System and method for machine learning assisted security analysis of 5g network connected systems

1 . A method for detecting security vulnerabilities in a fifth generation core network (5GCN), the method comprising: constructing an attack graph from a plurality of regular expressions, each regular expression corresponding to a sequence of system level operations for a known 5GCN attack, the attack graph comprising a plurality of nodes, each node representing a system-level operation of the 5GCN, and a plurality of paths, each path representing a 5GCN attack vector; performing a linear search on the attack graph to determine unexploited 5GCN attack vectors, wherein a path in the attack graph that does not represent a known 5GCN attack vector represents an unexploited 5GCN attack vector; and applying a trained machine learning module to the attack graph to predict new 5GCN attacks, the trained machine learning module configured to determine a feasibility of linking unconnected nodes in the attack graph to create a new branch representing a new 5GCN vulnerability exploit. 2 . The method of claim 1 , wherein known 5GCN attacks comprise exploiting a vulnerability in at least one of a software defined network (SDN), network function virtualization (NFV), and input/output (I/O) peripheral of the 5GCN. 3 . The method of claim 1 , wherein new 5GCN attacks comprise exploiting a vulnerability in at least one of a software defined network (SDN), network function virtualization (NFV), and input/output (I/O) peripheral of the 5GCN. 4 . The method of claim 1 , wherein new 5GCN attacks comprise exploiting a combination of vulnerabilities from at least two of a SDN, NFV, and I/O peripheral of the 5GCN. 5 . The method of claim 1 , wherein constructing the attack graph further comprises representing each of the plurality of regular expressions as execution graphs. 6 . The method of claim 5 , wherein constructing the attack graph further comprises combining the plurality of execution graphs into an aggregated attack graph. 7 . The method of claim 1 , wherein unexploited 5GCN attack vectors are discovered based on a connection of nodes in the attack graph. 8 . The method of claim 1 , wherein linking unconnected nodes in the attack DAG is feasible when a sequence of operations represented by linking the unconnected nodes can be implemented in the 5GCN. 9 . The method of claim 1 , wherein the machine learning module comprises at least one of Naïve Bayes, Decision Tree, k-Nearest Neighbors, Support Vector Machines, and Artificial Neural Network. 10 . The method of claim 1 , further comprising training the machine learning module to predict new 5GCN attacks. 11 . The method of claim 10 , further comprising constructing a training dataset for training the machine learning module, the training dataset comprising all existing paths in the attack graph as feasible and a plurality of unconnected paths known to be infeasible. 12 . The method of claim 11 , wherein infeasible branches comprise infeasible sequences of system-level operations. 13 . The method of claim 10 , wherein the machine learning module is trained based on parameters for achieving higher negative predictive value and accuracy. 14 . The method of claim 10 , wherein the machine learning module is trained based on parameters for achieving higher F1 score, recall, and precision. 15 . A system for detecting security vulnerabilities in a fifth generation core network (5GCN), the system comprising one or more processors configured to: construct an attack graph from a plurality of regular expressions, each regular expression corresponding to a sequence of system level operations for a known 5GCN attack, the attack graph comprising a plurality of nodes, each node representing a system-level operation of the 5GCN, and a plurality of paths, each path representing a 5GCN attack vector; perform a linear search on the attack graph to determine unexploited 5GCN attack vectors, wherein a path in the attack graph that does not represent a known 5GCN attack vector represents an unexploited 5GCN attack vector; and apply a trained machine learning module to the attack graph to predict new 5GCN attacks, the trained machine learning module configured to determine a feasibility of linking unconnected nodes in the attack graph to create a new branch representing a new 5GCN vulnerability exploit. 16 - 28 . (canceled) 29 . A non-transitory computer-readable medium having stored thereon a computer program for execution by a processor configured to perform a method for detecting security vulnerabilities in a fifth generation core network (5GCN), the method comprising: constructing an attack graph from a plurality of regular expressions, each regular expression corresponding to a sequence of system level operations for a known 5GCN attack, the attack graph comprising a plurality of nodes, each node representing a system-level operation of the 5GCN, and a plurality of paths, each path representing a 5GCN attack vector; performing a linear search on the attack graph to determine unexploited 5GCN attack vectors, wherein a path in the attack graph that does not represent a known 5GCN attack vector represents an unexploited 5GCN attack vector; and applying a trained machine learning module to the attack graph to predict new 5GCN attacks, the trained machine learning module configured to determine a feasibility of linking unconnected nodes in the attack graph to create a new branch representing a new 5GCN vulnerability exploit. 30 - 42 . (canceled)