A Distributed Trustable Framework for AI-Aided Anomaly Detection ^†

Abstract

The evolution towards sixth-generation (6G) networks requires new architecture enhancements to support the broad device ecosystem, comprising users, machines, autonomous vehicles, and Internet-of-things devices. Moreover, high heterogeneity in the desired quality-of-service (QoS) is expected, as 6G networks will offer extremely low-latency and high-throughput services and error-free communication. This complex environment raises significant challenges in resource management while adhering to security and privacy constraints due to the plethora of data generation endpoints. Considering the advances in AI/ML-aided integration in wireless networks and recent efforts on the network data analytics function (NWDAF) by the 3rd generation partnership project (3GPP), this work presents an AI/ML-aided distributed trustable engine (DTE), collecting data from diverse sources of the 6G infrastructure and deploying ML methods for anomaly detection against diverse threat types. Moreover, we present the DTE architecture and its components, providing data management, AI/ML model training, and classification capabilities for anomaly detection. To promote privacy-aware networking, a federated learning (FL) framework to extend the DTE is discussed. Then, the anomaly detection capabilities of the AI/ML-aided DTE are presented in detail, together with the ML model training process, which considers various ML models. For this purpose, we use two open datasets representing attack scenarios in the core and the edge parts of the network. Experimental results, including an ensemble learning method and different supervised learning alternatives, show that the AI/ML-aided DTE can efficiently train ML models with reduced dimensionality and deploy them in diverse cybersecurity scenarios to improve anomaly detection in 6G networks.

1. Introduction

The transition towards sixth-generation (6G) networks has put computing and communications at the focus of research activities related to novel extremely low-latency/high-throughput and error-free applications and services [1,2]. In this context, the increased number of parameters and devices in 6G networks highly complicates the analysis and optimization of the security and quality-of-service (QoS) trade-off. However, studying these types of relationships is critical to prevent potential points of failure and to enhance the use of network resources, increasing network performance and resilience against diverse attack types and service requirements. Sixth-generation networks are envisioned to radically change current network management strategies, relying on increased disaggregation and software-based architecture paradigms [3]. In this sense, the forthcoming 3GPP Release 20 is expected to bridge advanced fifth-generation (5G) capabilities and lay the foundation for 6G by covering topics such as sustainability, artificial intelligence (AI), and security [4]. A key technology that will be integrated into 6G networks is AI/machine learning (AI/ML)-aided optimization. AI/ML-based techniques will handle resource management, aiming to optimize the use of radio resources and guarantee sustainable network operation [5]. At the same time, AI/ML is expected to play a prominent role in network security, including cyberattack detection and prevention, network traffic pattern analysis, protection of sensitive information, identification of suspicious activities, and automated response and recovery to security incidents [6].

Thus, to ensure that the 6G vision will materialize, new security, privacy and resiliency solutions must be developed and adapted to 6G topologies. The study in [7] focused on the analysis of different potential threats due to the usage of open-source tools and frameworks for 6G network deployment, including adversarial ML, fine-grained privacy attacks, and threats due to virtualization and containerization, and the impact of quantum computing on cryptographic algorithms. At the same time, mitigation strategies were proposed, including a zero-trust architecture (ZTA) and an automated management system for open-source security. In the ZTA case, it is assumed that an attacker might exist within the network, and so, various network entities must mutually and securely authenticate with other similar entities, using, for example, a public key infrastructure (PKI). In the case of the automated management system, all open-source information is recorded to avoid tampering attempts. Furthermore, the disaggregated, virtualized, and multi-vendor 6G infrastructures that will be developed pose significant hurdles when designing security and resilience solutions for heterogeneous, complex, and highly flexible infrastructures. Moreover, managing network and computing resources in such complex environments involves data gathering from diverse endpoints, which must be promptly processed [8]. So, significant challenges emerge for data collection and classification, as well as network optimization, to support services with increased bandwidth and latency requirements. Unfortunately, conventional optimization techniques may result in non-convex problems, prohibiting the extraction of optimal solutions in terms of computation complexity and latency. Some methods in the literature address this issue by dividing the original non-convex problem into a series of convex subproblems that are solved independently, but still, calculation errors can be inevitably introduced [9]. Still, even in this case, calculation errors can inevitably be introduced, leading to the repetition of calculations for each network segment.

Another important aspect of the 6G era is the ever-increasing integration of AI/ML to support tasks such as resource management and attack detection and mitigation. Here, AI/ML-based networks can facilitate: (i) resource allocation and network reconfiguration [10], (ii) system response and resilience and anomaly detection [6], and (iii) vulnerability prediction, leveraging digital twins [11]. Likewise, ML, being a category of AI, offers strong predictive capabilities to wireless networks and leads to autonomous network operation. In this sense, ML algorithms are categorized into the following: (i) supervised learning, being appropriate for labeled datasets, as training relies on predefined samples (i.e., input/output pairs); (ii) unsupervised learning, suitable for cases with unlabeled datasets and capable of extracting patterns and performing classification, based on to the relative positions of the associated data points [12]; (iii) reinforcement learning (RL), where intelligent agents interact with the environment and the transition to a new state is based on the action that maximizes a predefined reward [13]. In the case of RL, a high number of state–action pairs might exist, and in practice, neural networks are trained to define the best possible action per state, giving rise to deep reinforcement learning (DRL) algorithms. Nonetheless, conventional centralized ML cannot always be applied in heterogeneous 6G settings, mainly due to the following: (i) excessive data communication overhead and bandwidth limitations since centralized ML is based on the centralization of massive data through transmissions from diverse sources, (ii) increased energy consumption, related to data transfers, (iii) a high number of transmission errors due to path-loss and fading, and (iv) data privacy concerns, as data may carry sensitive user information. As a result, decentralized ML paradigms have been introduced to tackle these issues and enable the smooth integration of ML in communication networks.

In recent years, the concept of federated learning (FL) has emerged as well, where ML models are trained in a decentralized and distributed fashion. To this end, each participating node in the FL process trains a local model based on the available dataset. Afterwards, the ML model parameters (e.g., weights in a neural network) are periodically sent to a master FL server for aggregation and inference in all the participating nodes. Hence, a dual goal can be achieved since, on the one hand, transmission of privacy-sensitive data does not take place, and on the other hand, faster convergence times can be achieved due to the parallel training of individual models [14,15].

1.1. Contributions

Recently, the 3rd generation partnership project (3GPP) defined the network data analytics function (NWDAF) in Release 15, which has the role of data collection and processing from different network functions (NFs) towards ML-aided network optimization [16]. NWDAF relies on network function virtualization (NFV), a key enabling technology beyond 5G networks where virtual machines replace basic network operations and hardware elements, leading to improved network deployment flexibility and hardware decoupling. Considering the advances in AI/ML-aided integration in wireless networks and the high interest of academic and industrial stakeholders, as underpinned by the NWDAF-related efforts, this work presents an AI/ML-aided distributed trustable engine (DTE), collecting data from sources across the 6G infrastructure and employing AI/ML modules for anomaly detection purposes, guaranteeing a high security and privacy level and defining appropriate mitigation measures. In addition, the DTE’s design supports the creation of high-level intents that can be mapped to relevant mitigation measures to reduce the impact of cyberattacks on the network. More specifically, our contributions are as follows:

•

We present and discuss DTE’s architecture and its building blocks, supporting data collection and management, AI/ML model training and deployment, and anomaly detection in accordance with NWDAF specifications.

•

To strengthen the privacy level across distributed 6G environments and avoid the drawbacks of centralized ML, an FL extension for DTE’s architecture is analyzed.

•

The attack classification accuracy of AI/ML-aided anomaly detection is thoroughly evaluated, providing, in detail, an ML model training framework to overcome dimensionality issues of datasets with a high number of features. For this purpose, we analyze and use two open datasets from diverse cyberattacks in the core and edge parts of the network and discuss the performance-complexity trade-off of different ML algorithms.

Experiments show that AI/ML-aided anomaly detection and the adoption of the NWDAF logic by the DTE allow the efficient training of ML models and the exploitation of their strong classification capabilities. In this manner, DTE provides highly accurate real-time inference, thus enabling network operators to safeguard their infrastructure and impose relevant mitigation measures, following the principles of intent-based networking. We believe that the proposed distributed AI/ML security solution and its FL-based extension can facilitate cooperation among mobile network stakeholders, as it can overcome potential barriers related to user and commercial data privacy. More importantly, it can enable the smooth integration of AI/ML-aided cyberattack detection and mitigation in 6G networks, accommodating the needs of heterogeneous services and network nodes with different capabilities.

1.2. Structure

The remainder of this paper is organized as follows. In Section 2, we provide a thorough overview of the state-of-the-art in AI/ML-aided anomaly detection in wireless networks. In Section 3, we present the distributed and trustable AI engine and relevant use cases where it can be employed. Performance evaluation is provided in Section 4, while conclusions and future directions are given in Section 5.

2. ML-Aided Anomaly Detection Review

In recent years, AI/ML-based wireless networks have gained traction, with significant benefits for network security. Going several steps beyond the security solutions in 5G networks, the high diversity in 6G service provisioning, coexisting users and IoT devices and physical layer techniques result in a heterogeneous environment with varying requirements and challenges. Thus, each scenario may pose specific security requirements and resource and computation capabilities, highlighting the fact that the security strategy selection and configuration must be adaptive and operate in a dynamic manner [17].

2.1. Attack Types in 6G Networks

3GPP has provided TR 33.926, discussing threats and critical assets that must be protected in the context of security assurance specifications [18]. These threats were classified into the following six categories:

• Spoofing identity involves illegal access and the use of another user’s authentication information, such as the username and password.
• Tampering with data focuses on malicious data modification, including data alteration as it flows between two computers over the Internet and unauthorized changes to persistent data residing in a database.
• Repudiation threats are related to users who deny performing an action while, at the same time, other parties are not able to prove otherwise. For example, in this case, a user can perform an illegal operation in a system that is unable to trace the prohibited operations.
• Information disclosure includes information exposure of individuals who should not have access to it. More specifically, unauthorized users might access a file that they were not granted access to, or an intruder might read data transmitted between two devices.
• Denial-of-service attacks resulting in instances where valid users are denied requested services, e.g., by rendering a Web server temporarily unavailable or unusable.
• Elevation of privilege, where an unprivileged user obtains privileged access and threatens to compromise or destroy the entire system. An illustrative example involves an attacker that has penetrated through all system defenses, becoming part of the trusted system.

In 6G infrastructures, these threat types can be proactively detected by capitalizing on data-driven AI/ML-based solutions towards minimizing the impact of threats and anomalies during the network’s operation.

2.2. AI/ML-Aided Anomaly Detection

Recently, various works have dealt with 6G security and privacy issues, proposing AI/ML-aided solutions for threat detection. ML and AI-aided security can be employed to improve time-series and statistics-based methods and train the system by generating attacks under the generative adversarial network (GAN) paradigm. GANs can facilitate threat detection and mitigation, as new datasets can be generated from already available training data for simulating additional potential attacks that may occur. Here, the authors in [19] used GANs to simulate intrusions and malware to improve detection accuracy and robustness against different attack types. Then, in [20], various deep learning (DL) architectures were used for the detection of threats and the experimental analysis showed that DL improved cybersecurity accuracy, scalability, reliability, and performance when applied in real-time. There are also works that use DL neural network models to detect traffic anomalies and raise alarms proactively to ensure seamless service availability [21]. More specifically, the authors developed automated scalability functionalities in a resource overload prediction scenario, triggering notifications on upcoming resource scaling needs that can be satisfied through service scaling and proper load balancing.

Other works investigated FL-based solutions. In [6], an analysis of the 6G threat landscape was provided, considering a space-air-ground ocean integrated network. For this setting, two FL-based model training schemes were presented, i.e., single region FL, where all network nodes correspond to a particular area, and cross-layer FL, where FL is applied across different service areas. Specific security attacks were considered and efficiently mitigated using Q-learning at the local learning level, deciding when trusted nodes should participate in the FL training process, aiming at the maximization of training rewards. Next, the paper in [22] proposed FL-based anomaly detection, where each FL node follows a double hierarchy for anomaly detection. In the first stage, the ML model is trained with a relatively smaller number of threats. Then, the second detector employs a more complex model, which identifies anomalies that were not detected by the first detector. The study in [23] developed a multi-level FL scheme among IoT devices and edge applications. Three phases were considered, i.e., clustering, training, and detection, and a set of trusted IoT nodes was chosen to be associated with the nearest edge server, sharing the training models and attack detection events. For each set, a cluster head and cluster members are defined, and the edge devices update the corresponding models that are transmitted to the corresponding cluster heads. During detection, the cluster heads and the edge server evaluate and classify the behaviors of the monitored devices as normal or malicious using the globally trained model.

Additionally, several works have studied the role of NWDAF in supporting anomaly detection and mitigation. As depicted in Figure 1, the NWDAF is a new feature of 5G networks, enabling network operators to implement their own ML-aided data analytics methodologies or integrate third-party solutions. In addition, it incorporates standard interfaces for data collection from other core functions. The work in [24] presents the state-of-the-art on the role of the NWDAF for data collection, resource optimization and security enhancement in wireless networks. At the same time, key 6G technologies for data collection and threat mitigation are discussed and categorized, and a high-level FL-based architectural approach for multi-NWDAF large-scale heterogeneous environments is given in detail. On a similar note, the study in [25] discussed various challenges related to anomaly detection with NWDAF, pointing out that the communication among NWDAFs is not standardized. In this multi-NWDAF case, implementing lightweight FL-based schemes for fast, accurate, resource-efficient, and privacy-aware algorithms can improve anomaly detection across the network. Still, some issues arise as multiple training and update rounds are needed, a process that might not be feasible in resource-constrained devices. Also, FL training should be protected against tampering attempts in the training data of participating nodes that can lead to a suboptimal global model. Then, the authors in [26] integrate ML functionalities in the NWDAF for network traffic prediction and anomaly detection. According to the simulations, neural network algorithms provide better network load prediction over linear regression, while tree-based gradient boosting surpasses logistic regression (LR) in anomaly detection. Next, the paper in [27] focuses on Internet-of-things services and appropriate network slicing to satisfy their demands. To improve the resource and energy efficiency of monitoring possible failures in these topologies, the authors develop a monitor application function based on the NWDAF framework. So, they deploy multiple monitoring functions and propose an RL-based dormancy monitor mechanism to reduce the energy consumption of the monitoring process by appropriately setting functions in a dormant state. Simulations reveal that this dynamic dormancy algorithm can significantly improve energy efficiency without undermining failure detection accuracy.

Regarding privacy-aware mechanisms, some works have highlighted the positive role of the NWDAF. First, to improve security and privacy in NWDAF-based and ML-aided 6G architectures, the work in [28] deals with partial homomorphic encryption to secure ML model sharing with privacy preservation. Then, the authors in [29] present feedback-driven FL in a distributed NWDAF 5G core architecture. Thus, a feedback mechanism is employed to guide the ML models of client NWDAFs, guarantee faster convergence for the global function optima, and ensure data privacy. At the same time, influence-based weighted federated averaging is introduced to handle the edge NWDAF model parameters during global model aggregation, also using local differential privacy to mask model parameters. Finally, the work in [30] presented an NWDAF-enabled lightweight FL mechanism to support FL training under communication quality constraints. The authors consider the model size and communication quality and use the NWDAF to analyze which FL clients are not able to upload their model parameters. As a result, their mechanism exploits communication quality data to extract significant model parameters from the FL clients. Experimental results show that their solution is capable of improving model accuracy for schemes employing multi-layer perception and convolutional neural networks.

3. Distributed Trustable Engine Architecture

3.1. The Role of the DTE

The AI/ML-aided DTE can take the form of a core network function that is compliant with NWDAF specifications and supports data collection from diverse sources within the 6G infrastructure. Another aspect handled by the DTE is data management before the actual training, by employing appropriate policies for anomaly detection in the sense of tampered data and data anonymization. DTE provides a programming interface to serve ML models and predictions to other 6G core modules, supporting, in this manner, distributed trustable AI-assisted cybersecurity tools. In the context of the smart networks and services joint undertaking (SNS JU) holistic, omnipresent, resilient services (HORSE) for future 6G wireless and computing ecosystems project, the DTE communicates with two core modules: the detector and mitigation engine (DEME) and the intent-based interface (IBI) [31].

First, it receives input from the DEME, developing algorithms focusing on network parameters, protocol headers and relevant data for threat detection and mitigation. Then, DTE trains and stores ML models in order to define and impose the optimum set of security and privacy policies to safeguard the network against a wide range of attacks. When the ML model is trained, and according to the identified type of attack and the prediction accuracy level, appropriate mitigation measures and methodologies from well-established knowledge bases, such as 3GPP TR 33.92 and the MITRE ATT&CK, are exploited. In the next step, and in accordance with the intent-based networking paradigm, the DTE builds mitigation intents [3] and sends them to the IBI via REST API. IBI is then responsible for applying the proposed intents of the DTE.

3.2. Internal DTE Components

The internal parts of the DTE are shown in Figure 2 and include the NWDAF aggregator, the data processing module, the ML model training, the ML model evaluator, the ML model repository, and the intent creator. In cases where the DTE simultaneously supports different network areas, multiple NWDAF instances exist, i.e., one for each serving. For this multi-NWDAF scenario, an NWDAF can be selected to act as an aggregation point. This aggregator NWDAF collects data analytics information from other NWDAFs, monitoring different serving areas and produces the aggregated analytics. The data processing module receives direct inputs from the DEME in the form of node ID, attack type or combination of attack types per node, confidence interval, and proposed mitigation action, transforming them to a format that can be accessible by the ML training modules. The ML training represents the main DTE module where various supervised, unsupervised, and DRL models are trained for different types of attacks. Towards this end, apart from online monitoring data by the NWDAFs, various open datasets are exploited, corresponding to diverse attacks and network topologies.

3.3. Federated DTE Architecture

The use of AI/ML-aided solutions is highly attractive in non-convex problems, as well as anomaly detection and response scenarios. To support the deployment of AI/ML algorithms, data must be collected from different network endpoints for training ML models. In real-world settings, data collection and processing at a single endpoint might not be feasible, as the computation burden might be excessive, and there is always the possibility of a single point of failure. Thus, distributed and decentralized ML approaches have been extensively investigated recently [32,33]. In greater detail, FL has been proposed as a computationally efficient technique to support decentralized ML operation [14,34]. To perform training in FL, multiple client nodes are required to periodically send updated model parameters to a master server. In each training round, various participating nodes are involved, assuming that the individual datasets are uncorrelated. As a result, each client node trains a local ML model based on locally obtained data. Then, at pre-determined time intervals, training results, in the form of model parameters, are transmitted to the master node for aggregation. Subsequently, an updated model is sent to the client nodes. Through this process, exchanged data between the client nodes and the master model server do not contain sensitive information since only trained model parameters are sent. This is the reason that FL is considered a privacy-preserving method that is adopted in the context of DTE, as mobile user data is kept locally, thus minimizing possible cases of personal information leakage.

Based on the above, in Figure 3, a high-level architecture is presented for decentralized data collection and decentralized/distributed ML model training using multiple DTEs. In this case, there are multiple DTE instances per subgroup of nodes, where each one trains the corresponding models locally with the available datasets. Afterwards, the master DTE model with the NWDAF aggregator is responsible for updating the global parameters and informing the individual nodes of their updated values. In greater detail, the master FL server communicates with a transfer learning database, where all the generated ML models are stored and retrieved on demand. In the same context, local FL servers communicate with a meta-learning server, where model updates are inferred to all DTEs.

4. Performance Evaluation

Here, we present ML training and evaluation results using two open datasets for two different use cases, namely (i) core network attacks by a malicious session management function (SMF) [35] and (ii) distributed denial-of-service (DDoS) attacks by edge devices [36].

4.1. Core Network Attacks

The first use case focuses on the core network, and more specifically, on the packet forwarding control protocol (PFCP) that is used for communication between control plane and user plane functions. To train and evaluate ML models, we used the 5G core PFCP Intrusion Detection dataset that was generated in an open-source 5G testbed [35]. In this setup, an SMF instance is assumed to be networked in parallel to the original network function, acting as the attacker’s entry point to the virtualized infrastructure and targeting the N4 interface between the SMF and the user plane function (UPF). The hijacked SMF executes various cyberattacks against the UPF. In order to create this dataset, the network traffic data of each entity/device was captured through Tshark for each network function and radio element. From this dataset, we obtained 5890 samples, of which 2862 are labeled as “normal” and 3028 are labeled as “attack”, corresponding to a class ratio of 51.5–48.5%. Attacks are divided into (1) PFCP Session Modification attacks (1033 samples), (2) PFCP Session Establishment attacks (960 samples), and (3) PFCP Session Deletion DoS attacks (1035 samples).

For optimization and dimensionality reduction purposes, we initially conducted a feature importance test based on the analysis of variance (ANOVA) [37]. As a feature selection method, ANOVA identifies which of the input features are highly dependent on the response variable by testing whether the means of the features differ or not. The resulting ANOVA F-score is a statistical measure that ranks the features based on the ratio between variances. In greater detail, the ANOVA F-score is defined as follows:

$$F={\displaystyle \frac{\mathrm{Mean}\mathrm{Square}\mathrm{Between}\mathrm{Groups}\left(\mathrm{MSB}\right)}{\mathrm{Mean}\mathrm{Square}\mathrm{Within}\mathrm{Groups}\left(\mathrm{MSW}\right).}}$$

(1)

MSB is calculated as follows:

$$\mathrm{MSB}={\displaystyle \frac{\mathrm{SSB}}{d{f}_B}},$$

(2)

with

$$\mathrm{SSB}=\sum _{i=1}^k{n}_i{({\overline{X}}_i-\overline{X})}^2,$$

(3)

where $n_i$ denotes the sample size in group i, ${\overline{X}}_i$ is the mean of group i, and $\overline{X}$ is the overall mean. Moreover, $d{f}_B$ denotes the degrees of freedom between groups, calculated as $d{f}_B=k-1$, where k is the number of groups.

Then, MSW is calculated as follows:

$$\mathrm{MSW}={\displaystyle \frac{\mathrm{SSW}}{d{f}_W}},$$

(4)

with

$$\mathrm{SSW}=\sum _{i=1}^k\sum _{j=1}^{n_i}{(X_{ij}-{\overline{X}}_i)}^2,$$

(5)

where $X_{ij}$ denotes the observation in group i, and ${\overline{X}}_i$ is the mean of group i. Also, $d{f}_W$ denotes the degrees of freedom within groups, calculated as $d{f}_W=N-k$, where N is the total number of observations.

Substituting the expressions for MSB and MSW, the ANOVA F-score can be calculated as follows:

$$F={\displaystyle \frac{\frac{\mathrm{SSB}}{k-1}}{\frac{\mathrm{SSW}}{N-k}}}.$$

(6)

The features corresponding to high F-scores are considered more significant than those with low F-scores. Among the dataset features, 6 (out of 10) features with the highest ANOVA F-score were selected. Also, note that the rest of the features showed decreased importance relative to the first six F-scores. Figure 4 shows ANOVA F-score results for the 10 features, which are also listed and defined below, in ascending F-score order:

• Feature 1: Number of PFCP session modification request messages.
• Feature 2: Number of PFCP session modification response messages.
• Feature 3: Number of PFCP session establishment response messages.
• Feature 4: Number of PFCP session establishment request messages.
• Feature 5: Number of PFCP heartbeat request messages.
• Feature 6: Number of PFCP heartbeat response messages.
• Feature 7: Number of forwarding packets.
• Feature 8: Number of backward packets.
• Feature 9: Number of PFCP session deletion response messages.
• Feature 10: Duration of an active flow.

Considering these six characteristics, we conducted Z-score normalization, which uses the mean and standard deviation of the dataset so that the data have zero mean and unit variance (i.e., the mean is subtracted by each value, and the result is divided by the standard deviation). We then applied ten-fold cross-validation, considering these six features as input for four different ML algorithms. For comparison purposes, we considered the following models: (1) SVM with linear kernel, (2) Random Forest (RF) with 100 individual trees, (3) Naive Bayes, and (4) LR. In each of the 10 folds, the complete dataset is divided into a 90% training set and a 10% testing set. The vast majority of the samples (i.e., the training set) are used to build the model, whereas the testing set samples are used to assess the model performance on unseen data. Thus, for each fold, we obtained different model accuracy scores (percentage of correctly classified samples). The final accuracy score of each ML algorithm was calculated as the average across the ten-fold-specific accuracy scores, as depicted in Figure 5. Evidently, the RF algorithm, being an ensemble technique, outperforms the other three ML algorithms by combining multiple models and showing an attack detection ratio of about 98.5%. Notably, the RF model includes a collection of individual tree models that are used to make anomaly predictions, which can generally increase the overall model accuracy. On the contrary, the other ML schemes are single-model, showing less than 82% attack detection accuracy. To further improve the RF performance in attack classification, we also tested the accuracy using a higher number of trees without significant performance gains.

4.2. DDoS Edge Attacks

In this scenario, we focus on the edge part of the network, using the comprehensive network intrusion detection dataset (NIDD) [36]. 5G-NIDD presents a combination of attack traffic and normal traffic under DDoS and port scan/reconnaissance attacks. The attacker edge nodes target a 5G multi-access edge (MEC) server. Under DDoS attacks, the dataset contains ICMP Flood, UDP Flood, SYN Flood, HTTP Flood, and Slow-rate DDoS. Under port scans, the dataset contains SYN Scan, TCP Connect Scan, and UDP Scan. In total, we have 1,215,890 samples, of which 477,737 are labeled as “normal traffic” and 738,153 are labeled as “attack”, resulting in a ratio of 60.7–39.3%. Here, attacks are divided into eight different types:

• ICMP Flood (1115 samples).
• HTTP Flood (140,812 samples).
• Slow Rate DDoS (73,124 samples).
• SYN Flood (9721 samples).
• SYN Scan (20,043 samples).
• TCP Connect Scan (20,052 samples).
• UDP Flood (457,340 samples).
• UDP Scan (15,906 samples).

Initially, dimensionality reduction was achieved through a feature selection process, as presented in Section 4.1. By quantifying the importance of each feature with the F-scores, 10 (out of 30) features with the highest ANOVA F-score were selected, as shown in Figure 6. To further address dimensionality issues, we conducted experiments with the 5, 10, 15, 20, and 25 highest-scoring features, with the experiments using 10 features exhibiting the best accuracy/training time trade-off. The 10 selected features are listed and defined below, in ascending F-score order:

• Proto_tcp: TCP protocol is used.
• Proto_udp: UDP protocol is used.
• dHops: Estimation of the number of IP hops from the destination to this point.
• Ackdat: TCP connection setup time, the time between the SYN_ACK and the ACK packets.
• sHops: Estimation of the number of IP hops from the source to this point.
• dttl: Destination-to-source time to live (TTL) value.
• Seq: argus sequence number.
• State_RST: Indication of the principle state for the transaction report, being protocol dependent. For TCP connections, this is “RST”, i.e., a connection is reset.
• Tcprtt: TCP connection set up round-trip time, the sum of “synack” and “ackdat”.
• State_REQ: For TCP connections, this is denoted as “REQ”, indicating that a connection is being requested.

Again, for these 10 features, we performed Z-score normalization, using the mean and standard dataset deviation, so that data have zero mean and unit variance. Next, we conducted a 10-fold cross-validation with these 10 features as input for three ML algorithms, i.e. RF, naive Bayes, and K-nearest neighbors (K-NN). Before conducting the tests, we tuned the hyperparameters following the grid search approach to select the optimal learning parameters for each model. Regarding the number of individual trees in the RF algorithm, we considered four different cases, i.e., 20, 50, 70, and 100 trees, and the mean accuracy (across the ten folds) was computed as 0.9911, 0.9915, 0.9917, and 0.9919, respectively. Similarly, for the K-NN model, we considered four different cases for the number of neighbors (K), i.e., 3, 5, 7, and 9, and the mean accuracy was calculated as 0.9875, 0.9882, 0.9866, and 0.9869, respectively. Subsequently, to fairly compare all the ML baselines, we set both the K-NN and the RF with their optimal parameters, i.e., K-NN with five neighbors and RF with 100 individual trees. Figure 7 illustrates the classification accuracy results for RF, K-NN and Naive Bayes algorithms. It can be observed that the RF algorithm and K-NN achieve significantly higher accuracy than Naive Bayes. Notably, RF marginally outperforms K-NN since it achieves an accuracy of 0.9919 versus 0.9882. However, K-NN provides the best accuracy–complexity trade-off, as RF exhibited a much higher training and evaluation time over K-NN for the adopted hyper-parameters.

5. Conclusions and Future Directions

In this paper, we presented a distributed AI/ML framework for attack detection in 6G networks. Here, AI/ML model training, deployment and inference are handled by a distributed trustable engine (DTE), being a core component of the SNS HORSE project. The DTE architecture adopts 3GPP NWDAF specifications related to data collection from diverse sources within the wireless network infrastructure. In this context, we discussed the building blocks of the DTE, supporting ML model training and deployment, as well as the DTE’s adherence to intent-based networking principles. Furthermore, to safeguard our cybersecurity solution against the inherent drawbacks of centralized ML, we presented a federated learning (FL)-based architecture extension to accommodate the needs of advanced scenarios and stimulate synergies among stakeholders in the communication networks domain. Finally, we evaluated the DTE’s performance by focusing on two attack scenarios affecting the core and the edge part of the network. For these two cases, we provided the dimensionality reduction process and ML model training and compared different algorithms in terms of attack classification accuracy.

Ongoing research focuses on extending and evaluating the DTE towards FL-based deployments and the investigation of different attack types from datasets generated within the HORSE project. It should be noted that experimental evaluation in this work focused on single network deployments where only one DTE instance is present, while multi-operator or single-operator multi-cell settings will be explored in a future paper. In addition, possible attack scenarios that will be studied include the detection of physical-layer attacks related to data leakage or untrusted nodes and the operation of edge AI/ML in settings with resource-constraint devices and intermittent connectivity, such as maritime communication networks [38]. In such complex settings, the deployment of specialized deep learning models for anomaly detection [39], graph neural networks to improve node representations by exploiting the aggregating node neighborhood information [40], and diffusion-based imputation methods, mitigating model bias problems under cases of anomaly concentration [41] can be adopted.