TITLE:
5G Network Vulnerabilities: A Security Mechanism for Detecting and Blocking DDoS Threats at the Network Edge
AUTHORS:
Sakib Mahmud, Ahsan Ullah, Shakhawat Hossain Shipon, Mahedi Hassan, Md Nazmus Sakib
KEYWORDS:
5G Networks, DDoS Attacks, Network Security, Multi-Access Edge Computing (MEC), Intrusion Detection System (IDS), Machine Learning, Network Edge, Threat Mitigation
JOURNAL NAME:
Journal of Information Security,
Vol.16 No.4,
August
26,
2025
ABSTRACT: The rapid expansion of 5G networks has revolutionized global connectivity, enabling billions of devices to communicate seamlessly across various industries. However, this advancement has also increased the vulnerability to Distributed Denial of Service (DDoS) attacks, posing significant threats to network reliability. This research presents a novel machine learning-based approach for detecting and mitigating DDoS attacks at the Multi-Access Edge Computing (MEC) layer, with the objective of enhancing the security and efficiency of 5G ecosystems. The proposed system integrates Random Forest (RF), K-Nearest Neighbor (KNN), and XGBoost algorithms with the Zeek Intrusion Detection System (IDS) to enable real-time traffic classification and mitigation at the network edge. Models were trained using the CIC-DDoS2019 dataset to identify realistic attack patterns. Python was used for implementation, and Zeek IDS dynamically extracted traffic features. Simulated traffic streams, blending both benign and malicious behaviors, were employed to evaluate system performance under realistic conditions. The architecture leverages separate inbound and outbound switches to isolate traffic flows, enabling immediate blocking of malicious packets and blacklisting of source IPs while maintaining uninterrupted service for legitimate traffic. The proof-of-concept demonstrated the ability to detect and mitigate 40% of malicious traffic effectively. Despite its success, the system currently relies on simulated data and lacks a complete deployment-ready software package. Future work will focus on building a robust, scalable implementation suitable for real-world MEC environments. This research provides a promising foundation for protecting 5G networks from evolving DDoS threats without compromising legitimate network operations.