NCI WEBSITE
NORMA eResearch @NCI Library

Real-Time Threat Detection in Open5GS Networks Using Amazon GuardDuty

Tools

Bajwa, Ammad-Ud-Din (2024) Real-Time Threat Detection in Open5GS Networks Using Amazon GuardDuty. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (698kB) | Preview
[thumbnail of Configuration Manual]
Preview
 PDF (Configuration Manual)
Download (850kB) | Preview

Abstract

In today’s age of fifth-generation (5G) networks, which have revolutionized the telecommunications landscape, offered amazing speeds, ultra-low latency, and huge connectivity to support a number of applications have also been a great source of the integration of open-source 5G core implementations like Open5GS including the cloud infrastructures comes with no shock. This research study dives deep into the effectiveness of Amazon GuardDuty which is a cloud-native threat detection service which is used in identifying and responding to real-time security threats within an Open5GS-based private 5G network deployed on Amazon Web Services (AWS) including the zero-day threats. In this study a comprehensive experimental setup was created which simulates a private 5G network environment using Open5GS tool for core network functions and srsRAN for radio access network (RAN) and user equipment (UE) simulation. To use all these together, this network was hosted inside a secured AWS Virtual Private Cloud (VPC) where all the subnets, security groups, and routing were configured to emulate a realistic deployment. Amazon GuardDuty was integrated without any of the custom configurations to use its default abilities like the monitoring of the VPC Flow Logs, DNS logs, and AWS CloudTrail events for threat detection. This study also simulates various network threats including port scans, SSH brute-force attempts, denial-of-service (DoS) attacks, DNS exfiltration, and unauthorized API calls. All of these to evaluate GuardDuty's detection performance and the evaluation metrics which are the focus of this study and finds the detection accuracy, response time, false positive rate, time-to-detection consistency, and performance overhead on each and all network operations. The findings of the GuardDuty showed that the integration of GuardDuty introduced in itself a minimal performance overhead along with almost no impact on CPU utilization, network latency, and throughput. This ensured that the 5G network's efficiency did not get affected by the GuardDuty’s resource needs. This research study concludes that Amazon GuardDuty is very effective in both finding and responding to many real-time security threats within an Open5GS-based private 5G network on AWS and this study also shows that GuardDuty’s ability to work with machine learning and anomaly detection techniques makes it good for monitoring of network activities as well as enhancing the security of private 5G deployments.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Verma, Rohit
UNSPECIFIED
Uncontrolled Keywords: AWS GuardDuty; Open5GS; Real-Time Threat Detection; Private 5G Networks; Network Security; Cloud-Native Security Services; srsRAN; Open-Source 5G Core Network; Cybersecurity
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Ciara O'Brien
Date Deposited: 18 Jul 2025 09:59
Last Modified: 18 Jul 2025 09:59
URI: https://norma.ncirl.ie/id/eprint/8192

Actions (login required)

View Item View Item