Research On Attack-Oriented Secure Mapping Method For 5G RAN Slice

With the development of the digital age,enhanced Mobile Broadband(eMBB),ultra-Reliable Low-Latency Communication(uRLLC)and massive Machine Type Communication(mMTC),are leading the way.Emerging communication services require 5G bearer networks to implement heterogeneous communication services through network slicing.NFV and SDN allow network elements of different slices to reuse resources on the same physical network,which endows the network architecture with flexibility and efficiency,but also brings security risks.The Side Channel attack(SCA)and Distributed Denial of Service(DDoS)attack are perfectly in line with the characteristics of 5G RAN slice shared physical network.These two classic attack methods will have different impacts on the security and resource utilization of communication networks.Therefore,it is very important to explore attack-oriented 5G RAN slice security mapping methods.The main research contents and results of this paper are as follows:(1)A SCA-aware RAN slice resource mapping method was proposed.Aiming at the security issues brought by SCA to 5G RAN slices,this paper proposes RAN slice resource mapping methods with different isolation levels.Firstly,the characteristics of 5G mobile bearer network,5G RAN slice and SCA are analyzed,and the corresponding network model is established.Then comprehensively consider node computing resources,network bandwidth resources,and network security,and combine uRLLC,eMBB,and mMTC slices with different requirements for computing resources and link resources,and propose a customized slice resource mapping method according to the different SCA defense strength requirements of the system,which satisfies the security of the system and the efficient deployment of slices.This method can effectively improve the defense performance of the system against SCA,and achieve a balance between security and resource utilization efficiency.(2)A Deep Reinforcement Learning(DRL)-based method for intelligent migration of RAN slices under DDoS attacks was proposed.Aiming at the impact of DDoS attacks on 5G RAN,this paper proposes a DRL-based RAN slice resource mapping method in resource-constrained network scenarios.Firstly,the DDoS attack model and system structure are analyzed,and an initial network simulation environment with limited resources under DDoS attack is built.Secondly,the DRL agent and the state space,action space and reward function in line with the business scenario are designed,and then the training realizes the migration of the affected network elements in the attacked node.Finally,the feasibility of the method is verified by experiments.Compared with the load balancing algorithm,the DRL algorithm can more fully learn the business requirements of slices and the distribution of network resources.By reducing the blocking rate of slice migration,it can effectively reduce the impact of DDoS attacks on slices.