TranDA: Behavior traceable anomaly detection and attribution for 5G control plane via message sequence analysis
文献类型:期刊论文
| 作者 | Dai, Lulu1,2; Sun, Qian1,2,3; Wang, Yuanyuan1,2; Fan, Xuancheng1,2; Tian, Lin1,2,3 |
| 刊名 | COMPUTER NETWORKS
 |
| 出版日期 | 2026 |
| 卷号 | 274页码:14 |
| 关键词 | 5G Control plane Anomaly detection Behavior attribution Traceability Message sequence |
| ISSN号 | 1389-1286 |
| DOI | 10.1016/j.comnet.2025.111804 |
| 英文摘要 | In mobile communication networks, the control plane (CP) is responsible for essential procedures, and its integrity is critical to reliable service. In fourth generation (4G) and earlier mobile communication networks, although attackers may have attempted to disrupt the control flow by dropping or injecting messages, such attacks were often thwarted by state consistency checks under the centralized architecture. In contrast, the fifth generation (5G) employs a distributed architecture, leading to a lack of global visibility over control flows. Coupled with inherent plaintext window, this makes attacks considerably more stealthy when exploiting protocol or hardware-level vulnerabilities. In this paper, we propose TranDA, a method that analyzes message sequences to identify anomalies and trace malicious behaviors in the 5G CP, providing precise intelligence for defensive strategies. Considering the request-response mechanism of communication protocols, we design a novel embedding method in TranDA to capture functional relationships between messages. TranDA comprises two zero-positive modules for anomaly detection and attribution, which are independently trained and designed for different task granularities. The detection module learns global patterns to identify anomalous flow segment. The attribution module learns fine-grained contextual dependencies between messages and infers the correct control logic by evaluating the plausibility of each message's dual temporal role within the flow. TranDA outputs a concise anomaly profile for anomalous flow, detailing the malicious behavior involved. Experiments demonstrate that TranDA achieves an average 0.92 F1-score for detection and 0.84 accuracy for attribution, outperforming the best baselines by 1.1 % and 11.7 %. Anomaly profiles show TranDA's attribution granularity and interpretability. |
| 资助项目 | Beijing Natural Science Foundation[L222004] ; Innovation Project of the Institute of Computing Technology, Chinese Academy of Sciences[E561020] |
| WOS研究方向 | Computer Science ; Engineering ; Telecommunications |
| 语种 | 英语 |
| WOS记录号 | WOS:001614297500003 |
| 出版者 | ELSEVIER |
| 源URL | [http://119.78.100.204/handle/2XEOYT63/43091]  |
| 专题 | 中国科学院计算技术研究所 |
| 通讯作者 | Sun, Qian |
| 作者单位 | 1.Chinese Acad Sci, Inst Comp Technol, Beijing 100089, Peoples R China 2.Univ Chinese Acad Sci, Beijing 101408, Peoples R China 3.Nanjing Inst InforSuperBahn, Nanjing 211100, Peoples R China |
| 推荐引用方式 GB/T 7714 | Dai, Lulu,Sun, Qian,Wang, Yuanyuan,et al. TranDA: Behavior traceable anomaly detection and attribution for 5G control plane via message sequence analysis[J]. COMPUTER NETWORKS,2026,274:14. |
| APA | Dai, Lulu,Sun, Qian,Wang, Yuanyuan,Fan, Xuancheng,&Tian, Lin.(2026).TranDA: Behavior traceable anomaly detection and attribution for 5G control plane via message sequence analysis.COMPUTER NETWORKS,274,14. |
| MLA | Dai, Lulu,et al."TranDA: Behavior traceable anomaly detection and attribution for 5G control plane via message sequence analysis".COMPUTER NETWORKS 274(2026):14. |
入库方式: OAI收割
来源:计算技术研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。