Abstract

Deploying 5G networks on top of cloud-native environments provides unique benefits including
cost-effectiveness, flexibility, and scalability. However, the increased complexity of a cloud-native
5G deployment also brings new security challenges to existing solutions for security monitoring
and security auditing. A security analyst may need to analyze events coming from various
sources, such as security monitoring (e.g., Falco) and security auditing (e.g., Kubescape) systems
deployed at both the 5G and cloud (container) levels. Understanding the relationships between
events coming from those different sources is usually challenging since those security solutions
may have very different monitoring/auditing criteria and scopes. Relying on manual analysis and
domain knowledge may also be too slow and error-prone considering the sheer scale of a cloud-native
5G deployment. In this paper, we propose 5GSecRec, a 5G security recommendation system
that leverages multi-modal learning to correlate alerts from four aspects of a cloud-native 5G deployment,
i.e., security monitoring and security auditing systems, deployed at both 5G/Kubernetes®
levels. Also, 5GSecRec further eases security analysts’ job by answering their questions expressed
in a natural language (e.g., “What is the impact of a Kubernetes alert on the 5G level?”) using
large language models (LLMs) fine-tuned with the learned knowledge about correlated alerts. We
implement 5GSecRec based on free5GC, Kubernetes, and LLMs from HuggingFace, and our experimental
results demonstrate the effectiveness of our solution (e.g., up to 89.5% of correlation
accuracy, and comparable question-answering performance to ChatGPT but without data confidentiality
and privacy concerns).