Towards Dynamic Threat Modelling in 5G Core Networks Based on MITRE ATT&CK
This work addresses security challenges for 5G core networks, providing a pre-emptive threat modelling approach to enhance defenses against advanced persistent threats, though it is incremental as it builds on existing frameworks and threat assessments.
The paper tackles the problem of bridging the gap between early 5G network threat assessments and adversarial knowledge for threat modelling by identifying knowledge gaps in the MITRE ATT&CK framework for 5G technologies like SDN and NFV, and mapping potential attack techniques to 5G core network components to support cyber risk assessment and intrusion detection.
This article discusses how the gap between early 5G network threat assessments and an adversarial Tactics, Techniques, Procedures (TTPs) knowledge base for future use in the MITRE ATT&CK threat modelling framework can be bridged. We identify knowledge gaps in the existing framework for key 5G technology enablers such as SDN, NFV, and 5G specific signalling protocols of the core network. We adopt a pre-emptive approach to identifying adversarial techniques which can be used to launch attacks on the 5G core network (5GCN) and map these to its components. Using relevant 5G threat assessments along with industry reports, we study how the domain specific techniques can be employed by APTs in multi-stage attack scenarios based on historic telecommunication network attacks and motivation of APT groups. We emulate this mapping in a pre-emptive fashion to facilitate a rigorous cyber risk assessment, support intrusion detection, and design defences based on common APT TTPs in a 5GCN.