AI-Assisted Security: Creating New Network Defense Strategy with Self-Perception, Self-Diagnosis, and Self-Adjustment

With the rapid development of network technologies and the proliferation of attack techniques, artificial intelligence (AI) has gradually become crucial in the field of network security to address increasingly complex security threats. In comparison with manual operations mostly based on individual experience and skills, AI offers distinct advantages in network security. Currently, ZTE is actively incorporating AI technologies into its network security solutions and continuously exploring and leveraging their advantages to maximize defense against increasingly complex network attacks and threats in new situations.

After years of dedicated development, AI has played an important role in ZTE’s products and network security solutions, enabling features such as intelligent O&M control, automatic data configuration, endogenous security, and pseudo base station detection.

Intelligent O&M Control: Minimizing Human Errors

Network O&M involves numerous complex and high-risk operations, occasionally resulting in security incidents due to incompetence, manual negligence, or malicious intention. To effectively address such incidents caused by human error, ZTE has innovatively developed the iNet system, harnessing digitalization and AI technologies (Fig. 1). This transformation shifts operational status from "offline" to "online" and transitions from "human-reliant control" to "machine-reliant control". By establishing a unified operation platform and entry, the iNet system not only avoids siloed operations but also enhances network security capabilities, including standardizing operations, preventing unauthorized activities, intercepting high-risk operations, and facilitating auditing, through digitization of the entire operational process before, during, and after operations. The iNet system also uses identity authentication, APP verification codes, permitted operation periods, whitelisted tools, and automatic interception of high-risk instructions to ensure that only the "right person" can perform "right operations" at the "right time" based on the "right task". Additionally, the system supports security traceability through automatic screen recording and operation log collection to record all activities.

Digital Robots: Improving Configuration Efficiency and Reducing Human Errors

To address issues such as low efficiency and accuracy caused by extensive manual parameter settings in complex network construction, ZTE has launched a robot solution aimed at implementing automatic, collaborative, and efficient configuration of advanced wireless base station devices (Fig. 2). The configuration data and key parameters modules of the robot facilitate rapid and accurate extraction of intricate network data, thereby adequately preparing for subsequent network design and planning. Addressing challenges such as time-consuming manual configurations and frequent human errors, the robot provides functionalities like automatic topology planning and template filling for base stations. Additionally, to facilitate base station monitoring, the robot offers a visual monitoring solution incorporating key alarms and indicators. With the widespread deployment of robots, manual operations are greatly reduced, leading to Zero-Wait-Time-and-Zero-Error service experience, and significantly improving the deployment efficiency of communication networks.

Endogenous Security: Prompt Threat Monitoring and Isolation

The overall endogenous security-based attack perception framework of ZTE 5GC product is as shown in Fig. 3. This framework comprises two key components: attack perception center and micro-isolation policy management center. The attack perception center provides the intra-NE attack perception function to promptly detect various abnormal behaviors within the NE. Moreover, employing the attack perception center enables lighter attack perception components, better meeting carrier-class requirements for high performance and high reliability. The micro-isolation policy management center supports the micro-isolation function, marking locations of compromised hosts and suspected ones, persistently conducting real-time monitoring of threat scopes, and subsequently issuing alarms and recording logs. After manual correction, fine-grained security access control is further implemented on the previously identified abnormal ports and connections.

Pseudo Base Station Detection: Ensuring Reliable Service Operations

Pseudo base stations, deployed by malicious attackers, pose prevalent threats in many countries. These devices act as legal mobile base stations to steal subscribers’ communication data, track locations, and carry out phishing attacks. Pseudo base stations not only compel mobile subscribers to disconnect from the original public mobile communication network but also disseminate false information to the public, disrupting social order and potentially endangering national security. Leveraging the unique features of pseudo base stations, ZTE has devised a detection scheme to collect and analyze abnormal and associated information, triggered correspondingly (Fig. 4). This scheme enables the determination of pseudo base station locations and relevant details based on the affected real cells/UEs, and presents this information geographically. Consequently, pseudo base stations can be accurately identified and located. Furthermore, the identified pseudo base stations are added to a blacklist to mitigate their impact on services.

As security threats become increasingly complex and the conflict between attacks and defenses intensifies, AI offers innovative ideas and methods to efficiently ensure network security. Its unique ability to automatically learn, monitor, analyze, diagnose, adjust, and adapt maintains strong momentum in its development within the network security field.

In the future, ZTE will attach more importance to network security management, coordinated defense, and personalized security protection as AI is gradually incorporated into the entire network life cycle. Also, ZTE will work with network operators to enhance security assurance capabilities more intelligently.