Along with the popularization of smartphones in the past decades, cellular networks have evolved five generations so far and empowered the convenient modern lifestyle. Despite their undeniable importance in our society, cellular networks are, unfortunately, vulnerable to various attacks across protocol layers and throughout different generations due to design flaws and implementation slip-ups. To determine whether a message is part of an attack, both the context (i.e., message prior to the current message) and other features (e.g., EMM state, paging record number) are crucial. Though rule-based intrusion detection systems are widely used, they suffer from high false-positive and false-negative rates for the aforementioned reasons. In this work, we designed and implemented a novel machine learning model as an intrusion detection system that can learn from both benign and attack traces. The experimental result demonstrates the effectiveness of the proposed method.
