Machine learning-based co-resident attack detection for 5G clouded environments

Abstract

The cloudification of fifth-generation (5G) networks enhances flexibility and scalability while simultaneously introducing new security challenges, especially co-resident threats. This type of attack exploits the virtualization environment, allowing attackers to deploy malicious Virtual Machines (VMs) on the same physical host as critical 5G network element VMs, thereby initiating an attack. Existing techniques for improving isolation and access control are costly, while methods that detect abnormal VM behavior have gained research attention. However, most existing methods rely on static features of VMs and fail to effectively capture the hidden behaviors of attackers, leading to low classification and detection accuracy, as well as a higher likelihood of misclassification. In this paper, we propose a co-resident attack detection method based on behavioral feature vectors and machine learning. The method constructs behavioral feature vectors by integrating attackers’ stealthy behavior patterns and applies K-means clustering for user classification and labeling, followed by manual verification and adjustment. A Random Forest (RF) algorithm optimized with Bayesian techniques is then employed for attack detection. Experimental results on the Microsoft Azure dataset demonstrate that this method outperforms static feature-based approaches, achieving an accuracy of 99.48% and significantly enhancing the detection of potential attackers. Future work could consider integrating this method into a broader 5G security framework to adapt to the ever-evolving threat environment, further enhancing the security and reliability of 5G networks.