PoC 7 Zero-touch closed-control security management of attacks detection and mitigation.
- Engin Zeydan (engin.zeydan_at_cttc.cat)
Demonstration of closed loop automation for mitigating against DDoS attacks from MTC (Machine Type Communication) devices on 5G Core Network (CN) components,
The proposed framework is aligned with the "Figure 7.2.1-1: Functional view of a Closed Loop and its stages within the ZSM framework" in ZSM009-1. The mapping of the in-scope management components of MonB5G with ZSM services and capabilities defined in Section 7.2 Functional view is as follows:
- The monitoring stage is realized, fully or in part, by the (domain or E2E) data collection management services (clauses 6.5.2 and 6.6.2 of ETSI GS ZSM 002). The "Monitoring" stage of Figure 7.2.1-1 is mapped with MS in MonB5G architecture.
- The analysis stage is realized, fully or in part, by the (domain or E2E) analytics management services (clauses 6.5.3 and 6.6.3 of ETSI GS ZSM 002). The "Analysis" stage of Figure 7.2.1-1 is mapped with AE.
- The decision stage is realized, fully or in part, by the (domain or E2E) intelligence management services (clauses 6.5.4 and 6.6.4 of ETSI GS ZSM 002). The "Decision" stage of Figure 7.2.1-1 is mapped with DE.
- The execution stage is realized, fully or in part, by the domain orchestration and control management services (clauses 6.5.5 and 6.5.6 of ETSI GS ZSM 002), when the CL is deployed within a management domain. The "Execution" stage is mapped with Actuators.
- Knowledge is realized, fully or in part, by the (domain or cross-domain) data services (clause 6.4 of ETSI GS ZSM 002) The "Knowledge" of Figure 7.2.1-1 is mapped to store historical data for training ML algorithms in MonB5G architecture.
- The communication and interoperation between the CL stages may be realized, fully or in part, by the (domain or cross-domain) integration fabric management services. These stages in Figure 7.2.1-1 is mapped with the message bus in MonB5G.
- The primary flow of data and control messages are expressed by arrows M2A (is between MS and AE), A2D (is between AE and DE), D2E (is between DE and Actuator) and E2M (is between Actuator and MS)
- The double-headed arrows K1 (Store historical information), K2 (Store historical analytics insights), K3 (Store historical workflows) and K4 (Store historical actions)
Full PoC proposal on ETSI portal as ZSM(22)000321r1 - Download pdf
This PoC is WORKING on:
- Topic 3 - Intent-driven Closed-Loop automation
- Demo 1, Feb 2023, PoC public Demo at IoT solutions World congress (Barcelona, Jan 31 – Feb 2) or Mobile World Congress (Barcelona, Feb 27– March 2) as ZSM(23)000033
More details about the PoC content can be found in MonB5G project’s dissemination and communication activities.
- PoC #7 Final report (28 Feb 2023) - ZSM(23)000050 on ETSI portal - Download pdf