This post is also available in:
עברית (Hebrew)
As mobile networks evolve toward more open and software-driven architectures, they are becoming more flexible — but also more exposed. Modern 5G systems rely on interconnected components and virtualized infrastructure, creating multiple entry points for attackers. Traditional security tools, which depend on known attack signatures, often struggle to detect new or rapidly evolving threats.
A new defense framework called TwinGuard is designed to address this challenge by shifting from rule-based detection to real-time behavioral analysis. The system uses a digital twin — a continuously updated virtual replica of a live network — to monitor activity and identify anomalies as they emerge.
By combining this digital model with reinforcement learning, the platform can anticipate suspicious behavior and respond almost instantly. Instead of waiting for predefined indicators, the AI learns what normal network activity looks like and flags deviations in real time. Once a threat is identified, the system can take action to block or mitigate the attack.
In testing, the system was deployed in two realistic 5G environments: a simulated multi-cell Open Radio Access Network (O-RAN) and a fully virtualized 5G core network. Across both scenarios, the system detected and neutralized attacks in under 100 milliseconds. These included handover flooding attacks, which attempt to overwhelm connection management systems, and E2 subscription flooding, where malicious applications flood network controllers with requests.
According to TechXplore, one of the key advantages of the approach is its speed. By processing live data through the digital twin, the system reduces the time between detection and response to a fraction of a second. This is particularly important in 5G environments, where high-speed data flows can allow attacks to escalate quickly.
For defense and homeland security applications, resilient communications are critical. Military operations, emergency services and critical infrastructure increasingly rely on secure mobile networks. A system capable of identifying and stopping attacks in real time could help maintain operational continuity in contested or high-risk environments.
As the industry looks toward 6G, the emphasis is shifting toward adaptive security models. Systems like this suggest a move away from static defenses toward intelligent platforms that learn, predict and respond as network conditions change.
