Towards Real-Time Intrusion Detection in P4-Programmable 5G User Plane Functions

Recent works have shown that Machine Learning (ML) models can be deployed in P4-programmable user planes for line rate inference on live traffic and that these user planes can also be used to accelerate the 5G User Plane Function (UPF). This work builds on these capabilities to explore how ML inference in the user plane can facilitate real-time intrusion detection in 5G networks. As a proof-of-concept, we describe how an ML model could be deployed into the UPF as a special Packet Detection Rule (PDR). We then train and deploy a tree-based classifier into a P4-programmable switch acting as the UPF and conduct experiments on a testbed with off-the-shelf hardware using experimental data from a 5G test network on a university campus. Our results confirm that running ML-based intrusion detection on P4-based UPFs ensures line-rate attack detection and classification with an accuracy of up to 98% in terms of F1 score, while keeping switch resource consumption increase under control.