{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T18:59:51Z","timestamp":1763665191369,"version":"3.45.0"},"reference-count":54,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"23","license":[{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Internet Things J."],"published-print":{"date-parts":[[2025,12,1]]},"DOI":"10.1109\/jiot.2025.3611508","type":"journal-article","created":{"date-parts":[[2025,9,18]],"date-time":"2025-09-18T17:47:26Z","timestamp":1758217646000},"page":"51086-51098","source":"Crossref","is-referenced-by-count":0,"title":["NGAP Feature Fusion Hybrid Network Attack Detection for 5G Edge Security"],"prefix":"10.1109","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-6503-944X","authenticated-orcid":false,"given":"Shaocong","family":"Feng","sequence":"first","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6937-4068","authenticated-orcid":false,"given":"Baojiang","family":"Cui","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-9469-0387","authenticated-orcid":false,"given":"Shengjia","family":"Chang","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-5520-2308","authenticated-orcid":false,"given":"Haoran","family":"Yu","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-1202-4791","authenticated-orcid":false,"given":"Yuqi","family":"Huo","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"volume-title":"Non-Access-Stratum (NAS) Protocol for 5G System (5GS); Stage 3","year":"2025","key":"ref1"},{"volume-title":"Security Architecture and Procedures for 5G System","year":"2025","key":"ref2"},{"key":"ref3","first-page":"2151","article-title":"Freaky leaky SMS: Extracting user locations by analyzing SMS timings","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Bitsikas"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23349"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23188"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3558482.3581774"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978393"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660346"},{"key":"ref9","first-page":"1307","article-title":"Watching the watchers: Practical video identification attack in LTE networks","volume-title":"Proc. 31st USENIX Secur. Symp. (USENIX Secur.)","author":"Bae"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3317549.3323416"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3304840"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23236"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00006"},{"key":"ref14","first-page":"55","article-title":"Hiding in plain signal: Physical signal overshadowing attack on LTE","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Yang"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3558482.3590196"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00038"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24283"},{"key":"ref18","first-page":"73","article-title":"Call me maybe: Eavesdropping encrypted LTE calls with ReVoLTE","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Rupprecht"},{"key":"ref19","first-page":"1325","article-title":"Doltest: In-depth downlink negative testing framework for LTE devices","volume-title":"Proc. 31st USENIX Secur. Symp. (USENIX Secur.)","author":"Park"},{"volume-title":"Usrp B210","year":"2025","key":"ref20"},{"volume-title":"Open5GS","year":"2025","author":"Lee","key":"ref21"},{"volume-title":"4G LTE and 5G Radio Access Network Implementation (NodeB and UE)","year":"2025","key":"ref22"},{"volume-title":"srsRAN 4G","year":"2025","key":"ref23"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24390"},{"key":"ref25","first-page":"1601","article-title":"Celldam: User-space, rootless detection and mitigation for 5G data plane","volume-title":"Proc. 20th USENIX Symp. Netw. Syst. Design Implement. (NSDI)","author":"Tan"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3544216.3544260"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.24527"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3696348.3696881"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3643833.3656129"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3643833.3656134"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00104"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354263"},{"key":"ref33","first-page":"3475","article-title":"Instructions unclear: Undefined behaviour in cellular network specifications","volume-title":"Proc. 32nd USENIX Secur. Symp. (USENIX Secur.)","author":"Klischies"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/s11432-024-4337-1"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2021.3100750"},{"volume-title":"NG-RAN; NG Application Protocol (NGAP)","key":"ref36"},{"volume-title":"UERANSIM","key":"ref37"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00141"},{"key":"ref39","first-page":"4445","article-title":"Hermes: Unlocking security analysis of cellular network protocols by synthesizing finite state machines from natural language specifications","volume-title":"Proc. 33rd USENIX Secur. Symp.","author":"Ishtiaq"},{"key":"ref40","first-page":"3063","article-title":"Logic gone astray: A security analysis framework for the control plane protocols of 5G basebands","volume-title":"Proc. 33rd USENIX Secur. Symp. (USENIX Secur.)","author":"Tu"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00142"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00143"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3734477.3734726"},{"key":"ref44","first-page":"1","article-title":"Gotta detect\u2019em all: Fake base station and multi-step attack detection in cellular networks","volume-title":"Proc. 34rd USENIX Secur. Symp. (USENIX Secur.)","author":"Mubasshir"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2025.241115"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3448300.3467826"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3495243.3560525"},{"key":"ref48","first-page":"1291","article-title":"LTrack: Stealthy tracking of mobile phones in LTE","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Kotuliak"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484585"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2021.3110577"},{"key":"ref51","article-title":"An empirical evaluation of generic convolutional and recurrent networks for sequence modeling","author":"Bai","year":"2018","journal-title":"arXiv:1803.01271"},{"volume-title":"SysmoISIM-SJA2 Programmable SIM\/USIM\/ISIM Cards","year":"2025","key":"ref52"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23442"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00149"}],"container-title":["IEEE Internet of Things Journal"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6488907\/11261327\/11172279.pdf?arnumber=11172279","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T18:44:01Z","timestamp":1763664241000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11172279\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,1]]},"references-count":54,"journal-issue":{"issue":"23"},"URL":"https:\/\/doi.org\/10.1109\/jiot.2025.3611508","relation":{},"ISSN":["2327-4662","2372-2541"],"issn-type":[{"type":"electronic","value":"2327-4662"},{"type":"electronic","value":"2372-2541"}],"subject":[],"published":{"date-parts":[[2025,12,1]]}}}