Against the grain, let me start with the conclusion: AI will both create new vulnerabilities and become a powerful tool to fight security threats, and the challenge is to integrate AI carefully to avoid the first and benefit from the second.
Security has always been crucial and a priority in mobile wireless networks, and this is not changing. But the scope of what needs to be secured is changing fundamentally. As networks evolve with 5G, IoT, edge computing and network slicing, they become more powerful and flexible. They also become more complex: they have more moving parts, more distributed topologies, more devices and device types, and more applications. More complexity means higher vulnerability, because there are more ways to attack a complex wireless network. And the price for such attacks is higher than in the past, as our society, safety and economy more pervasively rely on wireless connectivity, and security breaches have a deeper, more crippling impact.
The expanded security requirements are not lost on the 3GPP’s ecosystem of vendors and operators. Security in 5G is more robust than in legacy networks. The tools are available, but we need a new approach to security that requires a serious effort from all the ecosystem players.
While we need to take an end-to-end approach to security, there are multiple levels and contexts, and each requires a different handling of security. The targets of malicious activity could be devices and their owners (people or enterprises), the data being transmitted, or the network itself. For instance, hackers may want to get subscribers’ personal data, intercept confidential corporate communications, or take down a wireless network. They can attack a target through multiple entry points, and the same entry point can be used for different targets or attack types. For instance, a DDOS attack launched from the devices can be used to take down a network. But devices can also be targeted directly for identity theft or to control them remotely.
Security requirements also vary by application. Healthcare and financial services, for instance, have more stringent requirements than subscriber entertainment applications such as video downloads or gaming. With the introduction of remote control in verticals such as transportation, healthcare or public safety, wireless security will become even more crucial. Network failure or impairment doesn’t just mean lost calls or emails: it may cause financial loss, social disruption and fatal accidents.
AI – including machine learning – can play a major role in managing this new approach to security in wireless networks, but it is a double-edged sword.
The highly automated learning and optimization that AI introduces add new potential entry points and targets for malicious attacks. They also make wireless networks more dynamic, and security mechanisms must become more flexible to detect security threats in real time and predict very quickly what their impact will be and what remedial action is required. When network operations keep changing to optimize performance, detecting the anomalies caused by malicious attacks becomes more difficult than in a static network.
For instance, some operators have started to use AI to optimize M-MIMO performance in the RAN by dynamically setting the over 1,000 parameters that M-MIMO uses automatically, without direct human intervention. Attacking M-MIMO AI-based optimization may disrupt performance in the RAN, and we need to be able to detect anomalous behavior that may be caused by malicious activity and separate it from possibly similar changes that are driven by optimization processes.
But this is where AI comes to the rescue, because it is ideally suited to detecting anomalous activity. To be effective, security attacks typically change the network, service or application behavior or introduce disruptive elements. Operators can use AI for anomaly detection to identify signs of security breaches – as well as non-malicious activity that may disrupt network performance. In the M-MIMO case, an unusual parameter change can trigger a security alert as it happens. Whether this is the result of malicious activity or not, the operator can take remedial action in real time and minimize disruption.
This is an area where AI shines. By definition, security breaches are unexpected, and they exploit unknown vulnerabilities in the network or generate non-predictable traffic flows or network activities. Rule-based algorithms are best at detecting known network disruption patterns. AI is more powerful in detecting novel disruption patterns – and those are going to become more common with the increased complexity that 5G, IoT, virtualization, edge computing and network slicing bring. AI can play a major role in anomaly detection and, more generally, network monitoring in the new end-to-end security approach we need to protect our increasingly complex – as well as critical – wireless infrastructure and device ecosystem.