A Model Training Method for DDoS Detection Using CTGAN under 5GC Traffic  

作　　者：Yea-Sul Kim Ye-Eun Kim Hwankuk Kim 

机构地区：[1]Department of Electronics Information and System Engineering,Sangmyung University,Cheonan,31066,Korea [2]Department of Information Security Engineering,Sangmyung University,Cheonan,31066,Korea

出　　处：《Computer Systems Science & Engineering》2023年第10期1125-1147,共23页计算机系统科学与工程（英文）

基　　金：This work was supported by Institute of Information&communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-00796;Research on Foundational Technologies for 6GAutonomous Security-by-Design toGuarantee Constant Quality of Security).

摘　　要：With the commercialization of 5th-generation mobile communications(5G)networks,a large-scale internet of things(IoT)environment is being built.Security is becoming increasingly crucial in 5G network environments due to the growing risk of various distributed denial of service(DDoS)attacks across vast IoT devices.Recently,research on automated intrusion detection using machine learning(ML)for 5G environments has been actively conducted.However,5G traffic has insufficient data due to privacy protection problems and imbalance problems with significantly fewer attack data.If this data is used to train an ML model,it will likely suffer from generalization errors due to not training enough different features on the attack data.Therefore,this paper aims to study a training method to mitigate the generalization error problem of the ML model that classifies IoT DDoS attacks even under conditions of insufficient and imbalanced 5G traffic.We built a 5G testbed to construct a 5G dataset for training to solve the problem of insufficient data.To solve the imbalance problem,synthetic minority oversampling technique(SMOTE)and generative adversarial network(GAN)-based conditional tabular GAN(CTGAN)of data augmentation were used.The performance of the trained ML models was compared and meaningfully analyzed regarding the generalization error problem.The experimental results showed that CTGAN decreased the accuracy and f1-score compared to the Baseline.Still,regarding the generalization error,the difference between the validation and test results was reduced by at least 1.7 and up to 22.88 times,indicating an improvement in the problem.This result suggests that the ML model training method that utilizes CTGANs to augment attack data for training data in the 5G environment mitigates the generalization error problem.

关 键 词：5G core traffic machine learning SMOTE GAN-CTGAN IoT DDoS detection tabular form cyber security B5G mobile network security 

分 类 号：TP39[自动化与计算机技术—计算机应用技术] TN929.5[自动化与计算机技术—计算机科学与技术]