5Ghoul Defensive Detection: Inverted Exploit Signatures for 5G NR Pre-Authentication Attack Monitoring

Perry, Thomas Jr.

doi:10.5281/zenodo.18707254

Published February 20, 2026 | Version v1

Preprint Open

5Ghoul Defensive Detection: Inverted Exploit Signatures for 5G NR Pre-Authentication Attack Monitoring

Perry, Thomas Jr.

A complete defensive detection framework for the 5Ghoul family of 5G NR pre-authentication vulnerabilities, comprising an IDS script with inverted exploit signatures for all 12 published CVEs (V5-V16) and the DA1 NAS flooding downgrade attack, Wireshark forensic filters, and constitutional detection constraints following a refuse-rather-than-miss philosophy.

Files

5ghoul-defensive-detection.pdf

Files (77.2 kB)

Name	Size	Download all
5ghoul-defensive-detection.pdf md5:1547f6616580a671908f260fcc9bd517	77.2 kB	Preview Download

Additional details

References: 10.5281/zenodo.18652596 (DOI); 10.5281/zenodo.18652592 (DOI)

Views

Downloads

Show more details

	All versions	This version
Views	17	17
Downloads	9	9
Data volume	694.9 kB	694.9 kB

More info on how stats are collected....

DOI

Resource type

Preprint

Publisher

Zenodo

License: Creative Commons Attribution 4.0 International

The Creative Commons Attribution license allows re-distribution and re-use of a licensed work on the condition that the creator is appropriately credited. Read more

Technical metadata

Created: February 20, 2026
Modified: February 20, 2026

5Ghoul Defensive Detection: Inverted Exploit Signatures for 5G NR Pre-Authentication Attack Monitoring

Authors/Creators

Description

Files

5ghoul-defensive-detection.pdf

Files (77.2 kB)

Additional details

Related works