![[2602.03596] SAGE-5GC: Security-Aware Guidelines for Evaluating Anomaly Detection in the 5G Core Network](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.03596] SAGE-5GC: Security-Aware Guidelines for Evaluating Anomaly Detection in the 5G Core Network
Summary
The paper presents SAGE-5GC, a set of security-aware guidelines for evaluating anomaly detection in the 5G Core Network, addressing challenges posed by adaptive attackers and non-IID data.
Why It Matters
As 5G networks become more prevalent, ensuring their security against sophisticated attacks is critical. This research highlights the inadequacies of current evaluation methods and proposes a framework that enhances the robustness of anomaly detection systems in real-world scenarios.
Key Takeaways
- Current anomaly detection methods often rely on unrealistic assumptions, such as IID data.
- The proposed SAGE-5GC guidelines focus on real-world deployment scenarios and adversarial threats.
- Adversarial attacks can significantly impair detection performance, necessitating improved evaluation methodologies.
- The study introduces a genetic algorithm-based optimization strategy for enhancing detection robustness.
- Using realistic datasets is crucial for training effective anomaly detection systems in 5G networks.
Computer Science > Machine Learning arXiv:2602.03596 (cs) [Submitted on 3 Feb 2026 (v1), last revised 23 Feb 2026 (this version, v2)] Title:SAGE-5GC: Security-Aware Guidelines for Evaluating Anomaly Detection in the 5G Core Network Authors:Cristian Manca, Christian Scano, Giorgio Piras, Fabio Brau, Maura Pintor, Battista Biggio View a PDF of the paper titled SAGE-5GC: Security-Aware Guidelines for Evaluating Anomaly Detection in the 5G Core Network, by Cristian Manca and 5 other authors View PDF HTML (experimental) Abstract:Machine learning-based anomaly detection systems are increasingly being adopted in 5G Core networks to monitor complex, high-volume traffic. However, most existing approaches are evaluated under strong assumptions that rarely hold in operational environments, notably the availability of independent and identically distributed (IID) data and the absence of adaptive attackers. In this work, we study the problem of detecting 5G attacks \textit{in the wild}, focusing on realistic deployment settings. We propose a set of Security-Aware Guidelines for Evaluating anomaly detectors in 5G Core Network (SAGE-5GC), driven by domain knowledge and consideration of potential adversarial threats. Using a realistic 5G Core dataset, we first train several anomaly detectors and assess their baseline performance against standard 5GC control-plane cyberattacks targeting PFCP-based network services. We then extend the evaluation to adversarial settings, where an attacker tr...
