Abstract: The disclosed embodiments include a method performed by a wireless network to mitigate a security risk arising from an application-layer transaction and contextual scenario of a wireless device (WD). A security resource can be maintained inactive by default and configured for on-demand activation in response to a security risk associated with the WD. The method can include monitoring the WD for application-layer transactions and contextual scenarios, and detecting a security risk relative to a particular type of a application-layer transaction and a contextual scenario of the WD. In response to detecting the security risk, the security resource is activated to support the application-layer transaction while safeguarding the entire wireless network. In response to detecting a change to the application-layer transaction or the particular contextual scenario, the security resource for the WD can be deactivated.

Abstract: The disclosed embodiments include a method performed by a wireless network to dynamically provision security resources during runtime execution of a service environment. The security resources are distributed across cell sites that provide coverage areas for multiple wireless devices (WDs) in multiple service environments. The cell sites are monitored during runtime execution of the multiple service environments to detect risk levels that indicate a vulnerability to the wireless network. When an elevated risk level is detected for a particular cell site, security resources of the security layer are dynamically provisioned for the particular cell site to safeguard the entire wireless network. Hence, the provisioned security resources can include a security resource from a different cell site.

Abstract: The disclosed embodiments include a software-defined security (SDS) service that can monitor runtime behavior of a network of nodes of a wireless network and detect anomalous activity indicating contamination of the network of nodes, where the contamination includes unauthorized instructions designed to damage or interrupt a function of the network of nodes. The SDS service can dynamically coordinate a blacklist and a whitelist, where the blacklist includes an indication of contaminated assets and the whitelist includes an indication of non-contaminated assets. The contaminated assets are isolated with a cleanroom environment, where the security resources sanitize the contaminated assets. Then, indications of the decontaminated assets are moved from the blacklist to the whitelist, and the use of the security resources are dynamically adjusted according to a load ratio between the whitelist and the blacklist.

Abstract: The disclosed technology includes a method and system for preventing or reducing cyber-attacks in a 5G network. The system can register a connected device with the 5G network, monitor the connected device by the computing device associated with the 5G network, and detect or determine that the connected device is at risk of a cyber-attack based on one or more conditions. The conditions can include detecting that the connected device is obsolete or unmaintained, the connected device fails to respond to status checks, or a service provider associated with the connected device is not supporting the connected device or is out of business. In response to detecting or determining that the connected device is at risk of the cyber-attack, the system can deauthorize the connected device.

Abstract: The disclosed embodiments include a method performed by a network access node to thwart unauthorized activity on a 5G wireless network. The method can include receiving a communication from a wireless device. The communication can include metadata, which includes contextual information about the wireless device. The contextual information is compared with a threshold to generate an output indicating a context of the communication. In response to the output, the network access node can simulate a vulnerability of the network access node that allows an unauthorized activity on the 5G wireless network. The network access node can detect that the wireless device seeks to exploit the simulated vulnerability to perform the unauthorized activity, and then quarantines access of the wireless device such that the unauthorized activity is thwarted at the network access node.

Abstract: The disclosed technology includes a method and system for preventing or reducing cyber-attacks in a 5G network. A first node in a 5G network can detect that a first connected device is at risk of a cyber-attack based on one or more conditions and can broadcast to a plurality of nodes in the RAN that the first connected device is at risk of the cyber-attack. The first node can receive a first message from a second node of the plurality of nodes confirming or acknowledging that the first connected device is at risk of the cyber-attack. In response to receiving the first message from the second node confirming or acknowledging that the first connected device is at risk of the cyber-attack, the system can deauthorize the first connected device.