Materials Today: Proceedings 81 (2023) 700–707

Contents lists available at ScienceDirect

Materials Today: Proceedings

journal homepage: www.elsevier.com/locate/matpr

Improving the state of materials in cybersecurity attack detection

in 5G wireless systems using machine learning
S. Sumathy a, M. Revathy b, R. Manikandan c,⇑
a
Assistant Professor & Head, Department of Computer Science, Sir Theagaraya College(Shift II), Chennai, India
b
Assistant Professor, Department of Computer Science, Sir Theagaraya College(Shift II), Chennai, India
c
Academic Co-Ordinator & Head, Dept. of Computer Science, The Quaide Milleth College, Chennai, India

a r t i c l e i n f o a b s t r a c t

Article history: The utilization of information from the radio channel is useful in detecting the spoofing attacksin 5G
Available online 3 June 2021 wireless communications. This concept has been used for a wide range of uses for the Internet of
Things (IoT) environment by users and their IoT devices. But how these tasks can minimise the effects
Keywords: of cyber threats in genuinely complex networks has not yet been sufficiently addressed. These are ser-
Internet of Things (IoT) iously exposed, as is the case with 5G broadband networks due to a wide variety of technology at various
5G abstract stages. As 5G IoT is the 5G environment, including the IoT background, in this article, we are an
Machine learning
artificial intelligence (AI) intended to minimise the impact of 5G IoT threats, when extended to the par-
Physical layer
ticipants involved on a number of levels.This paper uses Support Vector Machine (SVM) based PHY-layer
authentication algorithm to detect the possible security attacks in 5G wireless communication at physical
layer. It is utilized in increasing the rate of authentication with test features. The detection rate is
improved further with test statistic features. The model is implemented on multiple-input multiple-
output (MIMO) channel. The simulation results shows that the proposed method yield the high detection
rate on all attacks.
Ó 2021 Elsevier Ltd. All rights reserved.
Selection and peer-review under responsibility of the scientific committee of the International Virtual
Conference on Sustainable Materials (IVCSM-2k20).

1. Introduction A safety network framework includes a network security and con-

trol mechanism. Both computers are firewalls, antivirus and intru-
The fifth generation (5G) delivers high bandwidth, high perfor- sion detection systems (IDS). The risks to the protection of IT
mance and security standards in 3 common scenarios: enhanced networks depends on a lack of confidentiality, completeness and
mobile connectivity, wide-scale stuff web and low-latency connec- access. The right of unauthorised users to keep information private
tions [1 2]. The special situation for mobile broadband and high- is in particular a matter of secrecy which ensures that the data dis-
frequency, is used in indoor or urban environments in which closure can lead to loss of confidential care. Integrity to ensure the
wide-ranging mobile network signals are continuously secured in confidentiality of the information or resources leading to disap-
rural areas. Meantime, the 5G calls for a large range of devices pointment attacks where it is not maintained. In this scenario,
and installations to be integrated, and this is an integral necessity records or documents, and lack of data, can be changed. Flexibility
for IoT service[3]. Manual portable devices join a cellular network, assures the functioning of a system at the end of the day which can
which ensures that wireless authentication is also heavily be controlled on request; hence, operational negation can occur
employed. Therefore, lightweight networking approaches for where system availability is not guaranteed.
intensive deployment scenarios of 5G networks. For physical layer authentication, many approaches are recom-
Cybersecurity represents a set of systems and techniques mended.The channel impulse response (CIR) and received signal
intended for the avoidance, alteration or destruction of attacks strength indicator (RSSI) are found in [3-8] with channel state
and unwanted access, networks, programming and documents. information (CSI), while wireless network attacks. The method in
[9] offers a PHY-authentication to adjust the multicarrier transmis-
⇑ Corresponding author. sion. In methods [10-12] analysed channel spatial decorrelation
E-mail address: manisankar27@gmail.com (R. Manikandan). characteristics by comparing two or more frame channels and

https://doi.org/10.1016/j.matpr.2021.04.171
2214-7853/Ó 2021 Elsevier Ltd. All rights reserved.
Selection and peer-review under responsibility of the scientific committee of the International Virtual Conference on Sustainable Materials (IVCSM-2k20).
S. Sumathy, M. Revathy and R. Manikandan Materials Today: Proceedings 81 (2023) 700–707

validated the channel authentication efficiency to identify spoofing spoofing attack identification system is proposed. This is a two-
within the MIMO system.In these methods, artificial intelligence step framework where the initial phase senses the attack profile
(AI) thresholding is necessary to detect spoofing attacks. Currently and the attack profile collection, and in the final phase the profile
it is not possible to verify the threshold range accurately with low review, the objects are subject to possible attacks. It uses rough
precision. identification technique and the latter refines the objects to delete
The major contributions of this paper are summarized as actual profiles from the set of an attack profile. The decline in the
follows: incidence of false positives is important.This section addresses the
category properties of the SVM classifier. In its initial phase, the

The authors use artificial intelligence (AI) intended to minimise two stage techniques use a pruning model to solve the uneven
the impact of 5G IoT threats, when extended to the participants class problem during the SVM classification process. This process
involved on a number of levels. produces a fine tuning effect and in the final phase the target per-

This paper uses Support Vector Machine (SVM) based PHY-layer sons in the attack profile are evaluated.
authentication algorithm to detect the possible security attacks The whole process at the receiver has three elements. The initial
in 5G wireless communication at physical layer. component follows the attributes extraction using a ranking

It is utilized in increasing the rate of authentication with test matrix that ranks the extracted attributes. The goal of SVM is to
features. The detection rate is improved further with test statis- identify the ideal division between hyper-plane and two groups.
tic features. This improves the division of the attack from actual groups. If

The model is implemented on multiple-input multiple-output the sample data points are not linearlydivided, then in its input
(MIMO) channel. sample space the data points belong to two different groups.
In order to resolve the problems of non-linearity among the
classes, the study transforms the data points through nonlinear
2. System model mapping u(x) into high dimensional space. The N point(xi) in the
dataset with the data label yiis resolved using SVM that results in
In this section, we use detection model for spoofing attack in an optimization problem.
the physical layer.
As seen in Fig. 1, a MIMO-system is analysed using legal X
N

transmitter-spoof node-receiver model, where Legal transmitter

min 0:5wT w þ c ni ð1Þ
w;b;ni
i¼1
and Spoof node are legitimate NT and NR antennas. Receiver man-  
ages to spoof Legal transmitter into her persona with antennas. s.t. yi wT /ðxÞ þ b P 1  ni (2)
Their place is expected to be spatially isolated. Spoof node tracks
the peculiar existence of wireless reactions to distinguish between i ¼ 1; 2; :::N
legal transmitter signals and illegal receiver signals in order to niis the positive variables
counter this spoofing identification. This is an authentication of c is considered as the tradeoff between complexity and training
the physical layer. The precise authentication procedure for the error. Further, SVM optimization problem is resolved using the fol-
physical layer shall be as follows: signals are sent to the recipient lowing expression,
through the wireless multipath channel using pilots for estimation
of the channel response of transmitter. The data transfer requires X
N X
N
  X
N

N-frames and each frame is made up of OFDM symbols.Fig. 2. min 0:5 yi yj K xi ; xj ai aj  ai 0 6 ai 6 C ð3Þ
a
i¼1 j¼1 j¼1
Overall, if the cumulative number of user accounts is fewer, the
recommendation list would not be affected. In the other hand, once XN
the total number of user accounts is high, the recommendation list s:t: j¼1
ai yi ¼ 0 ð4Þ
is significantly updated. In spite of this, the attack profiles that
influence the list of recommendations are kept and vice versa. In where, K is considered as the kernel vector
order for the reduction of false positive rate (FPR) of these data, a
K(xi ,xj ) =<u(xi ), u(xj )> ð5Þ
<u(xi), u(xj) > is the dot product between x and y.
Dataset with Finally, for a data point x , thepredicted class is formulated as:
legal/illegal !
X
N

sample sign ai yi K ðx; xi Þ þ b ð6Þ

j¼1

By removing the irrelevant support vectors, the data points

about to get attacked are removed via SVM. Increased separation
Data pre- cap by SVM is used to detect irrelevant data points of the attack
processing profile. The precision boundary points in SVM are established
according to the genuine feature set and the assault profile. There-
fore, the data points of their respective groups are said to be dee-
per. The insignificant points have no impact on the border
Extract features between the hyperplanes.
The hyper plane separation prefers to see data points lying on
the opposite side if they are linearly splitting between two distinct
SVM classificaon groups. Thus, hyperplanes are defined by points near the hyper-
planes boundary. The lengths from the frontier are considered tri-
Fig. 1. Authentication with SVM(a) 1% spoofing attack with varying training data
vial and can be omitted from the grades. Furthermore, if on linear
size (b) 3% attack with varying training data size (c) 5% spoofing attack with training separation of training data samples a minimal tension is created,
data size (d) 7% spoofing attack with training data size. points from both groups cross tree edges from both sides. The
701
S. Sumathy, M. Revathy and R. Manikandan Materials Today: Proceedings 81 (2023) 700–707

insignificant points are then discarded with remainder for the pre- center frequency is maintained at 3.8 GHz, which is send over
paration of the SVM classification. two antennas of bandwidth 2 MHz. The entire experimental is con-
By considering points on neighbourhood boundaries, SVM ducted in Matlab environment with the plots generated with excel
raises the classification rate. Thus, the class boundaries has to be interface.
improved, and the cumulative number of neighbours is thus During simulation, the following steps are amended:
expanded. Algorithm 1 displays the proposed SVM model.
Algorithm 1: SVM The receiver is allowed to extraction the channel state informa-
tion from the legal transmitter and spoofing node using conven-
Input: Relevant Points (RP), testing set (T), Adjacent Points tional channel estimation mechanism.
(AP), Data Points (DP), minimum spanning tree (tree) and The receiver is allowed to pre-process the datasets within its
Parameter (P) threshold level i.e. [0,1] normalisation
Output: accuracy Training dataset is generated at the receiver end for the purpose
Create the initial folds using ti-Ti of classification
Create the second fold ti using tij -Tij Train the receiver to strengthen the SVM classifier using train-
For i = 1:10 do ing dataset.
For j = 1:10 do Finally, test the receiver with testing dataset
MSTij = Build tree on tij Obtain the detection rate of receiver authentication
RPij = DP in treeij of different classes
Forp = 1 : level do The proposed SVM authentication model over 5G systems is
AP = DP adjacent to RPij evaluated using three different metrics that includes accuracy,
RPij = RPij [ AP recall and false positive rate.
Endfor The recall is the ratio of total attack profiles detected with over-
For all combinations do all attack profiles in 5G systems.
SVMij = Train SVM on tij
SVM_TPij = Test Tij through SVMij no of TP
Recall ¼ ð11Þ
SVMij = Train SVM on RPij no of TP þ FN
SVM_TPij = Test tij through SVMij
The FPR is the ratio of false positive instances with total attacks
Endfor
in 5G systems.
Endfor
SVM_Pi = argmax(SVM_TPij)
SVM_Pi = argmax(SVM_TPij) no of FP
FPR ¼ ð13Þ
MSTi = Build tree on ti no of TP
RPi = adjacentDPin treei of various classes The SVM identification rate for spoofing attacks is discussed in
Forp = 1 to neighboring level do this section. The efficiency is checked by adjusting the dataset and
AP = DP adjacentto RPi the attack scale against two separate studies. By choosing 200 gen-
RPi = RPi [ AP uine profiles from the data collection, which are deemed to be gen-
Endfor uine instances, the training set is created changed. Several assaults,
SVMi = Train SVM with SVM_Pion ti which involves average attack, random assault and section attack,
SVMi = Train SVM with SVM_Pion RPi build the attack profile samples. A significant number of legitimate
Endfor profiles and attacks are retained in the training data collection. This
is achieved generally by the development of acceptable attack pro-
files of different attack sizes. The detection results are determined
about 20 times by running the detection process and the average
3. Results and discussions value of the results is finally noted. The identification items are
generated randomly when the attack profile is generated. Fig. 3
The spoofing attack detection is enable at the receiver with a indicates the retrieval rate of the detested attack model by means
legal transmitter and a spoof node considered for simulation pur- of the proposed detection model. But the attack size is identical.
pose. A rectangular cross-sectional area is used for the simulation With increasing dataset size, the reminder value increases.
which is placed with many user friendly wireless device like Fig. 3 displays the FPR of the attack-model with various attack
mobile phone, desktop and printers. The rectangular cross- and training data sizes using the suggested detection model. The
sectional area is built with refraction and scattering phenomenon FPR gates may be inferred that collapse as the attack size increases.
to induce interference in wireless channel between the legal trans- Therefore, with increasing attack sizes the reliability of the FPR is
mitter and legal receiver. The experiments are conducted in indoor decreased. Furthermore, the false positive probability reduces
and outdoor environment, while the implementation is carried out when the attack scale is the same, as the training data increases.
on USRP. The simulation takes into account 2  2 MIMO antennas It was finished that with a limited number of attack profiles the
for transmission and 8  8 MIMO antennas for reception. The false positive identification rate using the proposed approach
spoofing node is then equipped with 2  2 MIMO antennas. The was high.

702
S. Sumathy, M. Revathy and R. Manikandan Materials Today: Proceedings 81 (2023) 700–707

95
60% training set 70% training set 80% training set
90

85

80
% (Recall)

75

70

65

60
0 5 10 15 20

% (Aack size)

(a) 1% spoofing attack with varying training data size

100

95 60% training set 70% training set 80% training set

90

85
% (Recall)

80

75

70

65

60
0 5 10 15 20

% (Aack size)

(b) 3% attack with varying training data size

Fig. 2. Detection rate of SVM Authentication model at the receiver end (a) 1% spoofing attack with training data sizes (b) 3% spoofing attack with training data sizes (c) 5%
spoofing attack with training data sizes (d) 7% spoofing attack with training data sizes.

703
S. Sumathy, M. Revathy and R. Manikandan Materials Today: Proceedings 81 (2023) 700–707

98
60% training set 70% training set 80% training set
96

94

92
% (Recall)

90

88

86

84
0 5 10 15 20

% (Aack size)

(c) 5% spoofing attack with training data size

100

99 60% training set 70% training set 80% training set

98

97

96
% (Recall)

95

94

93

92

91

90
0 5 10 15 20

% (Aack size)

(d) 7% spoofing attack with training data size

Fig. 2 (continued)

704
S. Sumathy, M. Revathy and R. Manikandan Materials Today: Proceedings 81 (2023) 700–707

45

60% training set 70% training set 80% training set

40

% (False posive rate) 35

30

25

20

15
0 5 10 15 20

% (Aack size)

(a) 1% spoofing attack with training data sizes

25

60% training set 70% training set 80% training set

20
% (False posive rate)

15

10

0
0 5 10 15 20
% (Aack size)

(b) 3% spoofing attack with training data sizes

Fig. 3. FPR of SVM Authentication model at the receiver end.

705
S. Sumathy, M. Revathy and R. Manikandan Materials Today: Proceedings 81 (2023) 700–707

60% training set 70% training set 80% training set

5

% (False posive rate) 4

0
0 5 10 15 20

% (Aack size)

(c) 5% spoofing attack with training data sizes

0.38

0.36 60% training set 70% training set 80% training set

0.34
% (False posive rate)

0.32

0.3

0.28

0.26

0.24

0.22

0.2
0 5 10 15 20

% (Aack size)

(d) 7% spoofing attack with training data sizes

Fig. 3 (continued)

4. Conclusions Declaration of Competing Interest

In this paper, we use SVM based PHY-layer authentication algo- The authors declare that they have no known competing finan-
rithm to detect the possible security attacks in 5G wireless com- cial interests or personal relationships that could have appeared
munication. It is utilized at the physical layer to increase the to influence the work reported in this paper.
authentication rate with test features. The detection rate at the
receiver is improved further with test statistic features. The model
is implemented on MIMO channel. The simulation results shows References
that the proposed method yield the high performance with
[1] J. Thompson, X. Ge, H.-C. Wu, R. Irmer, H. Jiang, G. Fettweis, S. Alamouti, 5G
improved detection rate. wireless communication systems: Prospects and challenges [Guest Editorial],
IEEE Commun. Mag. 52 (2) (2014) 62–64.
[2] M. Agiwal, A. Roy, N. Saxena, Next generation 5G wireless networks: A
CRediT authorship contribution statement comprehensive survey, IEEE Commun. Surv. Tutorials 18 (3) (2016) 1617–
1655.
S. Sumathy: Workdone by Author. M. Revathy: Introduction, [3] M. Demirbas and Y. Song, ‘‘An RSSI-based scheme for sybil attack detection in
wireless sensor networks,” in Proceedings of the WoWMoM 2006: 2006
Collection of literature, Material properties, Testing, Test result International Symposium on a World of Wireless, Mobile Multimed. Networ.,
comparison. R. Manikandan: Conclusion. pp. 564–568, June 2006.

706
S. Sumathy, M. Revathy and R. Manikandan Materials Today: Proceedings 81 (2023) 700–707

[4] M. Demirbas and Y. Song, ‘‘An RSSI-based scheme for sybil attack detection in [15] Y. Shah, N. Chelvachandran, S. Kendzierskyj, H. Jahankhani, R. Janoso, 5G
wireless sensor networks,” in Proceedings of the WoWMoM 2006: 2006 Cybersecurity Vulnerabilities with IoT and Smart Societies. In Cyber Defence
International Symposium on a World of Wireless, Mobile Multimed. Network., in the Age of AI, Smart Societies and Augmented Humanity, Springer, Cham,
pp. 564–568, June 2006. 2020, pp. 159–176.
[5] D. B. Faria and D. R. Cheriton, ‘‘Detecting identity-based attacks in wireless [16] P.K. Sharma, J. Park, J.H. Park, K. Cho, Wearable Computing for Defence
networks using signalprints,” in Proceedings of the ACM Workshop on Automation: Opportunities and Challenges in 5G Network, IEEE Access 8
Wireless Security, pp. 43–52, Los Angeles, Calif, USA, 2006. (2020) 65993–66002.
[6] Y. Chen, W. Trappe, and R. P. Martin, ‘‘Detecting and localizing wireless [17] B.I. Qinbo, Z.H.A.O. Chengdong, Research and Application of 5G Cybersecurity
spoofing attacks,” in Proceedings of the 2007 4th Annual IEEE Communications Threat Modeling Based on STRIDE-LM, Netinfo Security 20 (9) (2020) 72.
Society Conference on Sensor, Mesh and Ad Hoc Communications and [18] Y. Arjoune, S. Faruque, Artificial Intelligence for 5G Wireless Systems:
Networks, SECON, pp. 193–202, San Diego, Calif, USA, June 2007. Opportunities, Challenges, and Future Research Direction. In 2020 10th
[7] N. Patwari, S.K. Kasera, Robust location distinction using temporal link Annual Computing and Communication Workshop and Conference (CCWC)
signatures, in: in Proceedings of the ACM International Conference on 2020, January, (pp. 1023-1028). IEEE.
Mobile Computing and Networking, 2007, pp. 111–122. [19] P.K. Sharma, J. Park, J.H. Park, K. Cho, Wearable Computing for Defence
[8] J.K. Tugnait, Wireless user authentication via comparison of power spectral Automation: Opportunities and Challenges in 5G Network. IEEE Access, 2020,
densities, IEEE J. Sel. Areas Commun. 31 (9) (2013) 1791–1802. 8, 65993-66002.
[9] Z. Jiang, J. Zhao, X. Li, J. Han, and W. Xi, ‘‘Rejecting the attack: Source [20] M. Bartock, J. Cichonski, M. Souppaya, 5G Cybersecurity: Preparing a Secure
authentication for Wi-Fi management frames using CSI Information,” in Evolution to 5G (pp. 24-24). National Institute of Standards and Technology,
Proceedings of the IEEE INFOCOM 2013 - IEEE Conference on Computer 2020.
Communications, pp. 2544–2552, Turin, Italy, April 2013. [21] A.M. Barani, R. Latha, R. Manikandan, Implementation of Artificial Fish Swarm
[10] X. Wu, Z. Yang, Physical-layer authentication for multi-carrier transmission, Optimization for Cardiovascular Heart Disease, Int. J. Rec. Technol. Eng.
IEEE Commun. Lett. 19 (1) (2015) 74–77. (IJRTE) Vol. 08, No. 4S5 (2019) 134–136.
[11] S. Chen et al., ‘‘Machine-to-Machine communications in ultra-dense [22] R. Manikandan, Dr.R. Latha, ‘‘A literature survey of existing map matching
networks—A survey,” IEEE Communications Surveys & Tutorials, vol. 1, no. 1, algorithm for navigation technology. Int. J. Eng. Sci. Res. Technol.”, 2017, 6(9),
99 pages, 2017. 326-331.Retrieved September 15, 2017.
[12] L. Xiao, L.J. Greenstein, N.B. Mandayam, W. Trappe, Channel-based detection of [23] R. Sathish, R. Manikandan, S. Silvia Priscila, B. V. Sara and R. Mahaveerakannan,
sybil attacks in wireless networks, IEEE Trans. Inf. Forensics Secur. 4 (3) (2009) ‘‘A Report on the Impact of Information Technology and Social Media on
492–503. Covid–19,” 2020 3rd International Conference on Intelligent Sustainable
Systems (ICISS), Thoothukudi, India, 2020, pp. 224-230, doi: 10.1109/ICIS
S49785.2020.9316046.
Further reading [24] R. Manikandan, R. Latha, C. Ambethraj (1). An Analysis of Map Matching
Algorithm for Recent Intelligent Transport System. Asian J. Appl. Sci., 5(1).
[13] H. Wen, P.-H. Ho, C. Qi, G. Gong, Physical layer assisted authentication for Retrieved from https://www.ajouronline.com/index.php/AJAS/article/view/
distributed ad hoc wireless sensor networks, IET Inf. Secur. 4 (4) (2010) 390– 4642.
396.
[14] W. Serrano, The Blockchain Random Neural Network for cybersecure IoT and
5G infrastructure in Smart Cities, J. Network Comput. Appl. 175 (2021)
102909, https://doi.org/10.1016/j.jnca.2020.102909.

707