Network Management Research Group H-K. Kim Internet-Draft M-S. Kim Intended status: Informational SANGMYUNG UNIVERSITY Expires: 10 January 2024 July 2023 Native Network Management using Artificial Intelligence over an Adaptive B5G Network draft-kim-nmrg-2nmai5g-00 Abstract This document is derived from artificial intelligence (AI) network and autonomous security, network management intend-based technology to ensure constant security quality in B5G. SOAR (Security Orchestration Automation and Response) is needed by autonomous security and network management to optimize an adaptive B5G network. The purpose of this document is to confirm whether the requirements are reflected future users and developed to identify users provided by useful decisions on how to develop the system. This document also covers the user requirements for autonomous security and intend-based network management to ensure constant security quality on B5G. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 2 January 2024. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Kim & Kim Expires 10 January 2024 [Page 1] Internet-Draft draft-kim-nmrg-2nmai5g-00 July 2023 Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Convention and Terminology . . . . . . . . . . . . . . . . . 3 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Terminology and Abbreviations Theorem . . . . . . . . . . 3 3.2. Autonomous Network . . . . . . . . . . . . . . . . . . . 4 4. Design of AI-based 6G Autonomous Security Control Model and Framework Structure . . . . . . . . . . . . . . . . . . . 5 4.1. Model and framework structure for SBA structure linkage . . . . . . . . . . . . . . . . . . . . . . . . . 5 4.2. Model and framework structure for SBMA structural linkage . . . . . . . . . . . . . . . . . . . . . . . . . 5 4.3. Model and framework structure for AI-Enabled network structural linkage . . . . . . . . . . . . . . . . . . . 6 4.4. NWDAF (Network Data Analytics Function) . . . . . . . . . 6 4.5. Management for other Standardization . . . . . . . . . . 7 5. B5G Native Network Management based on SOAR . . . . . . . . . 8 5.1. Purpose of B5G Native Network Management Framework . . . 8 5.2. Scope of B5G Native Network Management . . . . . . . . . 9 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 8. Informative References . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 1. Introduction In order to respond to large-scale attacks on B5G communication infrastructure based on hyper-performance, hyperspace, the advanced security threats targeting new convergence services and intended super-trust-based security technology. It can ensure constant security throughout B5G infrastructure and relate to the foundational aim to acquire skills. For native network management to optimize an adaptive B5G network based on SOAR, there are a lot of research fields to secure intent-based super-trust security skills and the related technology such as vulnerability analysis and security threat modeling to provide super-reliable infrastructure for B5G network, AI-based autonomous security and control framework to provide safe new convergence services in B5G, B5G-based station security to ensure availability of 3D mobile communication and quantum security technologies (PQC, QKD) of conversion methodology for B5G encryption system application. Kim & Kim Expires 10 January 2024 [Page 2] Internet-Draft draft-kim-nmrg-2nmai5g-00 July 2023 2. Convention and Terminology The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119. 3. Background 3.1. Terminology and Abbreviations Theorem SDAF: Security Data Analytics Function SBA: Service-Base Architecture SBI: Service-Based Interface NWDAF: Network Data Analytics Function AF: Application Function AMF: Access and Mobility Management Function AOI: Area of Interest ML: Machine Learning MTLF: Model Training Logical Function PCF: Policy Control Function UPF: User Plane Function SMF: Session Management Function NF: Network Function UE: User Equipment gNB: gNodeB SBMA: Service-Based Management Architecture SIEM: Security Information and Event Management SOAR: Security Orchestration, Automation, and Response AnLF: Analytics Logical Function Kim & Kim Expires 10 January 2024 [Page 3] Internet-Draft draft-kim-nmrg-2nmai5g-00 July 2023 MTLF: Model Training Logical Function 3.2. Autonomous Network The autonomous network concept is defined differently depending on the standardization organization, and these contents are as follows. 3GPP: SON (Self-Organizing Networks) ETS/ITU-T/GSMA: Autonomous Network ETSI: ZSM (Zero touch network and Service Management) Hauwei: AND (Autonomous Driving Network) Juniper: SDN (Self-Driving Network) Cisco: DNA (Digital(Data) Network Architecture) Ericson: ZTN (Zero Touch Network) Autonomous network levels can also be divided into six different levels. Level 0 - Manual Network: The system is supported by a monitoring function to manually execute dynamic tasks (SNMP, CLI) Level 1 - Assisted Network: The system executes specific and repetitive subtasks that are preconfigured to increase execution efficiency (Tack-Centric) Level 2 - Partial Autonomous Network: The system enables closed-loop O and M for specific devices based on AI models in specific external environments (Node-Centric) Level 3 - Conditional Autonomous network: L2-based system has functions to detect real-time environment change, specific network domain, and intention device. Semi-closed loop management is possible to optimize and adjust to the external environment (Service- Centric) Level 4 - Highly autonomous Network: L3-based system has capabilities of service- and customer-experience-centric in a more complex cross- domain environment. It can analyze and make decisions based on predictive or active closed-loop management of the network(User- Centric) Kim & Kim Expires 10 January 2024 [Page 4] Internet-Draft draft-kim-nmrg-2nmai5g-00 July 2023 Level 5 - Fully autonomous network: The system is a fully autonomous network with multi-services, multi-domains, and full lifecycle (Value-Centric) 4. Design of AI-based 6G Autonomous Security Control Model and Framework Structure There are three candidates selected by conceptual design, analyzing 5G System Architecture for AI-based 6G autonomous security control model and framework defined by the 3GPP Standardization Organization. (1) Model and framework structure for SBA structure linkage (2) Model and framework structure for SBMA structural linkage (3) Model and framework structure for AI-Enabled network structural linkage 4.1. Model and framework structure for SBA structure linkage In this study, we aim to design at the NF level to internalize an AI- based autonomous security control model in the SBA structure of 5G System Architecture. There are 11 major NFs of SBA such as AMF, SMF, UPF, NSSF, NEF, NRF, PCF, UDM, UDR, and NWDAF. Among the NFs constituting SBA, NWDAF is used and analyzed NF that utilizes intelligent technologies such as AI for network operation. The NWDAF is selected as a reference model to design AI-based security analysis functions using network data. 4.2. Model and framework structure for SBMA structural linkage The SBMA structure defined by 3GPP into account is the Management Plane in the SBA structure. The prior study was designed by setting the SBA structure considering the control plane and the user plane. We will analyze MDAS or MDAF in the SBMA structure and conduct research and conceptual design in consideration of security management in the future. TBD Kim & Kim Expires 10 January 2024 [Page 5] Internet-Draft draft-kim-nmrg-2nmai5g-00 July 2023 4.3. Model and framework structure for AI-Enabled network structural linkage This structure aims to the conceptual design of element technology for an AI-based autonomous security control model over the 6G networks. AI-Enabled Network is designed using SBA's AI-based NWDAF. Since NWDAF is an NF that analyzes network data for network operations, it seems necessary for Security NF of security analysis. SDAF is designed and analyzed using the NWDAF Wrapper method for AI- based security of NF. NWDAF is an analysis of NF using AI and it can consist of logical functions (AnLF and/or MTLF). It is also the conceptual design of elemental technology for security intelligence with the two functions of security internalization (NWDAF and SDAF). It can need an AI Model Training for security intelligence. The following shows the structure according to two candidate designs and the proposed model. TBD 4.4. NWDAF (Network Data Analytics Function) NWDAF is one of the network functions located on the control plane in the SBA structure of 5GC. It is based on 5G Core, MEC (Cloud), and user equipment (UE) in edge networks. It is also used with data collection and data analysis depending on the application function (AF) and Operations and Administration Maintenance(OAM). The purpose of NWDAF is to simplify the complexity of interfacing with 5GC and 3rd analytic solution providers. 5GC-related data in NWDAF is collected with 5G network data and the data can be analyzed by machine learning and statistical analysis. The analyzed result data is provided to other 5G core network functions to optimize each network function and to improve performance as its main function. Kim & Kim Expires 10 January 2024 [Page 6] Internet-Draft draft-kim-nmrg-2nmai5g-00 July 2023 +----+ +NF-1+----------------+--------------------+ +----+ +----+ + NWDAF +-------------+NF-1+ +-------------+ +-----+ + + +----+ + Untrusted AF+---+NEF-1+--+ + +-------------+ +-----+ + +--------------+ + +-----+ +----------+ + +analytic Model+ +-------------+NEF-1+ +Trusted AF+---------------+ +(Static, + + +-----+ +----------+ + + algorithm)-3 + + +-----+ + +--------------+ +-------------------+ +UDR-1+---------------+ + +-----+ + + +-----+ +-----+ + +-------------+OAM-2+ +OAM-2+---------------+ + +-----+ +-----+ +--------------------+ ---------------------------------------------------------------------------- ................................................. . 1: Core NF 2: Network Management . . 3: Proprietary Function . ................................................. Figure 1: NWDAF Architecture Overview NWDAF +--------------------+ +--------------------+ + AnLF + + MTLF + + (Analytics + + (Model Training + + Logical Function + + Logical Function) + +--------------------+ +--------------------+ Figure 2: Logical Function (AnLF and/or MTLF) Structure of NWDAF 4.5. Management for other Standardization NFV (Network Functions Virtualization) Management and NFVO (NFV Orchestration): Identify network function (NF) lifecycle management procedures in virtualized environments OSM (Open Source MANO): E2E Network Service Orchestrator (NFV + Slice + Cross Domain) MEC (Multi access Edge Computing) Management, F5G (Fifth Generation Fixed Network) Kim & Kim Expires 10 January 2024 [Page 7] Internet-Draft draft-kim-nmrg-2nmai5g-00 July 2023 ENI (Experiential Networked Intelligence): (a)Cognitive Netwok Management architecture using AI and Context aware Polices (b)Method to add intelligence to legacy systems (c)Method between API Broker layer and Legacy System (OSS/BSS, NF, User, etc. and ENI system) ZSM (Zero Touch Network and Service Management): (a)Fully Autonomous Management and Operations Framework level (b)Management Services of Domain, Unified Fabric and Cross Domain (c)Closed Loop Control Acquisition, Analysis, Determination and Execution Method Actions (D)Domain level Management, Cross Domain Level Management, Business Service Level Management This document present to aim B5G-based autonomous security and intend framework based on the constant security quality guarantee to provide the super-trusted infrastructure of the new convergent network security service without cyber threats 5. B5G Native Network Management based on SOAR 5.1. Purpose of B5G Native Network Management Framework It is necessary to verify native security element skill to analyze the detailed functions such as B5G wireless access, D2D and infrastructure virtualization. It is also needed to analyze B5G global network security-based intelligence and internalization technology, security vulnerability in flying base station and quantum security for security application system. We also propose of design of B5G native network management and requirement for B5G wireless access/D2D/infrastructure virtualization attack model, AI-based B5G autonomous security control of security native intelligence, networking security and intrusion detection in flying base station and quantum security for application of B5G security system. In addition, security native modeling and verification are also necessary in B5G native network management framework. Kim & Kim Expires 10 January 2024 [Page 8] Internet-Draft draft-kim-nmrg-2nmai5g-00 July 2023 5.2. Scope of B5G Native Network Management Above all, the first scope is to analyze of B5G wireless access/D2D/ infrastructure virtualization elements and to define security requirements such as B5G wireless access, Ultra-high-density of B5G D2D and infrastructure virtualization. In next scope, there are B5G wireless access/D2D/infrastructure virtualization attack model development and threat analysis, design of AI-based B5G autonomous security control and security intelligence internalization concept. It is also necessary to design networking security, intrusion detection element technology in flying base station and design of quantum security technology for B5G security application. Verification of the contents in advance is also additionally required with the following scope. 6. IANA Considerations There are no IANA considerations related to this document. 7. Security Considerations [TBD] 8. Informative References [TM-Forum] "Aaron Richard Earl Boasman-Patel, Autonomous Networks: Empowering Digital Transformation for The Telecoms Industry", 2019. [ITU-T_Y.3172] "Architectural framework for machine learning in future networks including IMT-2020", 2020. [ITU-T_Y.3173] "Framework for evaluating intelligence level of future networks including IMT-2020", 2020. [ITU-T_Y.3174] "Framework for data handling to enable machine learning in future networks including IMT-2020", 2020. [ITU-T_Y.3176] "Machine learning marketplace integration in future networks including IMT-2020", 2020. [FG-ML5G_spec1] "Requirements, architecture and design for machine learning function orchestrator", 2020. Kim & Kim Expires 10 January 2024 [Page 9] Internet-Draft draft-kim-nmrg-2nmai5g-00 July 2023 [FG-ML5G_spec2] "Machine Learning Sandbox for future networks including IMT-2020 requirements and architecture framework", 2020. [FG-ML5G_spec3] "Machine learning based end to end network slice management and orchestration", November 2020. [FG-ML5G_spec4] "Vertical assisted Network Slicing Based on a Cognitive Framework", 2020. [Y.ML_IMT2020-RAFR] "Architecture framework for AI based network automation of resource adaptation and failure recovery for future networks including IMT 2020", 2020. [TS23.288] "Architecture enhancements for 5G System to support network data analytics services", 2021. [TR23.791] "Study of Enablers for Network Automation for 5G", 2021. [TR28.809] "Study on enhancement of Management Data Analytics (MDA)", 2021. [TR28.810] "Study on concept, requirements and solutions for levels of autonomous network", 2021. [TR28.100] "Management and orchestration; Levels of autonomous network", 2021. [TR28.812] "Telecommunication management; Study on scenarios for Intent driven management services for mobile networks", 2021. [TR28.312] "Intent driven management services for mobile networks", 2021. [TR28.805] "Telecommunication management; Study on management aspects of communication services", 2021. [TR28.535] "Management and orchestration; Management services for communication service assurance; Requirements", 2021. [TR28.536] "Management and orchestration; Management services for communication service assurance; Stage 2 and Stage 3", 2021. Kim & Kim Expires 10 January 2024 [Page 10] Internet-Draft draft-kim-nmrg-2nmai5g-00 July 2023 [TR28.861] "Study on the Self Organizing Networks (SON) for 5G networks", 2021. [TR28.313] "Self-Organizing Networks (SON) for 5G networks", 2021. Authors' Addresses Hwan-kuk Kim SANGMYUNG UNIVERSITY 31, Sangmyeongdae-gil, Dongnam-gu Cheonan Phone: +82 41 550 5101 Email: rinyfeel@smu.ac.kr Min-Suk Kim SANGMYUNG UNIVERSITY 31, Sangmyeongdae-gil, Dongnam-gu Cheonan Phone: +82 41 550 5113 Email: minsuk.kim@smu.ac.kr Kim & Kim Expires 10 January 2024 [Page 11]