5GProvGen

The softwarization and virtualization of the fifth-generation (5G) cellular networks bring about increased flexibility and faster deployment of new services. However, these advancements also introduce new vulnerabilities and unprecedented attack surfaces. The cloud-native nature of 5G networks mandates detecting and protecting against threats and intrusions in the cloud systems. Additionally, the evolving cyber-threat landscape and the growing reliance on cellular networks for mission-critical tasks reinforce the need for robust security systems, which should be capable of detecting stealthy and zero-day attacks. 

Recent developments in Provenance-based Intrusion Detection Systems (PIDS) address these requirements. These host-based systems aim to analyze provenance graphs derived from system calls to uncover any deviation from the expected benign behaviour of the host. Provenance graphs are structured as holistic representations of the dependencies and causal relationships between digital objects, and hence they fit well in the Service-based Architecture (SBA) of 5G networks. However, deploying PIDS requires substantial datasets of provenance graphs collected from the relevant hosts. In this work, we propose a framework to generate provenance graphs datasets for a 5G core network. We provide an example dataset and evaluate the state-of-the-art PIDS in protecting a 5G network core from various threats.