Towards Dynamic Threat Modelling in 5G Core Networks Based on MITRE ATT&CK


This article discusses how the gap between early 5G network threat assessments and an adversarial Tactics, Techniques, Procedures (TTPs) knowledge base for future use in the MITRE ATT&CK threat modelling framework can be bridged. We identify knowledge gaps in the existing framework for key 5G technology enablers such as SDN, NFV, and 5G specific signalling protocols of the core network. We adopt a pre-emptive approach to identifying adversarial techniques which can be used to launch attacks on the 5G core network (5GCN) and map these to its components. Using relevant 5G threat assessments along with industry reports, we study how the domain specific techniques can be employed by APTs in multi-stage attack scenarios based on historic telecommunication network attacks and motivation of APT groups. We emulate this mapping in a pre-emptive fashion to facilitate a rigorous cyber risk assessment, support intrusion detection, and design defences based on common APT TTPs in a 5GCN.

arXiv preprint arXiv:2108.11206