Dynamic management of a deep learning-based anomaly detection system for 5G networks

  • Lorenzo Fernández Maimó
  • Alberto Huertas Celdrán
  • Manuel Gil Pérez
  • Félix J. García Clemente
  • Gregorio Martínez Pérez
Original Research


Fog and mobile edge computing (MEC) will play a key role in the upcoming fifth generation (5G) mobile networks to support decentralized applications, data analytics and management into the network itself by using a highly distributed compute model. Furthermore, increasing attention is paid to providing user-centric cybersecurity solutions, which particularly require collecting, processing and analyzing significantly large amount of data traffic and huge number of network connections in 5G networks. In this regard, this paper proposes a MEC-oriented solution in 5G mobile networks to detect network anomalies in real-time and in autonomic way. Our proposal uses deep learning techniques to analyze network flows and to detect network anomalies. Moreover, it uses policies in order to provide an efficient and dynamic management system of the computing resources used in the anomaly detection process. The paper presents relevant aspects of the deployment of the proposal and experimental results to show its performance.


Deep learning Anomaly detection Virtualization 5G mobile networks 



This work has been partially supported by a Séneca Foundation grant within the Human Resources Researching Postdoctoral Program 2018, a postdoctoral INCIBE grant within the “Ayudas para la Excelencia de los Equipos de Investigación Avanzada en Ciberseguridad” Program, with code INCIBEI-2015-27352, the European Commission Horizon 2020 Programme under Grant Agreement Number H2020-ICT-2014-2/671672 - SELFNET (Framework for Self-Organized Network Management in Virtualized and Software Defined Networks), and the European Commission (FEDER/ERDF).


  1. Abadi M, Barham P, Chen, J et al (2016) TensorFlow: a system for large-scale machine learning. In: 12th USENIX symposium on operating systems design and implementation, pp 265–283Google Scholar
  2. Alrawais A, Alhothaily A, Hu C, Cheng X (2017) Fog computing for the internet of things: security and privacy issues. IEEE Internet Comput 21(2):34–42CrossRefGoogle Scholar
  3. Anagnostopoulos M, Kambourakis G, Gritzalis S (2016) New facets of mobile botnet: architecture and evaluation. Int J Inf Secur 15(5):455–473CrossRefGoogle Scholar
  4. Buczak A, Guven E (2016) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutor 18(2):1153–1176CrossRefGoogle Scholar
  5. Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv 41(3):15:1–15:58CrossRefGoogle Scholar
  6. Chang X, Nie F, Wang S, Yang Y, Zhou X, Zhang C (2016) Compound rank-\(k\) projections for bilinear analysis. IEEE Trans Neural Netw Learn Syst 27(7):1502–1513MathSciNetCrossRefGoogle Scholar
  7. Chang X, Yu Y, Yang Y, Xing E (2017) Semantic pooling for complex event analysis in untrimmed videos. IEEE Trans Pattern Anal Mach Intell 39(8):1617–1632CrossRefGoogle Scholar
  8. Chen J, Cheng X, Du R, Hu L, Wang C (2017) BotGuard: lightweight real-time botnet detection in software defined networks. Wuhan Univ J Nat Sci 22(2):103–113MathSciNetCrossRefGoogle Scholar
  9. ETSI NFV ISG (2017) Network functions virtualisation (NFV); Network Operator Perspectives on NFV priorities for 5G. Technical report.
  10. Facebook Open Source (2017) Caffe2: a new hightweight, modular, and scalable deep learning framework [online]. Accessed 25 April 2018
  11. Fernández Maimó L, Perales Gómez A, García Clemente F, Gil Pérez M, Martínez Pérez G (2018) A self-adaptive deep learning-based system for anomaly detection in 5G networks. IEEE Access 6:7700–7712CrossRefGoogle Scholar
  12. Garcia S, Grill M, Stiborek J, Zunino A (2014) An empirical comparison of botnet detection methods. Comput Secur 45:100–123CrossRefGoogle Scholar
  13. Garcia-Teodoro P, Diaz-Verdejo J, Maciá-Fernández G, Vázquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secur 28(1–2):18–28CrossRefGoogle Scholar
  14. Gardiner J, Nagaraja S (2016) On the security of machine learning in malware C&C detection: a survey. ACM Comput Surv 49(3):59:1–59:39CrossRefGoogle Scholar
  15. Gil Pérez M, Huertas Celdrán A, Ippoliti F et al (2017) Dynamic reconfiguration in 5G mobile networks to proactively detect and mitigate botnets. IEEE Internet Comput 21(5):28–36CrossRefGoogle Scholar
  16. Machado C, Granville L, Schaeffer-Filho A (2016) ANSwer: Combining NFV and SDN features for network resilience strategies. In: IEEE symposium on computers and communication, pp 391–396Google Scholar
  17. Mantas G, Komninos N, Rodriguez J, Logota E, Marques H (2015) Security for 5G communications. In: Rodriguez J (ed) Fundamentals of 5G mobile networks. Wiley, Hoboken, pp 207–220Google Scholar
  18. Mijumbi R, Serrat J, Gorricho J, Bouten N, De Turck F, Boutaba R (2015) Network function virtualization: State-of-the-art and research challenges. IEEE Commun Surv Tut 18(1):236–262CrossRefGoogle Scholar
  19. Neves P, Calé R, Costa M et al (2017) Future mode of operations for 5G-The SELFNET approach enabled by SDN/NFV. Comp Stand Inter 54(4):229–246CrossRefGoogle Scholar
  20. Siddiqui MS, Legarrea A, Escalona E et al (2016) Hierarchical, virtualised and distributed intelligence 5G architecture for low-latency and secure applications. Trans Emerg Telecommun Technol 27(9):1233–1241CrossRefGoogle Scholar
  21. Sohal A, Sandhu R, Sood S, Chang V (2018) A cybersecurity framework to identify malicious edge device in fog computing and cloud-of-things environments. Comput Secur 74:340–354CrossRefGoogle Scholar
  22. Suárez-Albela M, Fernández-Caramés T, Fraga-Lamas P, Castedo L (2017) A practical evaluation of a high-security energy-efficient gateway for IoT fog computing applications. Sensors 17(9):1978CrossRefGoogle Scholar
  23. The 5G Infraestructure Public Private Partnership (5G-PPP) (2017) Key Performance Indicators [online]. Accessed 25 April 2018
  24. Tran Q, Jiang F, Hu J (2012) A real-time NetFlow-based intrusion detection system with improved BBNN and high-frequency field programmable gate arrays. In: IEEE 11th international conference on trust, security and privacy in computing and communications, pp 201–208Google Scholar
  25. Wang W, Sheng Y, Wang J et al (2018) HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6:1792–1806CrossRefGoogle Scholar
  26. Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21,954–21,961CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Departamento de Ingeniería y Tecnología de ComputadoresUniversity of MurciaMurciaSpain
  2. 2.Departamento de Ingeniería de la Información y las ComunicacionesUniversity of MurciaMurciaSpain

Personalised recommendations