Developing Security Information and Events Management Use Cases for 5G Specific Vulnerabilities and Attacks

Abstract

The number of cybersecurity attacks and sensitive data breaches in businesses and organizations has increased significantly in recent years, and companies that are increasingly using or providing 5G technology are no exception. The impact of these incidents not only results the sensitive data breaches, financial losses and unexpected operational patterns for the targeted companies or organizations but can also extend to their peers in the same industry. Therefore, prevention and early detection of cyberattacks is also a key issue for IT infrastructures extended with emerging 5G technology. At the same time, detecting different types of attacks has become extremely challenging as attacks have become more sophisticated, distributed and stealthy with the help of artificial intelligence and other modern technologies. Detecting and managing such attacks requires sophisticated intrusion detection systems running on high-performance hardware and managed by expert security personnel. However, these resources are expensive to deploy, especially for small and medium-sized enterprises (SMEs). Therefore, in many cases, open source and free solutions are needed that allow SMEs to operate a security information event management (SIEM) system. Thanks to the low cost of implementation, it is affordable for SMEs and, after a short configuration and learning phase, it is self-sufficient and stable. Our goal is to provide detection solutions for attacks and vulnerabilities specific to 5G networks that provide effective detection and response for open source SIEM systems. Alerts on detected anomalies notify security personnel, who can efficiently and quickly implement incident response through graphical and visual dashboards.