E2E Network Slicing for Enhanced Cybersecurity, Orchestration, Automation and Response in 5G/6G: The RIGOUROUS Approach

Abstract

This paper addresses the challenge of cybersecurity in ensuring cybersecurity in complex 5G and future 6G network environments, characterized by multi-domain, multi-tenant architectures and diverse technologies. The RIGOUROUS project proposes a novel network self-protection (NSP) scheme based on End-to-End (E2E) network slicing to address these challenges. The paper details this scheme’s design, prototype, and preliminary results, which leverage a Security Orchestration, Automation, and Response (Security Orchestration, Automation and Response (SOAR)) loop to automate threat detection, mitigation planning, and enforcement. The core components of the SOAR loop, including the Topology Inventory Agent (TIA), Network Security Flow Monitoring (NSFM), Slice Mitigation Planner Service (SMPS), Security Orchestrator (SO), and Slice Manager (SM), are described. Additionally, the solution is centered on NSP based on the Open vSwitch (OVS) platform, for which significant extensions have been undertaken to support Network Slicing capabilities in multi-tenant, multi-domain beyond 5G networks. Preliminary experiments show promising results in terms of overhead introduced in the data plane (on the order of microseconds) and high scalability when deploying up to 2048 network slices. The implementation of the network slicing-based mitigation strategy in the software data path is presented, along with a use case demonstrating its effectiveness in mitigating cyberattacks. The preliminary results highlight, in a scenario with up to 64 infected UEs, a reaction time of 15.28 s in the best-case scenario and 51.52 s in the worst-case scenario. The proposed solution shows potential to enhance the security and resilience of next-generation network infrastructures.