6G-SANDBOX

To evaluate the detection performance of the HSPF detection module, a comprehensive evaluation scenario has been outlined as follows:

1. Collection of Normal Traffic: The initial step involved collecting normal network traffic. This process was conducted concurrently with one of the testing rounds designed to evaluate the NEF performance. While the characteristics of different validation tests for the NEF varied in terms of the number of simultaneous requests and respective intervals, the variability in data among these tests was minimal. Thus, whether collecting one or multiple scenarios of norma traffic, the resulting data, after undergoing standardisation, would have similar characteristics.
2. Federated Training of ML Model: Following the collection of normal traffic, the HSPF Agent initiated a federated training round orchestrated by the HSPF Orchestrator. This process resulted in a trained ML model capable of accurately identifying normal traffic patterns similar to those observed during the network traffic collection phase.
3. Simulation of Malicious Flows: To simulate malicious flows, a script originally used for validating the integration between the NEF and the 5G Core was adapted. This adaptation involved the simulation of SQL injection commands and malformed URLs, using the create

A set of three experiments were conducted for each of the scenarios (SQL Injection commands in the payload and Malformed URLs), resulting in the generation of 60 malicious requests.