The service-based architecture (SBA) of 5G introduces significant security risks due to virtualized network functions (VNFs), particularly the absence of dynamic, core-network-oriented intrusion detection and prevention mechanisms. Method: This paper proposes a Security-as-a-Service (SecaaS) paradigm, deploying IDS/IPS as VNFs within the 5G standalone (SA) architecture. Leveraging a hybrid virtualization approach—integrating both VM- and container-based technologies—it enables elastic deployment and collaborative protection of IDS/IPS in the softwarized 5G core network. Contribution/Results: Experimental evaluation under TCP/UDP traffic scenarios demonstrates that the proposed solution effectively detects and mitigates DoS/DDoS attacks while preserving critical 5G QoS metrics—including throughput, latency, and packet loss rate. It thus addresses a key research gap in real-time, orchestratable security enforcement for virtualized 5G environments.

The service-based architecture of 5G network allows network operators to place virtualized network functions on commodity hardware, unlike the traditional vendor-specific hardware-based functionalities. However, it expands the security vulnerabilities and threats to the 5G network. While there exist several theoretical studies on network function placement and service routing, a few focused on the security aspects of the 5G network systems. This paper focuses on safeguarding the 5G core network systems from DoS and DDoS attacks by placing intrusion detection and prevention systems (IDS-IPS) as virtualized network functions following the 5G standalone architecture. To ensure the virtualized placement of IDS-IPS, first, we provide thorough virtual machine (VM)-based and containerized implementation details and evaluate the network performance with two scenarios, IDS and IPS, in the presence of TCP and UDP applications. Second, we apply the VM-based implementation of IDS-IPS on a softwarized 5G core network and study the network performances. The experiment results on network throughput, latency, and packet drop reveal that the softwarized IDS-IPS can meet the QoS requirements of 5G applications, while safeguarding the network from DoS and DDoS attacks.