Abstract

Fifth-generation (5G) and beyond networks are driven by the growing number of users and sophisticated services, as industries move toward greater automation. To ensure adequate user experience, specific Quality of Service (QoS) requirements, such as low latency and high reliability, must be defined. Consequently, network slicing has emerged as a key feature of 5G, allowing operators to provide customized logical networks, known as Network Slices (NSs), each tailored to its envisioned services. NSs adopt 5G’s cloud-native Service-Based Architecture (SBA), which relies on common virtualization technologies. Additionally, to maintain QoS guarantees in a Network Slice (NS), the Third Generation Partnership Project has described a QoS model with QoS monitoring and reporting procedures. Despite their advantages, both SBA and QoS monitoring and reporting extend 5G’s attack surface. The former permits the leakage of sensitive User Equipment (UE) data (e.g., location), and the latter can be abused by a UE falsifying trusted measurements over the user plane to generate excessive reporting on the control plane, staging a novel QoS-based Attack (QoSA). In this thesis, we focus on securing 5G network slicing against inter-slice attacks that violate the Service Level Agreements for legitimate UEs served by NSs sharing the affected resources. Thus, we first disclose a prevention technique for protecting 5G against data theft attacks. Then, we introduce our novel attack, QoSA, and evaluate its impact using our testbed. This testbed was built by extending the open-source free5GC code to support standardized 5G QoS monitoring and reporting. Our experiments demonstrated that QoSA can lead to disruptions that affect service delivery. Accordingly, we present QoSA-Officer, an Attention-based Long-Short-Term Memory Autoencoder (Attention LSTM-AE) for detection, trained on QoS-relevant features from our emulations, enabling the distinction between QoSA and native QoS interruptions.