pith. sign in

arxiv: 2606.08173 · v1 · pith:ZVQTMZ6Jnew · submitted 2026-06-06 · 💻 cs.CR · cs.LG· cs.NI

AI-Native Closed-Loop Security for 6G-Enabled Cyber-Physical Systems: From Edge Detection to Network-Wide Mitigation

Bilal Hussain , Muhammad Bilal , Tan Li , Haris Pervaiz , Xiao Tang , Qinghe Du , Fawad Ahmad , Muhammad Azhar
show 1 more author
Jun Zhang
This is my paper

Pith reviewed 2026-06-27 19:20 UTC · model grok-4.3

classification 💻 cs.CR cs.LGcs.NI
keywords 6G securitycyber-physical systemsclosed-loop securityedge anomaly detectionSDN NFV O-RAN mitigationfederated learningdigital twinstail-bounded latency
0
0 comments X

The pith

6G cyber-physical system security must operate as an AI-native closed loop that senses at the edge, decides locally, mitigates network-wide, and retrains via federated learning while meeting per-slice tail-bounded latency contracts.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This survey organizes 128 studies to argue that 6G CPS security collapses the breach-to-harm window to milliseconds and therefore cannot rely on perimeter firewalls or central operations centers. Instead it must form a closed pipeline: minute-scale CDR records and sub-millisecond RAN telemetry feed edge models that detect anomalies, local compressed deep models decide, SDN/NFV/O-RAN controllers enact network-wide mitigation, and federated learning with digital-twin replay retrains the system. The paper formalizes these stages under a per-slice tail-bounded latency contract, enforced at p99 for safety-critical URLLC slices. A sympathetic reader would care because autonomous vehicles, industrial robots, and remote surgical equipment turn any security delay into immediate physical damage. The synthesis maps threats to observable features, unifies detection techniques across datasets, and consolidates open problems in data, latency, trust, standardization, and evaluation.

Core claim

The paper claims that 6G CPS security is best understood as a single closed-loop, AI-native pipeline whose sense-detect-mitigate stages are governed by a per-slice tail-bounded latency contract, with sensing split between CDR baselines at the MEC tier and sub-millisecond O-RAN telemetry, local decisions made by compressed deep models, mitigation executed through SDN/NFV/O-RAN controllers, and continuous retraining performed by federated learning and digital-twin replay.

What carries the argument

The per-slice tail-bounded latency contract on the sense-detect-mitigate stages, enforced at a slice-dependent tail percentile such as p99 for safety-critical URLLC slices.

If this is right

  • Threat surfaces map to MITRE ATT&CK entries via CDR-observable feature spaces.
  • Anomaly detection and DDoS classification unify across twelve datasets using statistical, graph, and transformer models.
  • SDN, NFV, and O-RAN primitives combine into one closed-loop reference architecture.
  • FL, LLMs, DT, PQC, ZTA, and explainable AI function as cross-cutting enablers inside the same pipeline.
  • Open problems cluster into five directions: data, latency, trust, standardization, and evaluation.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • If the latency contract holds, security operations for physical systems must shift from centralized SOCs to edge-local decision loops.
  • Real deployments would need dynamic adjustment mechanisms when slice requirements conflict.
  • The approach implies that evaluation benchmarks must include tail-percentile measurements rather than average latencies.
  • Integration with post-quantum cryptography would occur inside the same closed loop rather than as a separate layer.

Load-bearing premise

The 128 studies selected under PRISMA 2020 can be synthesized into one unified per-slice latency contract without the synthesis introducing selection bias or overlooking slice-specific requirement conflicts.

What would settle it

Empirical data from a 6G testbed showing that any safety-critical URLLC slice requires a sense-detect-mitigate tail latency incompatible with the proposed contract bounds, or a re-analysis of the 128 papers that reveals systematic conflicts between slice requirements.

Figures

Figures reproduced from arXiv: 2606.08173 by Bilal Hussain, Fawad Ahmad, Haris Pervaiz, Jun Zhang, Muhammad Azhar, Muhammad Bilal, Qinghe Du, Tan Li, Xiao Tang.

Figure 1
Figure 1. Figure 1: End-to-end AI-native security ecosystem for 6G cyber-physical systems (CPSs), modelled as a closed control loop [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Survey roadmap. The paper is structured around eight sections (Secs II–IX) that collectively cover the end-to-end [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: PRISMA 2020 flow of the systematic literature review, [PITH_FULL_IMAGE:figures/full_fig_p007_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Attack surface of 6G CPS along two orthogonal [PITH_FULL_IMAGE:figures/full_fig_p008_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: DDoS attack lifecycle in 6G CPS. The upper red chain traces the attacker’s progression from vector selection through [PITH_FULL_IMAGE:figures/full_fig_p010_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Taxonomy of edge-side detection method families [PITH_FULL_IMAGE:figures/full_fig_p011_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: MEC-based detection pipeline. The Alert→SDN Ctrl→Mitigate stages are the detector-to-orchestrator hand￾off formalised in Sec. VI-B; the dashed feedback path is the closed-loop FL/DT retraining channel of Sec. VII. descriptors that publish per-class precision/recall plus training and prediction times [91] provide the baseline against which future 6G-native datasets should be benchmarked. The most operationa… view at source ↗
Figure 8
Figure 8. Figure 8: O-RAN/SDN mitigation hooks mapped onto the disaggregated RAN control plane. Four actuation points trade latency [PITH_FULL_IMAGE:figures/full_fig_p018_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Unified closed-loop reference architecture for AI-native 6G CPS security. The architecture replaces the five-pillar list [PITH_FULL_IMAGE:figures/full_fig_p021_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Federated learning topology for distributed 6G CPS [PITH_FULL_IMAGE:figures/full_fig_p021_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: End-to-end latency budget per 5G slice. Each row [PITH_FULL_IMAGE:figures/full_fig_p024_11.png] view at source ↗
Figure 12
Figure 12. Figure 12: C1–C5 research challenges mapped onto the 2025–2030 standardisation roadmap. C1 covers sub-millisecond edge [PITH_FULL_IMAGE:figures/full_fig_p025_12.png] view at source ↗
read the original abstract

In sixth-generation (6G) networks, billions of cyber-physical systems (CPSs) - autonomous vehicles, smart grids, industrial robots, and remote-surgical equipment - will run over ultra-reliable low-latency slices, collapsing the gap between a remote breach and physical harm to milliseconds, a budget perimeter firewalls and centralised security operations centres cannot meet. This survey reframes 6G CPS security as a closed-loop, AI-native pipeline that senses at the multi-access edge computing (MEC) tier, using minute-scale call-detail records (CDRs) for baseline learning and sub-millisecond RAN/Open-RAN (O-RAN) telemetry for the latency-critical path. It decides locally with compressed deep models, mitigates network-wide via SDN, NFV, and O-RAN controllers, and retrains through federated learning (FL) and digital-twin (DT) replay. We formalise a per-slice, tail-bounded latency contract on the sense, detect, and mitigate stages, enforced at a slice-dependent tail percentile (p99 for safety-critical URLLC slices). Organising 128 peer-reviewed studies (2017-2026) under a PRISMA 2020 protocol, we (i) map the 6G/CPS threat surface to MITRE ATT&CK and a CDR-observable feature space; (ii) unify edge anomaly detection and DDoS classification across twelve datasets and statistical, graph, and transformer models; (iii) synthesise SDN/NFV/O-RAN primitives into one closed-loop reference architecture; (iv) treat FL, large language models (LLMs), DT, post-quantum cryptography (PQC), zero-trust architecture (ZTA), and explainable AI as cross-cutting enablers, not parallel pillars; and (v) consolidate open problems into five directions spanning data, latency, trust, standardisation, and evaluation.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 0 minor

Summary. This survey reframes 6G CPS security as a closed-loop AI-native pipeline that senses at the MEC tier (using minute-scale CDRs for baseline and sub-millisecond RAN/O-RAN telemetry for latency-critical paths), decides locally with compressed deep models, mitigates network-wide via SDN/NFV/O-RAN controllers, and retrains via FL and DT replay. It formalizes a per-slice tail-bounded latency contract (p99 for URLLC slices) on sense-detect-mitigate stages and synthesizes 128 PRISMA 2020-selected studies (2017-2026) to (i) map threats to MITRE ATT&CK and CDR features, (ii) unify anomaly/DDoS detection across 12 datasets and model classes, (iii) synthesize a single closed-loop reference architecture, (iv) position FL/LLMs/DT/PQC/ZTA/XAI as cross-cutting enablers, and (v) consolidate open problems in five directions.

Significance. If the claimed unification holds without selection bias, the paper would provide a valuable integrative reference architecture for 6G security research, consolidating disparate threads (edge detection, O-RAN primitives, FL/DT) into a coherent per-slice latency contract that could inform standardization and future empirical work on tail-bounded security pipelines.

major comments (1)
  1. [Abstract] Abstract, synthesis step (iii): the central claim that 128 PRISMA-selected studies can be unified into one closed-loop reference architecture enforcing a uniform per-slice tail-bounded latency contract on sense-detect-mitigate stages is load-bearing, yet the description provides no explicit evidence that slice-specific conflicts (e.g., sub-millisecond URLLC vs. minute-scale eMBB telemetry requirements) were systematically checked or resolved; this directly matches the stress-test concern and leaves the unification vulnerable to selection bias.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive feedback and for recognizing the potential integrative value of the survey. We address the single major comment below.

read point-by-point responses

  1. Referee: [Abstract] Abstract, synthesis step (iii): the central claim that 128 PRISMA-selected studies can be unified into one closed-loop reference architecture enforcing a uniform per-slice tail-bounded latency contract on sense-detect-mitigate stages is load-bearing, yet the description provides no explicit evidence that slice-specific conflicts (e.g., sub-millisecond URLLC vs. minute-scale eMBB telemetry requirements) were systematically checked or resolved; this directly matches the stress-test concern and leaves the unification vulnerable to selection bias.

    Authors: The manuscript formalizes a per-slice tail-bounded latency contract that explicitly differentiates requirements (p99 for URLLC slices) and draws the reference architecture from studies spanning multiple slice types. However, we agree that the abstract and synthesis section do not provide an explicit, systematic accounting of how slice-specific conflicts were checked and resolved. To strengthen the unification claim and mitigate selection-bias concerns, we will add a dedicated subsection (in Section 4 or 5) that (i) enumerates the telemetry and mitigation conflicts across URLLC, eMBB, and mMTC slices, (ii) maps them to the 128 studies, and (iii) shows how the synthesized O-RAN/SDN/NFV primitives resolve them via slice-aware controllers. This revision will be supported by additional citations and a small table summarizing conflict-resolution mappings. revision: yes

Circularity Check

0 steps flagged

No circularity: survey synthesis rests on external PRISMA-selected studies without internal reduction

full rationale

This is a literature survey paper that organizes 128 external peer-reviewed studies under PRISMA 2020 to propose a reference architecture. No mathematical derivations, fitted parameters, or equations are present that reduce any claim to its own inputs by construction. The central unification of sense-detect-mitigate stages and per-slice latency contracts is presented as a synthesis of cited works rather than a self-definitional or self-citation load-bearing step. Self-citations, if any, are not load-bearing for the core claim. The paper is self-contained against external benchmarks and receives the default non-finding for surveys.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

This is a survey paper whose central claim is the proposed reframing and synthesis; it rests on the assumption that the PRISMA-selected literature is representative and that the latency-contract unification is feasible across slices.

axioms (1)
  • domain assumption PRISMA 2020 protocol produces an unbiased and comprehensive selection of relevant studies for this topic
    The abstract states the studies were organized under a PRISMA 2020 protocol.

pith-pipeline@v0.9.1-grok · 5922 in / 1483 out tokens · 35098 ms · 2026-06-27T19:20:16.126595+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

146 extracted references · 4 canonical work pages

  1. [1]

    On the road to 6G: Visions, requirements, key technologies, and testbeds,

    C.-X. Wanget al., “On the road to 6G: Visions, requirements, key technologies, and testbeds,”IEEE Commun. Surveys Tuts., vol. 25, no. 2, pp. 905–974, 2023

    2023

  2. [2]

    Toward 6g evolution: Three enhancements, three innovations, and three major challenges,

    R. Singh, A. Kaushik, W. Shin, M. D. Renzo, V . Sciancalepore, D. Lee, H. Sasaki, A. Shojaeifard, and O. A. Dobre, “Toward 6g evolution: Three enhancements, three innovations, and three major challenges,” IEEE Netw., vol. 39, no. 6, pp. 139–147, 2025

    2025

  3. [3]

    A vision of 6g wireless systems: Applications, trends, technologies, and open research problems,

    W. Saad, M. Bennis, and M. Chen, “A vision of 6g wireless systems: Applications, trends, technologies, and open research problems,”IEEE Netw., vol. 34, no. 3, pp. 134–142, 2020

    2020

  4. [4]

    Towards 6G wireless communication networks: Vision, enabling technologies, and new paradigm shifts,

    X. Youet al., “Towards 6G wireless communication networks: Vision, enabling technologies, and new paradigm shifts,”Sci. China Inf. Sci., vol. 64, no. 1, pp. 1–74, Jan. 2021

    2021

  5. [5]

    Cyber-physical systems security—a survey,

    A. Humayed, J. Lin, F. Li, and B. Luo, “Cyber-physical systems security—a survey,”IEEE Internet Things J., vol. 4, no. 6, pp. 1802– 1831, Dec. 2017

    2017

  6. [6]

    5G; security architecture and procedures for 5G system (3GPP TS 33.501 version 18.11.0 release 18),

    ETSI, “5G; security architecture and procedures for 5G system (3GPP TS 33.501 version 18.11.0 release 18),” European Telecommunications Standards Institute (ETSI), Technical Specification ETSI TS 133 501 V18.11.0, Apr. 2026

    2026

  7. [7]

    Security for 5g and beyond,

    I. Ahmad, S. Shahabuddin, T. Kumar, J. Okwuibe, A. Gurtov, and M. Ylianttila, “Security for 5g and beyond,”IEEE Commun. Surveys Tuts., vol. 21, no. 4, pp. 3682–3722, 2019

    2019

  8. [8]

    The roadmap to 6g security and privacy,

    P. Porambage, G. G ¨ur, D. P. M. Osorio, M. Liyanage, A. Gurtov, and M. Ylianttila, “The roadmap to 6g security and privacy,”IEEE Open J. Commun. Soc., vol. 2, pp. 1094–1122, 2021. [Online]. Available: https://api.semanticscholar.org/CorpusID:235077796

    2021

  9. [9]

    Un- derstanding O-RAN: Architecture, interfaces, algorithms, security, and research challenges,

    M. Polese, L. Bonati, S. D’Oro, S. Basagni, and T. Melodia, “Un- derstanding O-RAN: Architecture, interfaces, algorithms, security, and research challenges,”IEEE Commun. Surveys Tuts., vol. 25, no. 2, pp. 1376–1411, 2023

    2023

  10. [10]

    Intelli- gence and learning in O-RAN for data-driven NextG cellular networks,

    L. Bonati, S. D’Oro, M. Polese, S. Basagni, and T. Melodia, “Intelli- gence and learning in O-RAN for data-driven NextG cellular networks,” IEEE Commun. Mag., vol. 59, no. 10, pp. 21–27, Oct. 2021

    2021

  11. [11]

    O-RAN Architecture Description,

    O-RAN ALLIANCE, “O-RAN Architecture Description,” O-RAN ALLIANCE e.V ., Alfter, Germany, Technical Specification O- RAN.WG1.TS.OAD-R005-v16.00, Feb. 2026. [Online]. Available: https://specifications.o-ran.org/download?id=1013

    2026

  12. [12]

    Towards AI-native RAN: An operator’s perspective of 6G day 1 standardization,

    N. Li, Q. Sun, L. Wang, X. Xu, J. Huang, C. Liu, J. Gao, Y . Huang, and C. I, “Towards AI-native RAN: An operator’s perspective of 6G day 1 standardization,”arXiv preprint arXiv:2507.08403, Jul. 2025, available: https://arxiv.org/abs/2507.08403

    arXiv 2025

  13. [13]

    Cyber physical systems: Design challenges,

    E. A. Lee, “Cyber physical systems: Design challenges,” inProc. 11th IEEE Int. Symp. Object/Compon./service-Oriented Real-Time Distrib. Comput. (ISORC), Orlando, FL, USA, May 2008, pp. 363–369

    2008

  14. [14]

    Cyber-physical systems: the next computing revolution,

    R. R. Rajkumar, I. Lee, L. Sha, and J. Stankovic, “Cyber-physical systems: the next computing revolution,” inProc. 47th Design Autom. Conf. (DAC), ser. DAC ’10. New York, NY , USA: Association for Computing Machinery, 2010, pp. 731–736. [Online]. Available: https://doi.org/10.1145/1837274.1837461

    work page doi:10.1145/1837274.1837461 2010

  15. [15]

    6G internet of things: A comprehensive survey,

    D. C. Nguyenet al., “6G internet of things: A comprehensive survey,” IEEE Internet Things J., vol. 9, no. 1, pp. 359–383, Jan. 2022

    2022

  16. [16]

    Edge intelligence: The confluence of edge computing and artificial intelligence,

    S. Deng, H. Zhao, W. Fang, J. Yin, S. Dustdar, and A. Y . Zomaya, “Edge intelligence: The confluence of edge computing and artificial intelligence,”IEEE Internet Things J., vol. 7, no. 8, pp. 7457–7469, Aug. 2020

    2020

  17. [17]

    Convergence of edge computing and deep learning: A comprehensive survey,

    X. Wang, Y . Han, V . C. M. Leung, D. Niyato, X. Yan, and X. Chen, “Convergence of edge computing and deep learning: A comprehensive survey,”IEEE Commun. Surveys Tuts., vol. 22, no. 2, pp. 869–904, 2020

    2020

  18. [18]

    Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,

    M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,”J. Inf. Security Appl., vol. 50, no. 102419, Feb. 2020. [Online]. Available: https://www.sciencedirect.com/science/ article/pii/S2214212619305046

    2020

  19. [19]

    Deep learning-based DDoS- attack detection for cyber–physical system over 5G network,

    B. Hussain, Q. Du, B. Sun, and Z. Han, “Deep learning-based DDoS- attack detection for cyber–physical system over 5G network,”IEEE Trans. Ind. Informat., vol. 17, no. 2, pp. 860–870, Feb. 2021. 28

    2021

  20. [20]

    A survey on distributed denial-of-service attack mitigation for 5G and beyond,

    S. Hoque, A. Aydeger, E. Zeydan, and M. Liyanage, “A survey on distributed denial-of-service attack mitigation for 5G and beyond,” IEEE Open J. Commun. Soc., vol. 6, pp. 5840–5879, 2025

    2025

  21. [21]

    Multi-access edge computing (mec); framework and reference architecture,

    ETSI, “Multi-access edge computing (mec); framework and reference architecture,” European Telecommunications Standards Institute (ETSI), Tech. Rep. ETSI GS MEC 003 V4.1.1, May 2025. [Online]. Available: https://www.etsi.org/deliver/etsi gs/mec/001 099/ 003/04.01.01 60/gs mec003v040101p.pdf

    2025

  22. [22]

    Multi-access edge computing (MEC); support for security mon- itoring and management,

    ETSI, “Multi-access edge computing (MEC); support for security mon- itoring and management,” European Telecommunications Standards Institute (ETSI), ETSI Group Specification (GS) GS MEC 062 V4.1.1, Feb. 2026

    2026

  23. [23]

    Developing software for multi-access edge comput- ing,

    D. Sabellaet al., “Developing software for multi-access edge comput- ing,” European Telecommunications Standards Institute (ETSI), White Paper 20, Feb. 2019. [Online]. Available: https://www.etsi.org/images/ files/ETSIWhitePapers/etsi wp20ed2 MEC SoftwareDevelopment.pdf

    2019

  24. [24]

    Mobile edge computing: A survey,

    N. Abbas, Y . Zhang, A. Taherkordi, and T. Skeie, “Mobile edge computing: A survey,”IEEE Internet Things J., vol. 5, no. 1, pp. 450– 465, Feb. 2018

    2018

  25. [25]

    Open, programmable, and virtualized 5G networks: State-of-the-art and the road ahead,

    L. Bonati, M. Polese, S. D’Oro, S. Basagni, and T. Melodia, “Open, programmable, and virtualized 5G networks: State-of-the-art and the road ahead,”Comput. Netw., vol. 182, no. 107516, Dec. 2020

    2020

  26. [26]

    Toward next generation open radio access networks—what O-RAN can and cannot do!

    A. S. Abdalla, P. S. Upadhyaya, V . K. Shah, and V . Marojevic, “Toward next generation open radio access networks—what O-RAN can and cannot do!”IEEE Netw., vol. 36, no. 6, pp. 206–213, nov./dec. 2022

    2022

  27. [27]

    5G- SPECTOR: An O-RAN compliant layer-3 cellular attack detection service,

    H. Wen, P. Porras, V . Yegneswaran, A. Gehani, and Z. Lin, “5G- SPECTOR: An O-RAN compliant layer-3 cellular attack detection service,” inProc. Netw. Distrib. Syst. Secur. Symp. (NDSS), 2024

    2024

  28. [28]

    Federated learning for 6G security: A survey on threats, solutions, and research directions,

    C. d. Alwis, O. Aouedi, J. Xu, S. Wang, Y . Siriwardhana, T. Hewa, E. Zeydan, C. Sandeepa, and M. Liyanage, “Federated learning for 6G security: A survey on threats, solutions, and research directions,”IEEE Commun. Surveys Tuts., vol. 28, pp. 4883–4914, 2026

    2026

  29. [29]

    IMS is not that secure on your 5G/4G phones,

    J. Shiet al., “IMS is not that secure on your 5G/4G phones,” inProc. 30th Annu. Int. Conf. Mobile Computing and Networking (MobiCom), Washington, DC, USA, May 2024, pp. 513–527

    2024

  30. [30]

    A survey on zero trust architecture: Applications and challenges of 6G networks,

    N. Nahar, K. Andersson, O. Schel ´en, and S. Saguna, “A survey on zero trust architecture: Applications and challenges of 6G networks,”IEEE Access, vol. 12, pp. 93 562–93 590, 2024

    2024

  31. [31]

    Open RAN for 6G networks: Architecture, use cases and open issues,

    B. Agarwal, R. Irmer, D. Lister, and G.-M. Muntean, “Open RAN for 6G networks: Architecture, use cases and open issues,”IEEE Commun. Surveys Tuts., vol. 28, pp. 2881–2924, 2026

    2026

  32. [32]

    XAI-guided physical adversarial machine learning attacks on automatic modulation classification,

    Y . Salmi and H. Bogucka, “XAI-guided physical adversarial machine learning attacks on automatic modulation classification,”IEEE J. Sel. Areas Commun., vol. 44, pp. 4271–4286, 2026

    2026

  33. [33]

    Mitigating signaling storms in 5G with blockchain-assisted 5GAKA,

    B. Zhang, P. Zeinaty, N. Limam, and R. Boutaba, “Mitigating signaling storms in 5G with blockchain-assisted 5GAKA,” in2023 19th Inter- national Conference on Network and Service Management (CNSM), 2023, pp. 1–9

    2023

  34. [34]

    RRC signaling storm detection in O-RAN,

    D. K. Nguyen, R. E. Malki, and F. Rebecchi, “RRC signaling storm detection in O-RAN,” inProc. 2025 IEEE Symp. Comput. Commun. (ISCC), 2025

    2025

  35. [35]

    Mobile edge computing-based data-driven deep learning framework for anomaly detection,

    B. Hussain, Q. Du, S. Zhang, A. Imran, and M. A. Imran, “Mobile edge computing-based data-driven deep learning framework for anomaly detection,”IEEE Access, vol. 7, pp. 137 656–137 667, 2019

    2019

  36. [36]

    Artificial intelligence- powered mobile edge computing-based anomaly detection in cellular networks,

    B. Hussain, Q. Du, A. Imran, and M. A. Imran, “Artificial intelligence- powered mobile edge computing-based anomaly detection in cellular networks,”IEEE Trans. Ind. Informat., vol. 16, no. 8, pp. 4986–4996, Aug. 2020

    2020

  37. [37]

    Federated learning for enhanced cyber- security and trustworthiness in 5G and 6G networks: A comprehensive survey,

    A. Blika, S. Palmos, G. Doukas, V . Lamprou, S. Pelekis, M. Kontoulis, C. Ntanos, and D. Askounis, “Federated learning for enhanced cyber- security and trustworthiness in 5G and 6G networks: A comprehensive survey,”IEEE Open J. Commun. Soc., 2024

    2024

  38. [38]

    A multi-source dataset of urban life in the city of Milan and the province of Trentino,

    G. Barlacchiet al., “A multi-source dataset of urban life in the city of Milan and the province of Trentino,”Sci. Data, vol. 2, no. 150055, Oct. 2015

    2015

  39. [39]

    User terminals as attackers: An open dataset analysis of DDoS attacks in 5G networks,

    M. Christopoulouet al., “User terminals as attackers: An open dataset analysis of DDoS attacks in 5G networks,” inProc. IEEE Conf. Standards Commun. Netw. (CSCN), 2024, pp. 301–307

    2024

  40. [40]

    LUCID: A practical, lightweight deep learn- ing solution for DDoS attack detection,

    R. Doriguzzi-Corin, S. Millar, S. Scott-Hayward, J. Mart ´ınez-del Rinc´on, and D. Siracusa, “LUCID: A practical, lightweight deep learn- ing solution for DDoS attack detection,”IEEE Trans. Netw. Service Manage., vol. 17, no. 2, pp. 876–889, Jun. 2020

    2020

  41. [41]

    An efficiency-driven anomaly detection pipeline for mobile networks,

    J. M. Franco-Valiente, J. Calle-Cancho, D. Cort ´es-Polo, and J. M. Haut, “An efficiency-driven anomaly detection pipeline for mobile networks,” The Journal of Supercomputing, vol. 82, no. 5, p. 361, 2026

    2026

  42. [42]

    Anomaly detection and mitigation in O-RAN networks using an LSTM-RNN autoencoder and secure slicing,

    J. Moore, A. S. Abdalla, Z. Reshi, and V . Marojevic, “Anomaly detection and mitigation in O-RAN networks using an LSTM-RNN autoencoder and secure slicing,” in2025 IEEE Military Communica- tions Conference (MILCOM), 2025, pp. 1–6

    2025

  43. [43]

    Cross-layer security for 5G/6G network slices: An SDN, NFV, and AI-based hybrid framework,

    Z. Allaw, O. Zein, and A.-M. Ahmad, “Cross-layer security for 5G/6G network slices: An SDN, NFV, and AI-based hybrid framework,” Sensors, vol. 25, no. 11, p. 3335, 2025

    2025

  44. [44]

    Beyond connectivity: An open architecture for AI-RAN convergence in 6G,

    M. Polese, N. Mohamadi, S. D’Oro, L. Bonati, and T. Melodia, “Beyond connectivity: An open architecture for AI-RAN convergence in 6G,”IEEE Commun. Mag., pp. 1–6, 2026

    2026

  45. [45]

    Network functions virtualisation (nfv) release 5; management and orchestration; architecture enhancement for security manage- ment specification,

    ETSI, “Network functions virtualisation (nfv) release 5; management and orchestration; architecture enhancement for security manage- ment specification,” European Telecommunications Standards Institute (ETSI), Group Specification ETSI GS NFV-IFA 026 V5.4.1, Jan. 2026

    2026

  46. [46]

    Communication-efficient learning of deep networks from decentral- ized data,

    B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y. Arcas, “Communication-efficient learning of deep networks from decentral- ized data,” inProc. 20th Int. Conf. Artif. Intell. Statist. (AISTATS). Fort Lauderdale, FL, USA: PMLR, 2017, pp. 1273–1282

    2017

  47. [47]

    PRISMA 2020 explanation and elaboration: Updated guidance and exemplars for reporting systematic reviews,

    M. J. Page, J. E. McKenzie, P. M. Bossuytet al., “PRISMA 2020 explanation and elaboration: Updated guidance and exemplars for reporting systematic reviews,”BMJ, vol. 372, p. n160, 2021

    2020

  48. [48]

    Deep learning,

    Y . LeCun, Y . Bengio, and G. Hinton, “Deep learning,”Nature, vol. 521, pp. 436–444, May 2015

    2015

  49. [49]

    Attention is all you need,

    A. Vaswaniet al., “Attention is all you need,” inProc. 31st Conf. Neural Inf. Process. Syst. (NIPS). Long Beach, CA, USA: Curran Associates Inc., 2017, pp. 6000–6010

    2017

  50. [50]

    A comprehensive survey on graph neural networks,

    Z. Wu, S. Pan, F. Chen, G. Long, C. Zhang, and P. S. Yu, “A comprehensive survey on graph neural networks,”IEEE Trans. Neural Netw. Learn. Syst., vol. 32, no. 1, pp. 4–24, 2021

    2021

  51. [51]

    I. H. Sarker,AI-Driven Cybersecurity and Threat Intelligence. Cham, Switzerland: Springer Nature Switzerland, 2024. [Online]. Available: https://link.springer.com/book/10.1007/978-3-031-54497-2

    work page doi:10.1007/978-3-031-54497-2 2024

  52. [52]

    AI/ML life cycle management for interoperable AI native RAN,

    C.-H. Huang, C.-K. Wen, and G. Y . Li, “AI/ML life cycle management for interoperable AI native RAN,”IEEE Commun. Standards Mag., 2025, early Access; arXiv preprint arXiv:2507.18538v2. [Online]. Available: https://arxiv.org/abs/2507.18538

    arXiv 2025

  53. [53]

    Secure5G: A deep learning framework towards a secure network slicing in 5G and beyond,

    A. Thantharate, R. Paropkari, V . Walunj, C. Beard, and P. Kankariya, “Secure5G: A deep learning framework towards a secure network slicing in 5G and beyond,” inProc. 10th Annu. Comput. Commun. Workshop Conf. (CCWC), 2020, pp. 852–857

    2020

  54. [54]

    Intelligent reflecting surface enhanced wireless network via joint active and passive beamforming,

    Q. Wu and R. Zhang, “Intelligent reflecting surface enhanced wireless network via joint active and passive beamforming,”IEEE Trans. Wireless Commun., vol. 18, no. 11, pp. 5394–5409, Nov. 2019

    2019

  55. [55]

    RISCS: RIS-aided integrated sens- ing and communications—a cyber-physical security perspective,

    S. Hassouna, M. Zubair, A. Raza, M. Ahmed, J. Kazim, M. A. Imran, and Q. H. Abbasi, “RISCS: RIS-aided integrated sens- ing and communications—a cyber-physical security perspective,” IEEE Trans. Consum. Electron., 2026, to be published, doi: 10.1109/TCE.2026.3674062

    work page doi:10.1109/tce.2026.3674062 2026

  56. [56]

    Integrated sensing and communications (isac); security, privacy, trustworthiness and sustainability,

    ETSI, “Integrated sensing and communications (isac); security, privacy, trustworthiness and sustainability,” European Telecommunications Standards Institute (ETSI), Group Report ETSI GR ISC 004 V1.1.1, Feb. 2026. [Online]. Available: https://www.etsi.org/deliver/etsi gr/ ISC/001 099/004/01.01.01 60/gr ISC004v010101p.pdf

    2026

  57. [57]

    A survey on network security for cyber–physical systems: From threats to resilient design,

    S. Kim, K.-J. Park, and C. Lu, “A survey on network security for cyber–physical systems: From threats to resilient design,”IEEE Commun. Surv. Tutorials, vol. 24, no. 3, pp. 1534–1573, Aug. 2022

    2022

  58. [58]

    A survey on mobile edge computing: The communication perspective,

    Y . Mao, C. You, J. Zhang, K. Huang, and K. B. Letaief, “A survey on mobile edge computing: The communication perspective,”IEEE Commun. Surveys Tuts., vol. 19, no. 4, pp. 2322–2358, 2017

    2017

  59. [59]

    Edge intelligence: Paving the last mile of artificial intelligence with edge computing,

    Z. Zhou, X. Chen, E. Li, L. Zeng, K. Luo, and J. Zhang, “Edge intelligence: Paving the last mile of artificial intelligence with edge computing,”Proc. IEEE, vol. 107, no. 8, pp. 1738–1762, Aug. 2019

    2019

  60. [60]

    Charging architecture and principles,

    3GPP, “Charging architecture and principles,” 3rd Generation Partner- ship Project, Technical Specification (TS) 32.240, ver. 19.4.0, Release 19, Oct. 2025. [Online]. Available: https://www.etsi.org/deliver/etsi TS/132200 132299/132240/19.04.00 60/ts 132240v190400p.pdf

    2025

  61. [61]

    Descriptor: 5G open radio access network multi-modal intrusion detection dataset (NetsLab-5GORAN-IDD),

    F. A. Zadeh, A. Civciss, V . Ravihansa, C. Sandeepa, and M. Liyanage, “Descriptor: 5G open radio access network multi-modal intrusion detection dataset (NetsLab-5GORAN-IDD),”IEEE Data Descriptions, vol. 2, pp. 348–357, 2025

    2025

  62. [62]

    Machine learning-driven anomaly detection for 5G O-RAN performance metrics,

    B. Azkaei, K. C. Joshi, and G. Exarchakos, “Machine learning-driven anomaly detection for 5G O-RAN performance metrics,” inProc. IEEE Conf. Comput. Commun. Workshops (INFOCOM WKSHPS), May 2025, pp. 1–6

    2025

  63. [63]

    Big data-driven anomaly detection in cellular networks,

    B. Hussain, Q. Du, and P. Ren, “Big data-driven anomaly detection in cellular networks,” inProc. IEEE/CIC Int. Conf. Commun. China (ICCC), Qingdao, China, 2017, pp. 1–6. 29

    2017

  64. [64]

    Semi-supervised learning based big data-driven anomaly detection in mobile wireless networks,

    B. Hussain, Q. Du, and P. Ren, “Semi-supervised learning based big data-driven anomaly detection in mobile wireless networks,”China Communications, vol. 15, no. 4, pp. 41–57, Apr. 2018

    2018

  65. [65]

    Deep learning-based big data- assisted anomaly detection in cellular networks,

    B. Hussain, Q. Du, and P. Ren, “Deep learning-based big data- assisted anomaly detection in cellular networks,” inProc. IEEE Global Commun. Conf. (GLOBECOM), Abu Dhabi, UAE, 2018, pp. 1–6

    2018

  66. [66]

    Call detail records driven anomaly detection and traffic prediction in mobile cellular networks,

    K. Sultan, H. Ali, and Z. Zhang, “Call detail records driven anomaly detection and traffic prediction in mobile cellular networks,”IEEE Access, vol. 6, pp. 41 728–41 737, 2018

    2018

  67. [67]

    Insight into anomaly detection and prediction and mobile network security enhancement leveraging K-means cluster- ing on call detail records,

    Z. Aziz and R. Bestak, “Insight into anomaly detection and prediction and mobile network security enhancement leveraging K-means cluster- ing on call detail records,”Sensors, vol. 24, no. 6, pp. 1–18, 2024

    2024

  68. [68]

    Modeling voice traffic patterns for anomaly detection and prediction in cellular networks based on CDR data,

    Z. Aziz and R. Bestak, “Modeling voice traffic patterns for anomaly detection and prediction in cellular networks based on CDR data,”IEEE Trans. Mobile Comput., vol. 23, no. 12, pp. 13 131–13 143, Dec. 2024

    2024

  69. [69]

    Mobile network data synthesis with generative AI: Challenges and solutions,

    S. Duan, Y . Zhang, F. Lyu, C. Zhou, and X. Shen, “Mobile network data synthesis with generative AI: Challenges and solutions,”IEEE Commun. Mag., vol. 63, no. 12, pp. 172–178, 2025

    2025

  70. [70]

    A survey on deep learning approaches for tabular data generation: Utility, alignment, fidelity, privacy, diversity, and beyond,

    M. C. Stoian, E. Giunchiglia, and T. Lukasiewicz, “A survey on deep learning approaches for tabular data generation: Utility, alignment, fidelity, privacy, diversity, and beyond,”Trans. Mach. Learn. Res. (TMLR), 2026. [Online]. Available: https://openreview.net/forum?id= RoShSRQQ67

    2026

  71. [71]

    Advancing predictive security for con- sumer applications in beyond 5G/6G networks with annotated datasets,

    G. Xylouris, A. Vekraki, M. Christopoulou, M.-A. Kourtis, E. K. Markakis, and P. Trakadas, “Advancing predictive security for con- sumer applications in beyond 5G/6G networks with annotated datasets,” IEEE Transactions on Consumer Electronics, vol. 71, no. 3, pp. 1–10, May 2025

    2025

  72. [72]

    Next-generation security in the 6G era: The role of AI in safeguarding future networks,

    R. Kumar, J. Dutta, N. Vamsi, U. Sankararao Varri, and D. Puthal, “Next-generation security in the 6G era: The role of AI in safeguarding future networks,”IEEE Access, vol. 14, pp. 17 347–17 380, 2026

    2026

  73. [73]

    Deep learning for anomaly detection: A review,

    G. Pang, C. Shen, L. Cao, and A. V . D. Hengel, “Deep learning for anomaly detection: A review,”ACM Comput. Surv., vol. 54, no. 2, Mar. 2021

    2021

  74. [74]

    A survey on intrusion detection system: Feature selection, model, performance measures, application perspective, challenges, and future research directions,

    A. Thakkar and R. Lohiya, “A survey on intrusion detection system: Feature selection, model, performance measures, application perspective, challenges, and future research directions,”Artif. Intell. Rev., vol. 55, no. 1, pp. 453–563, Jan. 2022. [Online]. Available: https://doi.org/10.1007/s10462-021-10037-9

    work page doi:10.1007/s10462-021-10037-9 2022

  75. [75]

    Anomaly detection: A survey,

    V . Chandola, A. Banerjee, and V . Kumar, “Anomaly detection: A survey,”ACM Comput. Surv., vol. 41, no. 3, Jul. 2009

    2009

  76. [76]

    A survey on security and privacy of federated learning,

    V . Mothukuri, R. M. Parizi, S. Pouriyeh, Y . Huang, A. Dehghantanha, and G. Srivastava, “A survey on security and privacy of federated learning,”Future Gener. Comput. Syst., vol. 115, pp. 619–640, Feb. 2021

    2021

  77. [77]

    Devel- oping realistic distributed denial of service (DDoS) attack dataset and taxonomy,

    I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Devel- oping realistic distributed denial of service (DDoS) attack dataset and taxonomy,” inProc. Int. Carnahan Conf. Security Technol. (ICCST), Chennai, India, 2019, pp. 1–8

    2019

  78. [78]

    UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),

    N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” inProc. Military Commun. Inf. Syst. Conf. (MilCIS), Canberra, ACT, Australia, 2015, pp. 1–6

    2015

  79. [79]

    Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset,

    N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, “Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset,”Future Gener. Comput. Syst., vol. 100, pp. 779–796, Nov. 2019

    2019

  80. [80]

    Multi-layered intrusion detection and prevention in the SDN/NFV enabled cloud of 5G networks using AI-based defense mechanisms,

    I. H. Abdulqadder, S. Zhou, D. Zou, I. T. Aziz, and S. M. A. Akber, “Multi-layered intrusion detection and prevention in the SDN/NFV enabled cloud of 5G networks using AI-based defense mechanisms,” Comput. Netw., vol. 179, no. 107364, Oct. 2020

    2020

Showing first 80 references.