Abstract:

The paper concerns the possibility of conducting attacks on the 5G Core Network. The concept of attacks involving modification of control packets of the PFCP (Packet Forwarding Control Protocol) protocol were presented, along with their implementations. The Man-In-The-Middle (MitM) attacks were performed on the packets transmitted between SMF (Session Management Function) and UPF (User Plane Function) modules. The communication between these modules is used to establish and maintain PDU sessions; therefore, information about PDU session was observed. In the subsequent part, the possibilities of detecting such threats based on logs were discussed. We used the network monitoring tools to detect the anomaly behaviour of modules or protocol. Basing on the logs from SMF and UPF the input data was prepared. It was then processed for presentation in monitoring tool.