The effectiveness and efficiency of 5G software stack vulnerability and unintended behavior detection are essential for 5G assurance, especially for its applications in critical infrastructures. Scalability and automation are the main challenges in testing approaches and cybersecurity research. In this paper, we propose an innovative approach for automatically detecting vulnerabilities, unintended emergent behaviors, and performance degradation in 5G stacks via run-time profiling documents corresponding to fuzz testing in code repositories. Piloting on srsRAN, we map the run-time profiling via Logging Information (LogInfo) generated by fuzzing test to a high dimensional metric space first and then construct feature spaces based on their timestamp information. Lastly, we further leverage machine learning-based classification algorithms, including Logistic Regression, K-Nearest Neighbors, and Random Forest to categorize the impacts on performance and security attributes. The performance of the proposed approach has high accuracy, ranging from $ 93.4 \% $ to $ 95.9 \% $, in detecting the fuzzing impacts. In addition, the proof of concept could identify and prioritize real-time vulnerabilities on 5G infrastructures and critical applications in various verticals.

翻译：5G软件协议栈漏洞及非预期行为检测的有效性与效率对5G保障至关重要，尤其在其应用于关键基础设施的场景下。可扩展性与自动化是测试方法与网络安全研究面临的主要挑战。本文提出一种创新方法，通过代码仓库中模糊测试生成的运行时剖像文档，自动检测5G协议栈中的漏洞、突现非预期行为及性能退化。以srsRAN为试验平台，我们首先将模糊测试生成的日志信息映射至高维度量空间，进而基于时间戳构建特征空间。最后，采用逻辑回归、K近邻与随机森林等基于机器学习的分类算法，对性能与安全属性的影响进行归类。该方法在检测模糊测试影响时具有93.4%至95.9%的高准确率。此外，该概念验证方案能够识别并优先处理5G基础设施及多领域关键应用中的实时漏洞。