Cyberthreat development and attack detection with Artificial Intelligence in 5G campus networks
- Sponsored by: IABG, Industrieanlagen-Betriebsgesellschaft mbH
- Project lead: Dr. Ricardo Acevedo Cabra
- Scientific lead: Dr. Victor Banos Gonzalez and Maik Holzhey
- TUM co-mentor: Dr. Alessandro Scagliotti
- Term: Summer semester 2024
- Application deadline: Sunday 21.01.2024
Apply to this project here
Motivation
It is reported that around 73% of companies in Germany thought that they have been targeted by cyber-attack groups in 2023. Most network infrastructures use monitoring systems to detect security incidents occurring in enterprise IT and Communication infrastructure. State-of-the-art technology aggregates logging data from dedicated appliances to apply a rule-based alert system. However, with 5G campus networks introducing new appliances and new protocols, the traditional detection mechanisms become blind to specific attacks disguised in usual protocol traffic, which aim for implementation-specific vulnerabilities. Especially for mobile radio protocols, the deployment of 5G Campus Networks, exposes the enterprise LAN to a new set of protocols. New sensors processing the network traffic become useful. Instead of just collecting the log information of network appliances, these sensors become part of the security framework processing the network traffic (protocol level) detecting anomalies with AI. The security incident/event management system (SIEM) needs to use AI techniques to detect attacks or unnormal behavior in the network by analyzing the protocol messages.
Objective
The main goal of this lab is to implement a proof-of-concept prototype in a lab environment, by using an AI based sensor to complete attack detection. In the process of doing so, we will train an AI model for attack detection using a reinforcement machine learning approach, furthermore we will identify a detected attack, using MITRE reference framework. Finally, we will design a basic counter risk measure by detecting attacks with a network-based sensor.
Tools
OpenAirInterface Core and RAN, Kali Linux, Metasploitabole, Python and Open AI software libraries, Wireshark.
WP Content
1.- Data preparation.
1.1 Dataset study to detect the parameters that can be used on the Reinforcement ML data training (2 weeks).
1.2 5G core and RAN set up (2 weeks).
2.- Unsupervised learning: AI for attack detection.
2.1 Feature identification of the attacks vectors to pursue 4 attacks to perform (2 weeks).
o Hydra Attack.
o VSFTPD Attack.
o Data Exfiltration Attack.
o DOS Attack.
2.2 Development of scripts and methods to train the AI model (4 weeks, 2-3 students).
2.3 Evaluation of the model (2 weeks).
3.- Advanced AI model for attack detection.
3.1 Feature identification of the attacks vectors to pursue 4 Attacks to perform (2 weeks).
o Hydra Attack.
o VSFTPD Attack.
o Data Exfiltration Attack.
o DOS Attack.
3.2 Development of scripts and methods to train the AI model (4 weeks, 2-3 students).
3.3 Evaluation of the model (2 weeks).
4.- Alert/ Attack Response.
4.1 Based on the results create an alert and identification of the attack (2 weeks).
4.2 Visualization of the alert message in SIEM (1 week).
5.- Final Report / Paper
1 week to finalize the report that has been worked on during the work packages.
Apply to this project here