Securing GTP Protocol on Cellular Networks using Anomaly Based Intrusion Detection System

Muhammad Fikriansyah; Alfan Presekal

doi:10.62146/ijecbe.v3i4.206

Authors

Muhammad Fikriansyah Universitas Indonesia
Alfan Presekal Universitas Indonesia

DOI:

https://doi.org/10.62146/ijecbe.v3i4.206

Keywords:

anomaly detection, machine learning, Communication, Convolution Neural Network, Intrusion Detection System, Transport Protocol

Abstract

Cellular networks are expanding swiftly, and this growth has been accompanied by an increase in the activities of advanced threat actors such as Liminal Panda and Light Basin. These groups often direct their efforts toward both network operators and subscribers. Their objectives encompass financial profit, espionage, and extensive data exfiltration. A significant incident took place at SK Telecom in April 2025, when malicious actors gained unauthorized access to subscriber data stored within the Home Subscriber Server. Incidents of this magnitude underscore the critical importance of dependable security solutions capable of identifying malicious traffic within the core of cellular infrastructures. This study proposes an anomaly-based intrusion detection system utilizing a Convolutional Neural Network (CNN) to augment the security of the General Packet Radio Service Tunnelling Protocol. The CNN learns standard traffic patterns during training and detects anomalous behavior when certain thresholds are surpassed. This method facilitates rapid identification of many types of malicious behavior. The experimental analysis indicates that the proposed model exhibits high performance, achieving an accuracy of 99.07%, precision of 98.59%, recall of 99.43%, and an F1-score of 99.05%. These results illustrate the efficacy of CNN-based anomaly detection as a robust protective strategy for cellular networks.

Author Biographies

Muhammad Fikriansyah, Universitas Indonesia

Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok, Indonesia

Alfan Presekal, Universitas Indonesia

Department of Electrical Engineering, Faculty of Engineering, Universitas Indonesia, Depok, Indonesia

References

S. Mavoungou et al. “Survey on Threats and Attacks on Mobile Networks”. In: IEEE Access 4 (2016), pp. 4543–4572.

M. Humayun et al. “5G Network Security Issues, Challenges, Opportunities and Future Directions: A Survey”. In: Journal of Physics: Conference Series 1979 (2021), p. 012037.

Y. et al. Zhang. “Invade theWalled Garden: Evaluating GTP Security in Cellular Networks”. In: Proceedings of the IEEE Symposium on Security and Privacy (SP). 2025.

A. Thakkar and R. Lohiya. “A Review of the Advancement in Intrusion Detection Datasets”. In: Procedia Computer Science 167 (2020), pp. 636–645.

N. K. S. Nayak and R. Kumar. “An Intrusion Detection System for 5G SDN Network Using Binarized Deep Spiking Capsule Fire Hawk Neural Networks and Blockchain”. In: Future Internet 16.10 (2024), p. 359.

O. Malkawi, N. Obeid, and W. Almobaideen. “Intrusion Detection System for 5G Device-to-Device Communication Technology in Internet of Things”. In: Informatica 48.15 (Oct. 2024), pp. 281–296.

A. et al. Elhanashi. “Machine Learning Techniques for Anomaly-Based Detection System on CSECIC- IDS2018 Dataset”. In: Applications in Electronics Pervading Industry, Environment and Society (ApplePies 2022). Vol. 1036. Lecture Notes in Electrical Engineering (LNEE). Springer, 2023, pp. 131–140.

I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani. “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization”. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP). CIC-IDS2017 Dataset. 2018, pp. 108–116.

R. I. Farhan, A. T. Maolood, and N. F. Hassan. “Performance Analysis of Flow-Based Attacks Detection on CSE-CIC-IDS2018 Dataset Using Deep Learning”. In: Indonesian Journal of Electrical Engineering and Computer Science 20.3 (Dec. 2020), pp. 1413–1418.

S. et al. Samarakoon. 5G-NIDD: A Comprehensive Network Intrusion Detection Dataset Generated over 5G Wireless Network. arXiv preprint arXiv:2212.01298. Dec. 2022.

P. et al. Radoglou-Grammatikis. “5GCIDS: An Intrusion Detection System for 5G Core with AI and Explainability Mechanisms”. In: Proceedings of the IEEE GlobecomWorkshops (GCWkshps). Kuala Lumpur, Malaysia, 2023, pp. 353–358.

Karsten Nohl and Luca Melette. Advanced Interconnect Attacks – Chasing GRX and SS7 Vulnerabilities. Chaos Communication Camp. Available at: https://media.ccc.de/v/camp2015-6785-advanced_interconnect_attacks. Mildenberg, Germany, Aug. 2015.

M. Tanhatalab et al. Deep RAN: A Scalable Data-Driven Platform to Detect Anomalies in Live Mobile Network Using Recurrent Convolutional Neural Network. arXiv preprint arXiv:1911.04472. 2019.

GSMA. FS.20 – GPRS Tunnelling Protocol (GTP) Security. Tech. rep. Version 4.0. https://www.gsma.com/fraud-security/resources/fs-20-gprs-tunnelling-protocol-gtp-security. London, United Kingdom: GSM Association, 2021.

A. Almutairi and N. Abdelmajeed. “Innovative Signature Based Intrusion Detection System: Parallel Processing and Minimized Database”. In: 2017 International Conference on the Frontiers and Advances in Data Science (FADS). 2017, pp. 114–119.

Y. Yao et al. “Anomaly Intrusion Detection Approach Using Hybrid MLP/CNN Neural Network”. In: Sixth International Conference on Intelligent Systems Design and Applications. 2006, pp. 1095–1102.

B. Hussain et al. “Artificial Intelligence-Powered Mobile Edge Computing-Based Anomaly Detection in Mobile Networks”. In: IEEE Transactions on Industrial Informatics 16.8 (2019), pp. 4986–4996.

I. Saputra, E. Utami, and A. Muhammad. “Comparison of Anomaly Based and Signature Based Methods in Detection of Scanning Vulnerability”. In: 2022 9th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI). 2022, pp. 221–225.