Benchmarking Deep Learning Architectures for Real-Time Intrusion Detection in Kubernetes-Orchestrated 5G Core Networks
Main Article Content
Keywords
5G Core Network, Deep Learning, Intrusion Detection System, Open5GS, Kubernetes.
Abstract
Cloud-native 5G core networks on Service-Based Architecture expose distributed Network Functions to cyber threats requiring adaptive Deep Learning-based Intrusion Detection Systems (DL-IDS). This work evaluates six DL architectures (Convolutional Neural Network (CNN), Multi-Layer Perceptron (MLP), Recurrent Neural Network (RNN), Long Short-Term Memory (LSTM), Gated Recurrent Unit (GRU), Autoencoder (AE)) on a Kubernetes-orchestrated Open5GS testbed, measuring Central Processing Unit (CPU) utilization, memory consumption, and latency under realistic traffic conditions. Results show feedforward models (CNN, MLP, AE) achieve sub-millisecond latency (0.6 milliseconds (ms)) with CPU below 12%, enabling multiple concurrent IDS instances per server, while recurrent architectures (RNN, LSTM, GRU) require high CPU utilization (99-107%) with 3.5 to 7.2 ms latency, necessitating dedicated hardware acceleration. Memory footprint remains consistent (385 to 390 megabytes (MB)) across all models. These findings demonstrate that operational efficiency is a key consideration for DL-IDS deployment in production 5G networks, with substantial CPU efficiency differences between architecture choices.