Intent-based Security Management Using the TM Forum TR292I Security Ontology
For telecom network operators, this addresses the latency gap in manual security management by enabling automated, real-time threat response.
The paper presents a declarative, autonomous security framework using the TM Forum TR292I Security Ontology to dynamically neutralize live threats in 5G/6G telecom architectures, validated through a DDoS mitigation scenario on a gNB slice.
Modern 5G-Advanced and emerging 6G cloud-native telecom architectures encounter unprecedented hyper-complexity, multi-layered threat vectors, and fluid structural topologies. Managing infrastructure security using manual, imperative configurations introduces a severe latency gap, presenting attackers with an exploitable window. This paper presents a declarative, autonomous, self-protecting framework based on our design and standardization of the TM Forum TR292I Security Ontology v4.0.0. Our approach leverages Description Logic (DL) and automated graph reasoning within a closed-loop execution pipeline to dynamically neutralize live threats. Crucially, the system balances functional protection expectations with non-functional resource impact considerations (e.g., latency vs. compute overhead). We validate our model-driven architecture through a structural formal verification walkthrough of a distributed Denial of Service (DDoS) attack mitigation sequence on a disaggregated Next-Generation NodeB (gNB) slice, demonstrating how automated reasoning resolves runtime constraint conflicts without human intervention.