**1. Introduction**

It is clear that 5G networks have become an integral part of today's digital society. This technology is already implemented in many places worldwide and continues to be implemented rapidly, offering many benefits for ordinary users of cellular networks (standard services) and business and specialized services (government communications, military,

**Citation:** Odarchenko, R.; Iavich, M.; Iashvili, G.; Fedushko, S.; Syerov, Y. Assessment of Security KPIs for 5G Network Slices for Special Groups of Subscribers. *Big Data Cogn. Comput.* **2023**, *7*, 169. https://doi.org/ 10.3390/bdcc7040169

Academic Editors: Peter R.J. Trim and Yang-Im Lee

Received: 17 September 2023 Revised: 22 October 2023 Accepted: 23 October 2023 Published: 26 October 2023

**Copyright:** © 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).

firefighters, etc.). In the context of the latest special user introductions, 5G provides high throughput, low latency, and fairly high levels of reliability, opening up many opportunities for special missions and entirely new use cases. For example, 5G technology allows specific services to provide mission-critical communications whenever needed. It is clear that as specialized users implement more sensors, services, and subscribers, there may be additional operational needs, such as cybersecurity. It has become critical in the modern world, full of all kinds of threats, from single hackers to entire groups and even states. In this case, a single converged network capable of managing all of these functions gives operators the flexibility and control to manage high-bandwidth and low-latency applications while maintaining the required level of cybersecurity.

With emerging technologies such as artificial intelligence and machine learning, 5G's potential is truly impressive. It can provide special users with improved situational awareness, allowing entire units and platforms to respond faster and more accurately to threats in a dynamic environment. Furthermore, 5G's below-millisecond latency and reliability mean it can fit into various military and other government use cases.

The problem is that existing 5G communication systems cannot fully ensure the required quality of government line data service and the security of transmission in the widespread use of the concept of the Internet of Things, as well as in the context of hostilities, hybrid warfare, and cyberwar. Now, it is possible to intercept text messages, listen to conversations, and then use the data obtained against individuals and the military, government, etc. In addition, a remarkable landscape of other cyberattacks has appeared over the last decade. The current 5G network increases the range and adaptability of various services but also faces numerous security and privacy issues from attackers inside and outside the system perimeter. For example, 35 types of cyber threats were identified that pose significant risks in different areas of cybersecurity [1,2]: confidentiality, authentication, integrity, and availability in networks. This creates new serious threats that may become critical in the future. For example, an attacker can initiate eavesdropping to intercept data packets, conduct man-in-the-middle attacks to obtain session keys, or conduct locationtracking attacks on legitimate subscribers. These external threats that undermine the security of services for special users, the Internet of Things, etc., are the main security threats for every component in the structure of the modern 5G network, which is focused on providing high-quality services to its users. All this indicates the low efficiency of the applied methods of 5G network planning, the imperfection of the applied security technologies for the most secure data transmission, and the lack of ability to respond quickly to cyber incidents, etc.

The most spread-specific challenges and vulnerabilities in existing 5G communication systems that hinder the quality of service and data security for government lines and IoT applications were collected and reflected in Table 1.


**Table 1.** Specific challenges and vulnerabilities in existing 5G communication systems.



Therefore, scientifically based planning and optimization of cellular network security systems that provide the requested services with specified performance indicators for special groups of subscribers (transmission speed, delay, security of transmitted data) is a very complex scientific, technical, and economic problem, without which it is impossible to create an information infrastructure that meets the needs of a developed world-class information society.

As a leading standardization body in the field, 3GPPP pays great attention to the problem of network slice management in 5G [3]. Then, 5GPPP considered network slice KPIs and issued the White Paper on KPI Measurement Tools from KPI Definition to KPI Validation Enablement. Complete 5G projects, or parts of them, are dedicated to managing network slices and monitoring them. For example, 5G-DRIVE [4] was partially dedicated to researching critical innovations in networking slicing, network virtualization, etc. Moreover, 5G-MoNArch [5] in Work Package 3 worked on resilience and security and therefore developed secure network services and slices for them.

Leading manufacturers of telecommunications equipment also pay significant attention to this topic. For example, Juniper Networks described their end-to-end solution to manage service quality [6], Accedian paid attention to the active monitoring of network slices and the appropriate tools [7], Emblasoft developed flexible testing and active monitoring for 5G slices [8], and Huawei issued a white paper on 5G network cutting self-management [9]. Also, many research papers are devoted to monitoring network slices, the measurement of KPIs, level of security, etc. [10], focusing on the security challenges of the implementation of network slices in 5G networks [11,12]. The authors proposed that network slice controllers support security by enabling security controls at different

network layers. The researchers [13] proposed the AI-based approach for cybersecurity in network slices and provided a comprehensive analysis [14] of the division of the network to develop commercial needs and challenges in the network. In [15], the authors considered the strategy for deploying and integrating one or more network management software with managed services. Furthermore, in [16], the authors proposed a principally novel framework for 6G network slices.

As we found from the analysis of the above projects and articles, insufficient attention is paid to the problems of monitoring the performance indicators of network layer security systems.

The article offers an analysis of key performance indicators (KPIs) and provides security KPIs. The calculation model and the study of the corresponding KPIs are provided. The paper also offers the architecture of the system to collect and estimate security KPIs and make the most appropriate decision. The algorithm was developed that automatically checks the organization's security KPIs based on the corresponding parameters.

The rest of the paper is organized as follows. The next section of the paper analyzes existing related resources and concludes with a problem statement, the goals of the paper, and the establishment of subtasks.

#### **2. Review of the Literature**

In the paper [17], the authors propose minimized sets of security KPIs, focusing mainly on computing and memory resources. In the article, certain key performance indicators (KPIs) are intricately linked with the Management and Orchestration (MANO) framework, necessitating their definition as integral components of the said MANO orchestration.

In the paper [18], the authors define the main requirements and KPIs of 5G networks. The offered methodology's primary focus is providing diverse vertical sectors with ultrareliable communication and minimizing latency. As a result, the authors provide the requirements and key performance indicators for 5G networks.

In the article [19], the main objective of the study is to stimulate future research towards the secure implementation of Machine Learning (ML) methodologies within 5G infrastructures and prospective wireless networks. In the papers [20,21], the authors offer an approach to increase the flexibility of key performance indicators in 5G networks. However, one of the crucial indicators, Network Availability, is not considered in the mentioned papers. This indicator's emphasis on network availability aligns with existing 5G practices that prioritize high availability through network slicing and virtualization. This technique ensures that critical services remain operational, even during security incidents or disruptions. In the papers [22–24], the security aspect of 5G networks is not fully covered.

In the paper [25], the main focus is on understanding and managing the quality and performance of services to meet the technical quality of service (QoS) and the quality of experience (QoE). One of the critical security KPIs of 5G networks is Mean Time to Detect (MTTD), which shows 5G's advanced monitoring capabilities, AI-driven analytics, and machine learning algorithms to contribute to a shorter MTTD than traditional methods. This enables security teams to identify potential threats faster and respond proactively. This security KPI is not used in the above-mentioned paper. Another essential security KPI is the Mean Time to Respond (MTTR). This KPI gives 5G's improved data processing capabilities and network speed, leading to a quicker MTTR when compared to conventional response methods. Faster data analysis and communication enable efficient incident investigation and remediation. The mentioned KPI can significantly increase the security of the level of services to fulfill the technical quality of the service working with QoS/QoE.

Another important KPI is Data Leakage Rate, which makes 5G's implementation of advanced encryption protocols and secure communication channels reduce the data leakage rate compared to less secure approaches. Robust encryption ensures the confidentiality of sensitive information during transmission, which is essential for the security level in 5G networks and is not presented in the articles [26,27], in which the authors perform experiments on optimizing monitoring processes in 5G networks.

Several key performance indicators (KPIs) for security are not completely represented in the articles [28,29]. Compared to traditional network security approaches, incident response time is not used in the documents. In addition, 5G's incident response time benefits from lower latency and higher data transfer rates. This allows security teams to detect and respond to incidents more quickly, reducing the time between identifying a threat and taking appropriate actions to mitigate it.

Key performance indicator Security Patch Management ensures faster and more efficient distribution of security patches and updates. It offers 5G's more rapid data transfer rates, enabling more efficient security patch management compared to slower network technologies. In the papers [30–32], the authors offer 5G network functions and characterize the performance of location management functions in 5G core networks. Security patch management provides better distribution of security patches, reducing exposure to known vulnerabilities and enhancing the network's overall security while working with the mentioned functions. In the papers [33,34], the security aspect is not fully covered, which is one of the essential aspects of building a 5G network infrastructure. The compliance indicator with security standards is vital for 5G network security. The security concepts of the 5G network are designed with security standards in mind, making them more compliant than the older approaches. Adherence to security standards ensures that best security practices are followed, reducing the likelihood of vulnerabilities.

In the paper [35], the authors show the open challenge of integrating satellites into 5G cellular networks. During the investigation of the open challenges of satellite integration into 5G networks, comparing the 5G network security KPIs with existing approaches is an important aspect, demonstrating how 5G leverages its inherent technological advantages to strengthen network security [36,37]. Integrating faster data transfer, improved data processing, and advanced security mechanisms contribute to better incident response, threat detection, authentication, intrusion prevention, data protection, and compliance with security standards.

#### *Problem Statement*

The main goal of this work is to develop a system to monitor security KPIs in fifthgeneration and subsequent-generation cellular networks. It will give the possibility of continuous control and optimization of the network.

Achieving the set goal requires solving the following tasks:


#### **3. Definition of Performance and Security KPIs**

The development of advanced communication networks is based on the establishment of internationally accepted standards to ensure compatibility, cost-effectiveness, and widespread adoption. This collaboration aims to empower the European industry to lead the advancement of 5G standards and secure a minimum of 20% of the 5G SEP (standard essential patents) for development and use.

We have identified the benchmarks for the new network's operational characteristics:


This high-performance network will operate through a scalable management framework that enables the rapid deployment of innovative applications, including sensor-based solutions. It will also reduce network management operating expenses by at least 20% compared to current standards. Furthermore, the network will incorporate new lightweight yet robust security and authentication measures designed to address the challenges posed by pervasive multidomain visualized networks and services in the modern era.

The main categories of 5G key performance indicators (KPIs) typically include the following.

Enhanced Mobile Broadband (eMBB): This category focuses on improving mobile broadband services. Ultra-Reliable and Low-Latency Communications (URLLC) emphasizes reliable and low-latency communication, crucial for applications such as autonomous vehicles or remote surgery. Massive Machine-Type Communications (mMTC): This category addresses the requirements for connecting many IoT devices. ITU, NGMN, and 3GPP have globally characterized 5G use cases and related requirements since their development. Some 5G technology use cases include broadband access in densely populated areas, high user mobility, massive IoT connectivity, tactile Internet, support during natural disasters, electronic health services, and broadcast services.

Table 2 below summarizes the KPIs for 5G wireless technology at the ITU level, representing the minimum performance requirements:


**Table 2.** KPIs for 5G wireless technology at the ITU level [38].


**Table 2.** *Cont.*

Here are some of the key challenges and vulnerabilities that must be addressed during the design and deployment of 5G network services for special groups of subscribers.

#### 1. Security concerns:

	- Data privacy—the massive amount of data generated by IoT devices, including personal information, can raise concerns about data privacy and unauthorized access, particularly in government applications.
	- Data Localization—governments may require data to be stored within their borders, creating challenges for global IoT deployments.
	- Legacy systems—Integrating 5G with existing communication systems can be challenging, particularly for government agencies with legacy infrastructure.
	- IoT standards—The lack of universal IoT standards can hinder interoperability and create compatibility issues.
	- Vendor Dependencies: Relying on specific vendors for 5G infrastructure or IoT devices can create supply chain vulnerabilities, especially if the vendors are from countries with conflicting interests.
	- Spectrum Regulations—Regulations and licensing for spectrum use can vary by region, complicating IoT device deployment and government communication systems.
	- Security and Privacy Regulations—Compliance with data security and privacy regulations, such as GDPR or HIPAA, can be complex, especially in cross-border scenarios.

Addressing these challenges and vulnerabilities in 5G communication systems for government lines and IoT applications requires a comprehensive approach that includes robust security measures, privacy protections, resilience, and interoperability. Collaboration between governments, industry stakeholders, and standardization bodies is crucial to effectively implement secure and reliable 5G and IoT solutions.

For today's 5G networks, a new cybersecurity approach must be defined, and precise metrics must be established to inform all stakeholders about potential threats and breaches. Typically, the leaders of large cellular service consumers are looking for clear security metrics that demonstrate costs and anticipated potential impacts on their business goals. The following study results can be cited as an example of such losses. A breach lasting

more than two hundred days has been shown to cost an organization 4.56 million USD, which is 37% more than the cost of a breach lasting less than two hundred days (3.34 million USD) [39].

Furthermore, the results of the study [39] showed that 44% of those surveyed said that their organization's security approach has improved significantly in recent years. Figure 1 lists the specific metrics companies used to measure this improvement. They mainly include the number of attacks prevented [40], the time taken to identify the incident, and the time required to locate the incident.

**Figure 1.** Results of the cyber security survey [41].

These KPIs outline the performance requirements for 5G wireless technology according to the ITU.

It is essential to determine security KPIs for 5G wireless networks. Security key performance indicators (KPIs) for 5G networks can help assess the effectiveness and efficiency of the security measures in place. Based on our research, we have identified the following security KPIs for 5G networks:


It is important to note that specific security KPIs may vary depending on the network operator, service provider, or organization that implements the 5G network. These KPIs can be tailored to suit the network infrastructure's specific security goals and requirements. To ensure the success of the concrete 5G business, it is crucial to establish a well-defined cybersecurity approach and use accurate metrics to inform relevant stakeholders. Clevel executives and board members are actively looking for security metrics that clearly understand the costs involved and the anticipated impact on their business objectives. According to the IBM research findings [39], organizations experience a significantly higher cost of 4.56 million USD when a breach lasts more than two hundred days. This amount is 37% greater than the cost incurred when a breach is resolved in a shorter period, which is 3.34 million USD.

Furthermore, the study highlights that 44% of the respondents surveyed reported notable improvements in their organization's security approaches during the past 12 months. These metrics include primarily the number of prevented attacks, the time required to identify an incident, and the time required to contain an incident. Approximately 55%, 51%, and 48% of companies use these respective metrics for measurement purposes. Based on this study, we can identify the security KPIs for 5G networks. To effectively assess security operations, metrics such as Mean Time to Identification (MTTI) and Mean Time To Contain (MTTC) are considered essential to measure cybersecurity intrusions or incidents in 5G networks. Based on related articles, we have identified a set of main KPIs for security measures (Table 3).


**Table 3.** The most relevant 5G cybersecurity KPIs.

#### **Table 3.** *Cont.*


Table 3 is a set of performance indicators for cybersecurity systems in cellular 4G/5G networks. It contains indicators that describe the state of security in the network as a whole and individual elements that describe the state of individual network elements. The table also includes both indicators (Intrusion Attempts) that need to be constantly measured. Their deviation may indicate the occurrence of a cybersecurity incident, as well as indicators that are measured over time and therefore require preliminary collection (accumulation) of information (number of Security Incidents, Mean Time To Identification, Mean Time To Contain, Mean Time to Identification, Mean Time to Detect, Mean Time to Respond, Network Availability, Authentication Failure Rate, Intrusion Detection and Prevention Effectiveness, Data Leakage Rate, Threat Detection Time, Patching, and Vulnerability Management). Their assessment indicates the need for comprehensive changes (possibly a revision of current approaches) in the security system. Such a KPI, like "Compliance with Security Standards", has to be fully satisfied and continuously reviewed (Table 4).


**Table 4.** Table of threshold values of security KPIs.

Minimal KPI requirements can vary depending on the organization's specific risk appetite and security objectives.

## **4. Development of Architecture**

To achieve low latency, high data transfer rates, and a higher level of security, the concept of network cutting was defined in 5G. This technology allows network operators to divide their physical infrastructure into multiple logical networks, each configured according to its characteristics and needs. As shown in Figure 2, each network layer is an independent virtual subnet from end to end and can even be owned by different tenants (or vertical markets) that manage the physical, virtualized, and service layers with different key performance indicators (KPIs), including security metrics.

Using emerging advances in virtualization and network management, such as softwaredefined networking (SDN) and network function virtualization (NFV), network partitioning creates virtual networks that provide a customized network experience that meets predefined key performance indicators (KPIs). Therefore, there are known security issues associated with these underlying SDN and NFV technologies and access networks. Thus, the central part of the security in the division of the network is to determine what constitutes the main potential threats to this segment, the establishment of minimum requirements, and their mandatory implementation. In this case, it is imperative to define isolation attributes, create an abstraction layer to provide end-to-end isolation at a particular level, and introduce appropriate security policies for each layer.

**Figure 2.** Network slices concept for the special subscribers' groups.

Therefore, an effective network partitioning solution requires integrated management, performance, and security considerations. In this case, attacks directed against one segment must not affect others. Therefore, security functions must act independently for each layer. Thus, the main challenge in designing a network partitioning solution is to satisfy all the requirements of the segment owner while ensuring the security of each segment independently.

As illustrated in Figure 3, a 5G network may accommodate different use cases, and each can be served by single or multiple network slices, which can be applied to monitoring mechanisms [53]. When the subscribers are geographically dispersed, dedicated or shared network slices can also serve the horizontal use cases. Each network slice owns logically isolated computation and storage resources to perform data processing and storage tasks for all use cases that receive their services. Each network layer, which must serve a specific group of subscribers to ensure the required quality of service and secure data transmission, is characterized by its specific network characteristics and network security indicators (KPIs). To respond immediately to emerging anomalies, degradation of service quality, or lowering the level of information security, it is necessary to continuously monitor the above parameters. This process is reflected in Figure 3. In addition, also it is also possible to perform forced penetration tests of layers. For these two procedures, a specialized network slices monitoring server can be used (Figure 3).

**Figure 3.** Graphical representation of delivering security credentials in the key management scheme.

The operation of this system obviously must be in synchronization with the cybersecurity systems. As an example, the figure shows a case of potential use of a quantum key distribution system, described in detail in [54], to increase the confidentiality level of transmitted data. Thus, in the case of measuring security indicators and identifying problems, for example, with confidentiality, quantum fundamental distribution mechanisms can be used. However, in general, the study aims to describe a generalized model and, accordingly, the architecture of the monitoring system that will ensure the main security principles, traditionally categorized as confidentiality, authentication, authorization, availability, and integrity.

#### **5. The Offered Model**

Based on the above, using the security KPIs from Table 2, a set of safety KPIs for the evaluation analysis model is proposed, which can be objectively evaluated. There is a set of network layers for which both the QoS quality of service indicators and the security KPI indicators are clearly defined.

$$\left\{ \bigcup\_{i=1}^{n} Slice\_i \right\} = \{ Slice\_1, Slice\_2, I, Slice\_n\}\_{\prime \prime}$$

where


In order to collect information about any operations that occur on the network, analyze them, and, accordingly, make decisions based on the assessments made, it is proposed to add either an additional network function to the core of the network, which will contain all the functionality necessary for this or, more straightforward at first, especially for testing the system, is to add an external server that will be connected to the network core via standard interfaces. This approach is reflected in Figure 4.

**Figure 4.** Continuous security KPIs monitoring system for 4G/5G/6G.

Thus, all the KPIs mentioned above will be collected in different parts of the network (different nodes) and stored in a specialized database that can be combined with the Cybersecurity Function Server (CSF) (Figure 4).

Furthermore, due to constant monitoring, the database will be filled in real-time with primary security KPIs, for which statistics on the number of incidents, their impact, scale, duration, etc., can be used. In the future, these primary indicators can be used to estimate secondary parameters using the mathematical apparatus in Table 2. The following pseudocode defines the algorithm developed for this assessment.

class Secure\_KPI():

def \_\_init\_\_(self):

#*defining the dictionary with the security KPIs as the keys and lists of desired parameters for the corresponding KPI for the concrete organization.*

self.KPI={NIA:[parameters], NSI:[parameters], MTTI:[parameters], MTTR:[parameters], MTTD:[parameters], MTTRes:[parameters], NA:[parameters], AFR:[parameters], TPR:[parameters], FPR:[parameters], DLR:[parameters], TDT:[parameters], PVMT:[parameters]}

def input\_data(self):
