TLDR: This paper investigates the impact of simulated Distributed Denial of Service (DDoS) attacks on 5G core network functions (NFs) and user equipment (UE) registration performance. It identifies the Access and Mobility Management Function (AMF) as particularly sensitive to stress, significantly affecting user experience. The study also evaluates kernel-based monitoring (eBPF) as an efficient method for detecting security threats in these complex deployments, highlighting the necessity of tailored resource allocation for different NFs to maintain service quality and Service-Level Agreement (SLA) compliance.
The expansion of 5G networks, especially with software-based core functions, brings significant challenges, particularly concerning how resources are managed and how the network performs under stress. A recent research paper, “Performance Evaluation and Threat Mitigation in Large-scale 5G Core Deployment,” delves into these critical issues, offering valuable insights for the future of telecommunications.
Authored by Rodrigo Moreira, Larissa F. Rodrigues Moreira, and Flávio de Oliveira Silva, the study focuses on understanding the effects of unpredictable workloads, such as those generated by Distributed Denial of Service (DDoS) attacks, on various Network Functions (NFs) within the 5G core. Their work specifically examines how these attacks impact the performance of User Equipment (UE) registration, a crucial step for any device connecting to the network. You can find the full paper here: Research Paper.
Understanding the Challenges
The paper highlights that the next generation of networks, Beyond Fifth Generation (B5G), aims to do more than just provide connectivity; it seeks to enable advanced applications like human-machine interaction. This ambition demands robust and scalable network infrastructure. While many studies have looked at 5G cores from different angles, the specific impact of individual NFs on user experience and system stability, especially under chaotic conditions, has remained less explored.
To address this, the researchers employed a method based on chaos engineering. They simulated DDoS attacks by applying synthetic workloads to individual Network Functions (NFs) within the 5G core, stressing their Central Processing Unit (CPU) and memory. Simultaneously, a sensor on a User Equipment (UE) collected data on registration times, allowing the team to see how these stresses affected the user’s ability to connect.
Key Findings on Network Function Performance
The experiments revealed several important findings. When a DDoS attack was simulated on the Access and Mobility Management Function (AMF), a critical component in the 5G core, its CPU utilization spiked dramatically, and network traffic surged. This indicates that the AMF is highly susceptible to such attacks, impacting its efficiency and stability.
Further analysis showed that the AMF was indeed the most affected Network Function, significantly influencing the time it took for a User Equipment to register. This underscores the AMF’s vital role in maintaining a smooth user experience, especially under stressful conditions. The study also found that a combination of CPU and memory stress had the most significant impact on UE registration time across the 5G core. This suggests that in real-world 5G deployments, it’s essential to consider the varying CPU and memory demands of different NFs and allocate resources accordingly.
The researchers observed that while individual CPU or memory stress tests didn’t always show a statistically significant impact on registration time, the combined stress did. The variability among different NFs also played a substantial role, with AMF, Unified Data Management (UDM), and Unified Data Repository (UDR) showing the greatest influence on registration time, particularly when both CPU and memory were stressed.
Enhancing Security with Monitoring
Beyond performance, the paper also explored methods for threat mitigation. To detect and classify malicious traffic, the researchers proposed monitoring packet exchanges between NFs. They compared two packet sniffing methods: user-space tools (like tcpdump) and kernel-space methods (using Extended Berkeley Packet Filter, or eBPF).
Their evaluation showed that the kernel-based eBPF method had slightly lower CPU usage for packet capture, indicating its efficiency. While it showed slightly higher memory consumption, its overall performance suggests that kernel-based monitoring can be a scalable and effective approach for enhancing security threat defense in resource-constrained 5G environments.
Also Read:
- AI Predicts Network Performance on Live National Testbeds for Enhanced Service Delivery
- Symbiotic Agents: Integrating AI Reasoning with Network Optimization for Future Networks
Conclusion and Future Implications
This research provides crucial quantitative data for large-scale 5G deployments, emphasizing the need for differential resource allocation for Network Functions, especially in environments with limited resources or strict power policies. The findings confirm that the AMF is a resource-intensive entity due to its significant impact on user registration time. Furthermore, kernel-based monitoring approaches like eBPF offer a promising path for improving security threat detection while maintaining efficiency in complex 5G setups.
