Researchers at the University of Surrey have unveiled a real-time defence system aimed at safeguarding modern mobile networks, particularly as they transition towards the anticipated 6G infrastructure. This innovative framework, named TwinGuard, leverages artificial intelligence to detect and neutralise sophisticated cyber threats targeting 5G networks in under 100 milliseconds.
The TwinGuard system addresses the increasing cybersecurity vulnerabilities posed by the evolving telecommunications landscape. As 5G networks adopt open, modular architectures, they facilitate easier upgrades and expansions but concurrently introduce numerous entry points for potential attackers. Dr. Sotiris Moschoyiannis, an associate professor in complex systems at Surrey’s Centre for Cyber Security, highlighted that conventional methods often struggle to identify the dynamic nature of modern cyber threats, which frequently adapt their tactics during attacks.
By employing a digital twin of the network, TwinGuard maintains a continuously updated virtual model of the live system, enabling the AI to monitor activities and detect anomalies in near real time. Unlike traditional security solutions that rely on predefined attack signatures, TwinGuard focuses on recognizing behavioural patterns. This allows it to learn what constitutes normal behaviour for the network, thereby enhancing its capability to spot irregular activities as they arise.
To validate the efficacy of this approach, the research team conducted tests in two distinct 5G environments that mirrored real-world infrastructure. The first experiment involved a simulated multi-cell Open Radio Access Network (O-RAN), designed to allow multiple radio base stations to work together for optimized network connections. The second test environment utilized a virtualised 5G core network built on the open-source OpenAirInterface platform, managed through the FlexRIC real-time control system. In both settings, TwinGuard successfully identified and thwarted cyber-attacks in less than a tenth of a second.
The framework’s testing included scenarios such as handover flooding attacks, which disrupt device transitions between cell towers, and E2 subscription flooding attacks, where malicious applications inundate network controllers with excessive requests. These simulations showcased TwinGuard’s rapid response capabilities, a crucial feature in an environment where attackers can mimic legitimate traffic patterns or escalate their tactics gradually to evade detection.
Dr. Mohammad Shojafar, an associate professor in network security at Surrey’s 5G/6G Innovation Centre, emphasized that the complexities of modern telecommunications systems make detecting malicious activity particularly challenging. The interconnected nature of software and hardware components within 5G infrastructure complicates traditional security models, which often fail to adapt to the fast-paced evolution of threats.
As the telecommunications sector prepares for the advent of 6G, expected to emerge in the early 2030s, the need for innovative cybersecurity solutions becomes increasingly pressing. Experts predict that as networks grow more intricate and software-driven, conventional rule-based security systems will likely become inadequate. The TwinGuard project exemplifies how AI-driven monitoring and digital twin technology could be integral in safeguarding future communications infrastructure against evolving cyber threats.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
