Anomaly Detection and Mitigation in 6G Networks via Machine Learning

Authored by Panagiotis Trakadas, Panagiotis Gkonis, Nikolaos Nomikos and Lambros Sarakis (NKUA)

The vision towards the 6G landscape includes among others the integration of various cutting-edge technologies to support diverse service requirements and advanced application scenarios. In the network domain, massive machine type communications, serverless computing and intent based networking are only a few of the 6G key enabling technologies. As the vision of new, smart, and innovative capabilities is becoming the reality at a rapid pace the key security, privacy and resiliency features are not only requested “by design”, instead, they push the envelope of managing a truly evolving system, with features engineered “by the evolution itself.” The fundamentally new and unknown features of advanced, disaggregated, virtualized and multi-vendor 6G based infrastructures, challenge the security and resilience design to the next level, by managing the unknown, complex, and highly versatile infrastructures as they evolve. For instance, a service can now migrate across multiple disaggregated domains and environments, with highly intelligent and flexible security mechanisms in each domain.

Since such complex systems can significantly increase the number of potential endpoints as well as the types of potential attacks, resource optimization and attack mitigation can be performed with the help of artificial intelligence (AI). In future 6G networks, AI-methods are used to (i) optimize resource allocation and perform optimum network reconfiguration, if necessary (ii) improve response and resilience of systems, such as for the early detection of threats as anomalies, and (iii) identify and correct vulnerabilities by attacking the systems predicted to be exposed, in a sandbox environment, such as in digital twins. Consequently, the application of AI should follow a coordinated approach, by combining both reactive and predictive methods.

A machine learning (ML)-assisted architectural approach for threat detection and mitigation is based on distributed data collection and processing, incorporating a dual goal: i) on one hand to analyse a vast variety of 6G endpoints in terms of abnormal data and ii) on the other hand to ensure privacy on protected data, during ML model training. The latter goal can be achieved via federated learning (FL), which is based on local data training and update of master model at periodic time intervals [2]. Therefore, privacy-sensitive data remain localized and only ML-model updated are exchanges among 6G nodes.

In HORSE project, a high-level architectural approach is presented for decentralized data collection and ML model training, where Generative Adversarial Networks (GANs), transfer and meta-learning modules have been used [3]. GANs can be very helpful towards threat detection and mitigation, since new potential data sets can be generated from the available training data, thus simulating additional potential attacks that may take place. The master FL server can communicate with a transfer learning database, where all individual generated ML models can be stored and retrieved on demand. In the same context, local FL servers can communicate with a meta-learning server, where key updates can be inferred to all participating models. It should be noted at this point that both local GAN servers as well as the meta-learning server have been modelled as cloud servers due to the required processing power. Data collection from all endpoints is made feasible via network data analytics function (NWDAF) that can perform data collection from various network functions (NFs) [4]. Finally, in all data transactions, encrypted transfers are supported.


Figure 1: Distributed data collection and ML-assisted anomaly detection in future 6G networks


[1] X. D. Duan et al., “6G Architecture Design: from Overall, Logical and Networking Perspective,” in IEEE Communications Magazine, vol. 61, no. 7, pp. 158-164, July 2023, doi: 10.1109/MCOM.001.2200326.

[2] Z. K. Taha et al., “A Survey of Federated Learning From Data Perspective in the Healthcare Domain: Challenges, Methods, and Future Directions,” in IEEE Access, vol. 11, pp. 45711-45735, 2023, doi: 10.1109/ACCESS.2023.3267964.

[3] P. K. Gkonis et al., «Leveraging Network Data Analytics Function and Machine Learning for Data Collection, Resource Optimization, Security and Privacy in 6G Networks,” IEEE Access, vol. 12, pp. 21320-21336, 2024, doi: 10.1109/ACCESS.2024.3359992.

[4] 3GPP TS 29.520, “Network Data Analytics Services; Release 15,” 2019.