TranDA: Behavior traceable anomaly detection and attribution for 5G control plane via message sequence analysis

doi:10.1016/j.comnet.2025.111804

CSpace

	TranDA: Behavior traceable anomaly detection and attribution for 5G control plane via message sequence analysis
	Dai, Lulu 1,2; Sun, Qian 1,2,3; Wang, Yuanyuan 1,2; Fan, Xuancheng 1,2; Tian, Lin 1,2,3
	2026
发表期刊	COMPUTER NETWORKS
ISSN	1389-1286
卷号	274 页码:14
摘要	In mobile communication networks, the control plane (CP) is responsible for essential procedures, and its integrity is critical to reliable service. In fourth generation (4G) and earlier mobile communication networks, although attackers may have attempted to disrupt the control flow by dropping or injecting messages, such attacks were often thwarted by state consistency checks under the centralized architecture. In contrast, the fifth generation (5G) employs a distributed architecture, leading to a lack of global visibility over control flows. Coupled with inherent plaintext window, this makes attacks considerably more stealthy when exploiting protocol or hardware-level vulnerabilities. In this paper, we propose TranDA, a method that analyzes message sequences to identify anomalies and trace malicious behaviors in the 5G CP, providing precise intelligence for defensive strategies. Considering the request-response mechanism of communication protocols, we design a novel embedding method in TranDA to capture functional relationships between messages. TranDA comprises two zero-positive modules for anomaly detection and attribution, which are independently trained and designed for different task granularities. The detection module learns global patterns to identify anomalous flow segment. The attribution module learns fine-grained contextual dependencies between messages and infers the correct control logic by evaluating the plausibility of each message's dual temporal role within the flow. TranDA outputs a concise anomaly profile for anomalous flow, detailing the malicious behavior involved. Experiments demonstrate that TranDA achieves an average 0.92 F1-score for detection and 0.84 accuracy for attribution, outperforming the best baselines by 1.1 % and 11.7 %. Anomaly profiles show TranDA's attribution granularity and interpretability.
关键词	5G Control plane Anomaly detection Behavior attribution Traceability Message sequence
DOI	10.1016/j.comnet.2025.111804
收录类别	SCI
语种	英语
WOS研究方向	Computer Science ; Engineering ; Telecommunications
WOS类目	Computer Science, Hardware & Architecture ; Computer Science, Information Systems ; Engineering, Electrical & Electronic ; Telecommunications
WOS记录号	WOS:001614297500003
出版者	ELSEVIER
引用统计
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/43092
专题	中国科学院计算技术研究所
通讯作者	Sun, Qian
作者单位	1.Chinese Acad Sci, Inst Comp Technol, Beijing 100089, Peoples R China 2.Univ Chinese Acad Sci, Beijing 101408, Peoples R China 3.Nanjing Inst InforSuperBahn, Nanjing 211100, Peoples R China
推荐引用方式 GB/T 7714	Dai, Lulu,Sun, Qian,Wang, Yuanyuan,et al. TranDA: Behavior traceable anomaly detection and attribution for 5G control plane via message sequence analysis[J]. COMPUTER NETWORKS,2026,274:14.
APA	Dai, Lulu,Sun, Qian,Wang, Yuanyuan,Fan, Xuancheng,&Tian, Lin.(2026).TranDA: Behavior traceable anomaly detection and attribution for 5G control plane via message sequence analysis.COMPUTER NETWORKS,274,14.
MLA	Dai, Lulu,et al."TranDA: Behavior traceable anomaly detection and attribution for 5G control plane via message sequence analysis".COMPUTER NETWORKS 274(2026):14.