Research On 5G Network Slicing Deployment And Migration Mechanism Based On Security Metrics

The traditional mobile communication network architecture is difficult to meet the current differentiated network services and application requirements in different application scenarios,especially the customized services for vertical industries.The fifth-generation mobile communication proposes network slicing technology on the basis of network function virtualization and software defined network,and provides on-demand customized network services according to user needs on a unified network infrastructure.However,while Network Function Virtualization(NFV)improves the flexibility of network service deployment and management,it also brings new security issues due to its open network boundary and shared infrastructure,such as side channel attacks,denial of service attacks,etc.Side channel attacks obtain target information by analyzing the indirect information during the running process of the program,which can destroy the confidentiality of tenant information and steal key tenant information.The general network slicing deployment method and virtual network function migration method do not consider the vulnerability risk and side channel risk of infrastructure nodes in-depth when selecting deployment nodes and migration destination nodes,so that network slices face security risks introduced by the infrastructure node side.In response to the above problems,this paper focuses on the infrastructure security of network slice,and studies the 5G network slicing deployment and migration mechanism based on security metrics to ensure the normal operation of network services and privacy security.The specific research contents are as follows:1.A 5G network slicing deployment method based on vulnerability risk measurement is proposed.This method first establishes a vulnerability risk measurement model of infrastructure nodes from three aspects: resource occupancy,vulnerability threat and abnormal behavior;then,the virtual network functions are classified according to whether they carry tenant privacy information,the virtual network functions carrying tenant privacy information are deployed on the infrastructure nodes with low vulnerability risk metrics;finally,based on the integer linear programming model,a network slicing deployment method based on the whale optimization algorithm is proposed.Simulation results show that this method can improve the security of instantiated network slices without significantly increasing the deployment cost.2.A virtual network function migration method based on side channel risk measurement is proposed.First,in order to ensure the confidentiality of tenant privacy information in the 5G core network slice and minimize the migration overhead,the virtual network function carrying tenant privacy information is selected as the migration object;then this method divides the virtual network function migration process into two stages,the first stage is the judgment of the starting conditions of virtual network function migration,the attack detection model and the information leakage model are used for judgment,and the migration method combining trigger migration and periodic migration is designed,the second stage is the implementation of the migration strategy,the node side channel risk measurement method is established to measure the side channel risk of the original node and the candidate node,if the side channel risk metric value of the candidate node is lower than that of the original node,the node with the lowest side channel risk metric value among the candidate nodes is selected as the migration destination node;finally,a virtual network function migration method based on multi-criteria decision-making is designed.Simulation results show that the proposed method can effectively avoid side-channel attacks by migrating virtual network functions to lower-risk locations with controllable migration overhead.3.On the basis of the above research,a network slice deployment system architecture based on network function virtualization is proposed,a network slice security management and orchestration architecture is proposed based on the network function virtualization management and orchestration architecture,the prototype verification is completed by deploying a network slice instance on the free 5G MANO open source system,the verification results show that the architecture proposed in this paper can realize the deployment of 5G network slicing based on security metrics and ensure the stable operation of network services.