5G Attacks: Realistic Scenarios and Simulations Using Open5GS

Document Type : Research Article

Authors

Department of Electrical Engineering, SR.C., Islamic Azad University, Tehran, Iran.

10.22042/isecure.2026.240534
Abstract
The evolution of fifth-generation cellular networks (5G) brings unprecedented improvements in speed, latency, and scalability, but also introduces significant new security challenges. While earlier studies have primarily focused on performance benchmarking or examined isolated vulnerabilities, there remains a lack of comprehensive, reproducible security evaluations of 5G core networks. This paper presents a scenario-based simulation study of three distinct denial-of-service (DoS) attacks targeting critical components of the 5G control plane. Using open-source tools such as Open5GS and UERANSIM, we demonstrate: (1) large-scale registration flooding that overloads both the next-generation NodeB (gNB) and the Access and Mobility Management Function (AMF); (2) AMF resource exhaustion through massive NGSetupRequest messages; and (3) tampering with a security-related parameter in the User Equipment (UE) registration process to disrupt authentication. The evaluation quantifies the impacts of Central Processing Unit (CPU) and Random Access Memory (RAM) under these attacks, showing that even commodity hardware testbeds can reveal critical vulnerabilities. Moreover, analysis of the logs collected during the attacks confirms the successful execution of each attack scenario. The findings highlight how scenario-based simulations effectively explore various 5G attack surfaces and underscore the necessity for targeted defense mechanisms to enhance the resilience of next-generation mobile networks.

Keywords


[1] Saul Beltozar-Clemente, Orlando IparraguirreVillanueva, F´elix Pucuhuayla-Revatta, Fernando Sierra-Lin˜an, Joselyn Zapata-Paulini, and Michael Cabanillas-Carbonell. Contributions of the 5g network with respect to decent work and economic growth (sustainable development goal 8): a systematic review of the literature. Sustainability, 15(22):15776, 2023.
[2] 3GPP. System architecture for the 5g system (5gs). https://www.3gpp.org/ftp/Specs/ archive/23_series/23.501/, 2023. 3GPP TS 23.501, Release 17.
[3] Zujany Salazar, Huu Nghia Nguyen, Wissam Mallouli, Ana R Cavalli, and Edgardo Montes de Oca. 5greplay: A 5g network traffic fuzzerapplication to attack injection. In Proceedings of the 16th International Conference on Availability, Reliability and Security, pages 1–8, 2021.
[4] George Amponis, Panagiotis RadoglouGrammatikis, Thomas Lagkas, Savas Ouzounidis, Maria Zevgara, Ioannis Moscholios, Sotirios Goudos, and Panagiotis Sarigiannidis. Generating full-stack 5g security datasets: Ip-layer and core network persistent pdu session attacks. AEU-International Journal of Electronics and Communications, 171:154913, 2023.
[5] S. Hosseinishamoushaki. Simulation of 5g networks using open-source tools. https://thesis.unipd.it/retrieve/ 9c877408-954d-488d-ab86-4e8bdfb4131c/ Hosseinishamoushaki_Seyedali.pdf, 2023.
[6] Edward J Oughton, Konstantinos Katsaros, Fariborz Entezami, Dritan Kaleshi, and Jon Crowcroft. An open-source techno-economic assessment framework for 5g deployment. IEEE Access, 7:155930–155940, 2019.
[7] Anastasios Vetsos, Dimitrios Uzunidis, Pericles Papadopoulos, and Panagiotis Karkazis. Comparative analysis of three opensource 5g simulation tools. In Proceedings of the 28th PanHellenic Conference on Progress in Computing and Informatics, pages 107–113, 2024.
[8] Open5GS Project. Open5gs: Open source 5g/4g core network. https://open5gs.org, 2025. Accessed: 2025-07-27.
[9] Uranus Team. Ueransim: 5g ue and ran simulation. https://github.com/aligungr/ UERANSIM, 2025. Accessed: 2025-07-27.
[10] L. Loureiro. Master thesis on open5gs and ueransim testbeds. https://baes.uc.pt/ retrieve/265724/Tese_Master_Lu%C3%ADs_ Loureiro.pdf, 2023.
[11] Diana Pineda, Ricardo Harrilal-Parchment, Kemal Akkaya, Ahmed Ibrahim, and Alexander Perez-Pons. Design and analysis of an opensource sdn-based 5g standalone testbed. In IEEE INFOCOM 2023-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pages 1–6. IEEE, 2023.
[12] R Rohith, Minal Moharir, G Shobha, et al. Scapya powerful interactive packet manipulation program. In 2018 international conference on networking, embedded and wireless systems (ICNEWS), pages 1–5. IEEE, 2018.
[13] Philippe Biondi. Scapy. https://scapy.net, 2025. Accessed: 2025-07-27.
[14] Filippo Dolente, Rosario Giuseppe Garroppo, and Michele Pagano. A vulnerability assessment of open-source implementations of fifthgeneration core network functions. Future Internet, 16(1):1, 2023.
[15] Filippo Giambartolomei, Marc Barcelo´, Alessandro Brighente, Aitor Urbieta, and Mauro Conti. Penetration testing of 5g core network web technologies. In ICC 2024-IEEE International Conference on Communications, pages 702–707. IEEE, 2024.
[16] Adrien Koutsos. The 5g-aka authentication protocol privacy. In 2019 IEEE European symposium on security and privacy (EuroS&P), pages 464–479. IEEE, 2019.
[17] Zhiwei Cui, Baojiang Cui, Li Su, Haitao Du, Hongxin Wang, and Junsong Fu. Attacks against security context in 5g network. In International Symposium on Mobile Internet Security, pages 3–17. Springer, 2022.
[18] Yongho Ko, I Wayan Adi Juliawan Pawana, and Ilsun You. Formal security reassessment of the 5g-aka-fs protocol: Methodological corrections and augmented verification techniques. Sensors (Basel, Switzerland), 24(24):7979, 2024.
[19] Carlos Eduardo Menin, Igor Martins Silva, Vin´ıcius Boff Alves, Gabriel Lando, Cristiano Bonato Both, Jos´e Marcos S Nogueira, and Juliano Araujo Wickboldt. Explainable performance analysis of open-source 5g core network implementations via observability. In 2025 IEEE 11th International Conference on Network Softwarization (NetSoft), pages 397–405. IEEE, 2025.
[20] Tariro Mukute, Lusani Mamushiane, Albert A Lysko, Elena-Ramona Modroiu, Thomas Magedanz, and Joyce Mwangama. Control plane performance benchmarking and feature analysis of popular open-source 5g core networks: Openairinterface, open5gs, and free5gc. IEEE Access, 12:113336–113360, 2024.
[21] Aya Moheddine and Valeria Loscri. Identifying and exploiting a denial-of-service vulnerability in the ngap protocol in 5g networks. In EuCNC & 6G Summit, 2025.
[22] Cisco 5g amf configuration guide. https://www.cisco.com/c/en/us/td/docs/ wireless/ucc/amf/2021-04/config-andadmin/b_ucc-5g-amf-config-and-adminguide_2021-04.html, 2021.
[23] ShareTechnote. 5g core - amf. https: //www.sharetechnote.com/html/5G/5G_ Core_AMF.html. Accessed 2025.
[24] The Tcpdump Group. tcpdump: The classic command-line packet analyzer. https://www. tcpdump.org, 2024. Accessed: July 2025.
[25] Wireshark: The world’s foremost network protocol analyzer. https://www.wireshark.org/. Accessed: 2025-07-27.

Articles in Press, Accepted Manuscript
Available Online from 12 February 2026