Security-as-a-Function for IDS/IPS in Softwarized Network and Applications to 5G Network Systems

The service-based architecture of 5G network allows network operators to place virtualized network functions on commodity hardware, unlike the traditional vendor-specific hardware-based functionalities. However, it expands the security vulnerabilities and threats to the 5G network. While there exist several theoretical studies on network function placement and service routing, a few focused on the security aspects of the 5G network systems. This paper focuses on safeguarding the 5G core network systems from DoS and DDoS attacks by placing intrusion detection and prevention systems (IDS-IPS) as virtualized network functions following the 5G standalone architecture. To ensure the virtualized placement of IDS-IPS, first, we provide thorough virtual machine (VM)-based and containerized implementation details and evaluate the network performance with two scenarios, IDS and IPS, in the presence of TCP and UDP applications. Second, we apply the VM-based implementation of IDS-IPS on a softwarized 5G core network and study the network performances. The experiment results on network throughput, latency, and packet drop reveal that the softwarized IDS-IPS can meet the QoS requirements of 5G applications, while safeguarding the network from DoS and DDoS attacks.