Researchers at the University of Surrey have developed an AI-driven defence system capable of detecting and neutralising sophisticated 5G cyber-attacks in under a tenth of a second. This groundbreaking framework, named TwinGuard, aims to enhance the security of current 5G networks and future 6G systems, addressing vulnerabilities that arise from the increasing openness and flexibility of modern mobile networks.
The rise of open and flexible 5G networks, while benefiting upgrades and reducing costs, has also created more opportunities for cybercriminals. TwinGuard employs a real-time digital twin—a live virtual replica of a mobile network that refreshes every few milliseconds—integrated with reinforcement learning AI. This combination allows the system to anticipate suspicious behaviour and neutralise potential threats before they can disrupt network operations.
Traditional security systems typically rely on recognising established attack patterns, which can hinder their effectiveness against novel or rapidly evolving threats. In testing TwinGuard’s capabilities, researchers simulated two realistic 5G environments: a multi-cell Open Radio Access Network (O-RAN) configuration, which mirrors multiple mobile masts operating collaboratively, and a fully virtual 5G core network using open-source software, controlled through the real-time FlexRIC platform.
Across both test environments, TwinGuard successfully detected and blocked various attacks in under 100 milliseconds. These included a handover flooding attack, where fake signals overwhelm the system managing connections between masts, and an E2 subscription flooding attack, where malicious applications inundate the network controller with data requests to disrupt normal operations.
Dr. Sotiris Moschoyiannis, an Associate Professor in Complex Systems at the University of Surrey’s Centre for Cyber Security and lead of the research study, emphasised the need for adaptive security measures. “Attackers rarely come through the front door anymore. They probe, adapt and escalate in ways that traditional defences simply weren’t designed to handle,” he stated. He highlighted that TwinGuard’s ability to learn and respond to evolving threats is crucial for the resilience of future 6G networks.
Identifying unusual activity poses a challenge due to the diverse components that comprise modern 5G networks. Cybercriminals often disguise their activities by mimicking legitimate traffic or gradually escalating their attacks. With the anticipated rollout of 6G in the early 2030s, experts assert that future mobile networks will necessitate security systems capable of learning behavioural patterns instead of relying solely on established warning signs.
Dr. Mohammad Shojafar, Associate Professor in Network Security at the University of Surrey’s 5G/6G Innovation Centre, underscored the limitations of static, rule-based security systems in keeping pace with the agility and complexity of contemporary cyber threats. He noted, “Our defence framework lets the AI learn directly from a virtual copy of the live network, so it understands what ‘normal’ looks like and can spot trouble before any impact.” The rapid response time of under a tenth of a second showcases the potential importance of real-time, AI-driven defence mechanisms for future networks.
Neha Gupta, a researcher and developer at the Surrey 5G/6G Innovation Centre, played a pivotal role in designing the TwinGuard framework. She remarked, “I designed the framework to link real-time network data with an intelligent Digital Twin, enabling our reinforcement learning agent to anticipate and stop control-plane attacks in O-RAN networks in under 10 milliseconds.”
The findings from this research were initially presented at the 2025 IEEE International Conference on Trust, Security and Privacy in Computing and Communications and are published in IEEE Xplore. The research team plans to expand TwinGuard to larger, multi-cell environments, bringing it another step closer to deployment in the advanced 6G systems of the future.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
