Zero‐Trust Oriented Threat Detection and Orchestration Across Data and Control Planes in 5G Cloud Networks

ABSTRACT

Cloud‐native 5G mobile networks introduce new opportunities for scalability and service agility but also expose the control and user planes to sophisticated and fast‐evolving cyber threats. Most existing intrusion detection mechanisms for mobile core networks still rely on signature‐based rules or sequential modeling techniques. Such approaches struggle to identify unseen threats, exhibit susceptibility to adversarial interference across training and inference stages, and fall short of ensuring the low‐latency performance required in cloud‐native 5G environments. To address these shortcomings, this work introduces a graph‐augmented, trust‐guided temporal security framework designed for both the user‐plane and control‐plane. The framework first transforms traffic and signaling data into relational graphs enriched with trust semantics, allowing the capture of complex multi‐hop dependencies. It then applies diffusion‐based denoising guided by trust information to suppress spurious or adversarial graph connections. On top of this, a patch‐level temporal transformer—enhanced with trust‐weighted attention and a contrastive anomaly discriminator—models evolving traffic dynamics to highlight unknown attack behaviors. Finally, a permissioned blockchain layer enables tamper‐proof provenance tracking and enforces micro‐segmented security policies through asynchronous consensus and edge‐proximal coordination, ensuring scalability without incurring excessive write delays. Together, these components enable the proposed system to detect unseen intrusions more reliably, maintain resilience under adversarial conditions, and sustain low‐latency decision making in real‐world deployments. Experimental evaluation on simulated user‐plane and control‐plane traces demonstrates improvements over state‐of‐the‐art methods in detection accuracy and generalization to new attacks, with enhanced robustness under adversarial stress tests and substantial reductions in inference delay, confirming its suitability for next‐generation mobile security management.