Abstract

In the era of 5G and Beyond (5G+) networks, characterized by increased complexity and vulnerability to cyberthreats, the detection of cyberattacks within network traffic becomes more challenging. Machine Learning (ML) offers a promising solution for detecting cyberthreats. However, the constantly ever-evolving technology landscape introduces rapidly evolving attacks, requiring continuous ML model updates. Accordingly, this paper leverages the power of Automated ML (AutoML) and Digital Twin (DT) technologies to deploy an Intrusion Detection System (IDS) in resource-constrained environments, which remains effective over time. An AutoML pipeline is proposed in this paper for multi-class network attack detection, consisting of three offline and automated phases-data preprocessing, feature engineering, and model learning-and an online phase for model monitoring and updates. Additionally, a DT has been introduced to continually update and evolve the ML model in response to the dynamic nature of new attacks, emphasizing low overhead and efficient synchronization. Specifically, two data generation approaches within the DT are explored: uniform sampling based on statistical properties and generative models (such as Variational AutoEncoders (VAEs) and Generative Adversarial Networks (GANs)) using raw data. The experimental results demonstrate that uniform sampling achieves the fastest recovery, lowest overhead, and highest privacy in enhancing the multi-layer perceptron, the best-performing ML model.