5G Communication Network Attack Prevention Using SDN Technology under Internet of Things

the purpose is to guarantee the security of 5G (5-Generation Mobile Networks) technology in IoT (Internet of Things) environment, and improve the ability of wireless network communication to resist attacks. First, in terms of attack prevention, the 5G network security structure is proposed to replace the plaintext information commonly used in the original system with Ciphertext based on SDN (Software Dened Networking), thereby alleviating the security risks of the data dimension. Second, concerning attack detection, the signal is identied by using the imperfections and differences of equipment manufacturing based on the above security structure, preventing the attacker from further harming the sensitive data leaked. It is found that the SDN-based 5G network attack prevention scheme avoids the centralized exposure of sensitive data, improves security, reduces computational overhead, and simplies encryption logic. Without affecting the bandwidth, the existing 5G network system is greatly prevented from network attacks. The detection mechanism is not limited by the low-dimensional feature space, and has strong robustness and stability. It can effectively detect the network attacks that 5G network systems are suffering. This study provides an important reference for the protection of 5G communication network attacks under IoT.

Vinodha proposed a new data transmission planning for WSN (Wireless Sensor Networks) based on elliptic curve cryptography and homomorphic encryption. The encryption scheme uses a genetic algorithm to construct the best network structure in cluster form [19]. Baek established a new wireless network transmission data sWIFI algorithm to cut the energy consumption of the network by using homomorphic encryption technology. The sWIFI algorithm has a higher performance than HMAC (Hash Message Authentication Code) cipher algorithm [20]. Wang put forward a location-based data encryption scheme for wireless sensor networks. The scheme can only complete key updates through conversion, but it cannot resist the DoS (Disk Operating System) attack [21]. Vivekrabinson suggested a secure data exchange scheme for wireless fault-tolerant networks based on attribute encryption. The scheme makes the content data only accessed by authorized nodes and authenticated by routing messages [22]. Jerbi made a new data encryption transmission scheme, which adopts lightweight encryption technology to make multiple sensor nodes cooperate to encrypt and transmit data, thus reducing the load of a single sensor node and ensuring communication security [23]. Zhang gave a lightweight block cipher scheme under chaos mapping and genetic operation, which uses elliptic curve points to prove communication nodes, which is 9 times faster than led protocol [24].

C. A Review of Related Research Issues
As a whole, the existing solutions only use a single method to protect the traditional network or detect or prevent 5G network communication security, and there are still some problems in actual use. To overcome the shortcomings of the existing research, a comprehensive 5G network security protection scheme is proposed from the following two aspects. First, a 5G network security structure based on SDN (Software De ned Networking) is designed for 5G network attack prevention, and it can prevent the network attack through establishing a data encryption authentication mechanism between the control layer and the data transmission layer. This method can decrease the possibility of attacks, while the transmission overhead is small, and does not affect the existing network bandwidth. Second, a network attack detection mechanism based on RF ngerprint is proposed for 5G network attack detection based on the above network security structure. The method can reduce the security risk of 5G network system effectively, and has great application prospects.

Iii. Construction And Analysis Of The Model
A. Component Deployment of Network Security Architecture According to the 5G business scenario requirements and the trend of technology development, the communication security of the 5G network system should be ensured, and the exible deployment of 5G network function, the network scalability and programming, and low cost and low energy consumption should be achieved before a new 5G network security structure is designed [25]. A 5G network security structure based on SDN is put forward. As shown in Figure 1, there are three layers in the structure, which are application layer, control layer, and data transmission layer. A new SecE (Security Entity) is added to the control layer as the control entity to control SecE and other security functions, protect the hash table and seed of all devices, and offer encryption authentication during data transmission [26]. This structure not only reduces the operation and maintenance cost of the 5G network, but also prevents the data leakage caused by network attacks when the equipment and users communicate in different scenarios [27].
The application layer is composed of end-user business applications and other control entities. The control layer includes logically centralized controllers, which perform uni ed control functions. A distributed security gateway is an intermediate device between the control layer and the data transmission layer. The lowest data transmission layer contains a wireless access network and a core transmission network [28].

B. Authentication strategy of data encryption
The authentication mechanism of data encryption has 2 endpoints. The left end is SDN device, which is equivalent to a switch controlled by SDN. The key storage in each device is composed of three parts. The key is randomly generated. Whenever the device requests to establish a communication channel, it will regenerate a new key [29]. After the device authentication is completed, the back end will generate a new key and reload it into the device. The degree difference of authentication adaptive node is Di, the residual node energy is ηi, and the node motion similarity is Mi. The equation of the weight of the model is as follows: i can be taken as 1,2,…m. w is the weight of the parameter, q is the reference factor, and When w 1 + w 2 + w 3 = 1, the outage probability p is determined by the equation in the core network: Radius is a function of the total energy E, which is consumed by the network in data collection: If there are n nodes, the average node degree is as follows: The degree difference of adaptive nodes is obtained by subtracting the degree of each sub-node from the degree of the average node: In the core network, the smaller degree difference of the node is, the worse the degree of the adaptive node is: To calculate the residual energy of nodes, the initial energy of the network is set as E and the residual energy is Es. When the node has a non-cluster head, the energy consumption per unit time is e1. When the node has a cluster head, the energy consumption per unit time is e2. Therefore, the equation of the residual energy of the node is as follows (14): In the equation, i is the number of the nodes having non-cluster head, D ni is the degree of the node acting as non-cluster head for the i-th times, and t i is the time of the nodes acting as non-cluster head; j is the times of the nodes acting as the cluster head, D nj is the degree of the nodes acting as the cluster head, and t j is the time of the nodes acting as the cluster head for the i-th times. Thus, in each round of cluster head election, the e ciency equation is as follows: The average velocity difference equation is as follows: Therefore, the difference of the average speed is: Then the variance of velocity difference between adjacent nodes on the x-axis and y-axis is: Therefore, the variance between A and adjacent nodes can be expressed as: Therefore, the motion similarity equation is as follows:

C. Authentication Mechanism Interaction of Data Encryption
As shown in Figure 2, the switch rst sends the authentication request M1 to SecGW. And M1 consists of two parts: the unique ID and the preloaded hash table Hi provided by the back end. Finally, SecGW forwards the authentication message to DPS (Damage per Second) [30]. If DPS passes the authentication, it will update its key and allow communication between control layer devices. If DPS fails, it will not perform any action or make another request. The speci c equation of the weight of document i in service node k is as follows: As shown in Figure 3, information interaction of control layer devices is established between DPS1 and DPS2. DPS1 rst sends the request M1 to DPS2, which is composed of the device ID and relevant hash value. After the request from DPS1 is received, DPS2 sends the authentication request REQ to SecGW. SecGW sends the authentication message ACK (Acknowledge Character) associated with DPS1 AND DPS2 TO DPS2. If the request passes the authentication, DPS2 sends the authentication message M2 to DPS1. If one of the DPS fails, they will no longer perform any operations [31].

D. Experimental Deployment and Performance Analysis
To verify the feasibility and security of the proposed authentication mechanism of data encryption, the network simulator Mininet is used to simulate the 5G network experiment scenario. The scheme uses four laptops and two Ethernet hubs on the test bench. OpenVSwitch version 1.10.0 is installed on every laptop. As shown in Figure 4, the scheme uses a virtual machine to simulate the host. One of the laptops acts as the SDN controller, and the POX controller runs on this laptop. The other three laptops are connected through two D-LINKDSR-250N routers. According to the experimental scenario, the attacker is connected to each hub.
There are 5 hosts in the sparse networks, 50 hosts in the medium networks, and 500 hosts in the dense network. The connection outage rate is used to evaluate the performance of the scheme. The connection outage rate is the most important index when the network is attacked. The spatial modeling equation is as follows: H(u(t + r)) = A(d)(1 + pow(u(t + r)))e i ( w + Δw ) ( t + r )

22
A(d) is not just a constant, pow(u(t + r) i ( w + Δw ) ( t + r ) is an amplitude nonlinear term, and H(u(t + r))is a phase nonlinear term. The received signal C can be expressed as: 23 t is the time, r is the transmission path, and u is the transmission energy. The connection interruption rate of the experiment is expressed as follows: r = num dis /100 24 num dis is the number of times the connection is interrupted in the simulation. The similarity is used for analysis, and the calculation is as follows: V pred is the RF (Radio Frequency) signal output by the prediction device and V true is the RF signal output by the device. The most advanced TFSv1 and SDSecurity are compared to explore their performance. TFSV1 is commonly used in the commercial SDN, but it is usually subjected to the above three attacks due to the lack of authentication.

Iv. Results Of The Performance Test Of The Model
Page 10/24 A. Spoo ng Simulation of IP Address As shown in Figure 5, the result of disconnection rate under the spoo ng of IP address is achieved. The number of attacks is slowly adjusted from 0 to 500, and the disconnection rate is recorded to test the feasibility of the scheme. When the number of attacks is 500, the disconnection rate is less than 0.1%. Figure 6 shows that the connection interruption rate of Robust, TFSv1, and SDSecurity is increasing with the increase of the number of attacks. The disconnection rate of Robust is very low. Even if the attacks is 500, the maximum disconnection rate of Robust is still lower than 0.01%, which is much less than that of TFSv1 and SDSecurity. With the increase of the number of hosts, SDSecurity will experience a great loss. The disconnection rate of Robust does not change much. Under the interference of the spoo ng of IP address, the performance of Robust is much better than that of the existing schemes.
B. MITM Attack Simulation Figure 7 shows the simulation results under MITM (Man-in-the-MiddleAttack). Similar to the simulation in the spoo ng of IP address, the number of attacks is slowly adjusted from 0 to 500, and the related disconnection rate is recorded. When the number of attacks reaches 500, the disconnection rate is less than 0.1%. Figure 8 shows that when the host is medium, the disconnection rate of Robust is still lower than 0.01%, which is much better than that of TFSv1 and SDSecurity. Due to the lack of authentication in TFSv1 communication, the performance of TFSv1 decreases greatly with the increase of attacks. For SDSecurity, if it is used in dense scenes, its performance will still degrade a lot and it cannot be used in large scenes. These observations show that the scheme has better performance in detecting MITM.
C. Replay Attack Simulation Figure 9 shows the simulation result under replay attack. The attacker steals the information between the devices in the control layer and records the messages from the devices, and then makes the attacker repeat the messages to the SecE. When the number of attacks reaches 500, the disconnection rate is less than 0.1%.
As shown in Figure 10, Robust has the lowest disconnection rate under replay attack. Under these three attacks, the disconnection rate of this scheme is less than 0.01%, which is the lowest of the three security architectures. For the other two architectures, the disconnection rate of TFSv1 is about 75%, and that of SDSecurity is 8%. Although the disconnection rate of SDSecurity is relatively low and at the medium level, its performance will degrade a lot in dense scenarios, and the disconnection rate increases as high as 73%. It is concluded that the scheme can meet the requirements of commercial use.
D. Results of Accuracy Test Figure 11 shows that the accuracy of the proposed method is more than 90%. And the accuracy of PARADIS, FBSleuth, and SP decreases from 97-88%, 93-75%, and 92-37%, respectively. This shows that the scheme overcomes the problem of insu cient robustness of the authentication of another physical layer.
As shown in Figure 12, PLF (Physical Layer Function) has good stability. At the same time, the FNR (False Negative Rate) of PLF is close to the FPR (False Positive Rate), which is usually called equal error rate in the training model. The closer the two probabilities are, the more effective the parameter threshold selection is and the higher the overall recognition ability of the mechanism is. This shows that the threshold selected in the experiment is very effective.

E. Training Time Analysis
As shown in Figure 13, the training time of the model largely depends on the amount of bit data. If the number of the bit data is large, the training time will be the long. Also, the accuracy is proportional to the amount of bit data. The more bit data are, the higher the accuracy is. PLF achieves more than 95% accuracy when the amount of bit data is more than 35MB, which takes less than 7 minutes. When the amount of bit data of CNN (Cable News Network) is more than 35MB, the accuracy is more than 86%, and the training time is as long as 30 minutes. Figure 15 shows that the accuracy of RNN (Recurrent Neural Network) is more than 92% when the amount of bit data is more than 35MB, but the training time is more than 30 minutes, which proves that it takes more than 30 minutes for CNN and RNN to identify 5G signals, and their accuracy is not high. Therefore, it is concluded that PLF is the most reliable authentication method for 5G devices.

V. Discussion And Analysis Of Research Results
A comprehensive communication protection scheme for the 5G network system is proposed from the perspective of network attack prevention and detection, aiming at the problem that the existing 5G network structure has no reliable encryption logic and is di cult to resist advanced network attack technology. The scheme uses the current advanced network security technology SDN to separate the control of the existing network from the data stream, so that the system users can control and observe the abnormal behavior of network transmission and effectively prevent attacks. To further improve the security of data transmission in the network structure, a new distributed security gateway is designed between the control layer and the data transmission layer, and a new encryption authentication mechanism based on cryptography is established. After SDN data communication is masked, the possibility of sensitive information leakage is further reduced and the reliability is strong. The results of the experiment show that the scheme can prevent several traditional attacks, and improve the communication security of the 5G system. Based on the network security structure, a reliable mechanism based on RF ngerprint is proposed to detect 5G network attacks from the perspective of network attack detection, which makes up for the lack of security of attack prevention scheme. Meanwhile, a mechanism of encryption attack prevention is established between the control layer and the data transmission layer  Disconnection rate under the spoo ng of IP address