Skip to main content


Successful Intrusion Detection systems heavily rely on machine learning to detect anomaly. However, particularly in 5G networks, detected attacks contain complex information representing technical details about the network components (e.g., virtual BBU (vBBU), virtual RRH (vRRH), controllers, NFV orchestrator, involved EPC functions, etc.), its heterogeneous structure, security policies, and involved actors and their capabilities. This heterogeneous 5G infrastructure makes it hard for users to interpret machine generated attack data. Explanation is needed to clarify the attacks to users. This can happen using visualization techniques, for example, interactive tree graphs for improved user interaction allowing zooming in and out of details of attacks. In addition, explanation is needed to highlight which parts of attacks target which parts of the 5G network infrastructure and what parts of the security policies are violated. The challenge is to link up the Intrusion Detection Intelligence, analyse it, explain it, and feed back incident response decisions to users as well as to different levels of the 5G network infrastructure to enforce security policies in response to detected attacks. An important backbone for this process is to have models in which these heterogeneous scenarios can be encoded adequately yet concisely. A possibility is to use logical representation. However, the logics need to be powerful enough to represent entities, structures, and policies and yet rigorous and sufficiently supported with analysis and verification capabilities. Candidates are higher order temporal logics extended with attack trees and other security notions. A demonstrator platform will be provided using a cloud-native 5G set-up and Software Defined Network controllers.