Submit

Login Login

Register Register

Home/ Journals/ CMES/ Vol.144, No.2, 2025/ 10.32604/cmes.2025.067326

Table of Content

Open Access iconOpen Access

ARTICLE

Temporal Attention LSTM Network for NGAP Anomaly Detection in 5GC Boundary

Shaocong Feng, Baojiang Cui*, Shengjia Chang, Meiyi Jiang

School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, 100876, China

* Corresponding Author: Baojiang Cui. Email: email

(This article belongs to the Special Issue: Cutting-Edge Security and Privacy Solutions for Next-Generation Intelligent Mobile Internet Technologies and Applications)

Computer Modeling in Engineering & Sciences 2025, 144(2), 2567-2590. https://doi.org/10.32604/cmes.2025.067326

Received 30 April 2025; Accepted 07 July 2025; Issue published 31 August 2025

Abstract

Service-Based Architecture (SBA) of 5G network introduces novel communication technology and advanced features, while simultaneously presenting new security requirements and challenges. Commercial 5G Core (5GC) networks are highly secure closed systems with interfaces defined through the 3rd Generation Partnership Project (3GPP) specifications to fulfill communication requirements. However, the 5GC boundary, especially the access domain, faces diverse security threats due to the availability of open-source cellular software suites and Software Defined Radio (SDR) devices. Therefore, we systematically summarize security threats targeting the N2 interfaces at the 5GC boundary, which are categorized as Illegal Registration, Protocol attack, and Signaling Storm. We further construct datasets of attack and normal communication patterns based on a 5G simulated platform. In addition, we propose an anomaly detection method based on Next Generation Application Protocol (NGAP) message sequences, which extracts session temporal features at the granularity of User Equipment (UE). The method combines the Long Short-Term Memory Network (LSTM) and the attention mechanism can effectively mine the dynamic patterns and key anomaly time-steps in the temporal sequence. We conducted anomaly detection baseline algorithm comparison experiments, ablation experiments, and real-world simulation experiments. Experimental evaluations demonstrated that our model can accurately learn the dependencies of uplink and downlink messages for our self-constructed datasets, achieving 99.80% Accuracy and 99.85% F1 Score, which can effectively detect UE anomaly behavior.

Keywords

5GC boundary; security threat; NGAP; anomaly detection

Cite This Article

APA Style
Feng, S., Cui, B., Chang, S., Jiang, M. (2025). Temporal Attention LSTM Network for NGAP Anomaly Detection in 5GC Boundary. Computer Modeling in Engineering & Sciences, 144(2), 2567–2590. https://doi.org/10.32604/cmes.2025.067326
Vancouver Style
Feng S, Cui B, Chang S, Jiang M. Temporal Attention LSTM Network for NGAP Anomaly Detection in 5GC Boundary. Comput Model Eng Sci. 2025;144(2):2567–2590. https://doi.org/10.32604/cmes.2025.067326
IEEE Style
S. Feng, B. Cui, S. Chang, and M. Jiang, “Temporal Attention LSTM Network for NGAP Anomaly Detection in 5GC Boundary,” Comput. Model. Eng. Sci., vol. 144, no. 2, pp. 2567–2590, 2025. https://doi.org/10.32604/cmes.2025.067326
BibTex EndNote RIS



cc Copyright © 2025 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

  • 2324

    View

  • 1711

    Download

  • 0

    Like

Related articles

Copyright© 2025 Tech Science Press
© 1997-2025 TSP (Henderson, USA) unless otherwise stated

Share Link