program of China [2022YFB2902204] Province Key Research and Development Special Project 

主　　题：Co-resident attacks Behavioral analysis K-means clustering Random forests Attack detection 

摘      要：The cloudification of fifth-generation (5G) networks enhances flexibility and scalability while simultaneously introducing new security challenges, especially co-resident threats. This type of attack exploits the virtualization environment, allowing attackers to deploy malicious Virtual Machines (VMs) on the same physical host as critical 5G network element VMs, thereby initiating an attack. Existing techniques for improving isolation and access control are costly, while methods that detect abnormal VM behavior have gained research attention. However, most existing methods rely on static features of VMs and fail to effectively capture the hidden behaviors of attackers, leading to low classification and detection accuracy, as well as a higher likelihood of misclassification. In this paper, we propose a co-resident attack detection method based on behavioral feature vectors and machine learning. The method constructs behavioral feature vectors by integrating attackers stealthy behavior patterns and applies K-means clustering for user classification and labeling, followed by manual verification and adjustment. A Random Forest (RF) algorithm optimized with Bayesian techniques is then employed for attack detection. Experimental results on the Microsoft Azure dataset demonstrate that this method outperforms static feature-based approaches, achieving an accuracy of 99.48% and significantly enhancing the detection of potential attackers. Future work could consider integrating this method into a broader 5G security framework to adapt to the ever-evolving threat environment, further enhancing the security and reliability of 5G networks.