Anomaly Detection for Mitigating xApp and E2 Interface Threats in O-RAN Near-RT RIC

IF 6.3 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC IEEE Open Journal of the Communications Society Pub Date : 2025-02-27 DOI:10.1109/OJCOMS.2025.3546760

Cheng-Feng Hung;Chi-Heng Tseng;Shin-Ming Cheng

{"title":"Anomaly Detection for Mitigating xApp and E2 Interface Threats in O-RAN Near-RT RIC","authors":"Cheng-Feng Hung;Chi-Heng Tseng;Shin-Ming Cheng","doi":"10.1109/OJCOMS.2025.3546760","DOIUrl":null,"url":null,"abstract":"As 5G networks advance, the Open Radio Access Network (O-RAN) is crucial in enabling openness and fostering collaboration across the telecom industry. O-RAN enhances flexibility, scalability, and interoperability through open interfaces, reducing dependence on a single vendor and promoting interoperability among vendors and solutions. The Near-Real-Time Radio Intelligent Controller (Near-RT RIC) is crucial for optimizing network resources and improving user experience. However, the openness of O-RAN also introduces security challenges, particularly from third-party developed xApps and E2 nodes that may exploit vulnerabilities to launch attacks. This paper proposes an anomaly traffic detector to protect the Near-RT RIC from threats on the E2 interface. The anomaly traffic detector verifies the legality of signaling through an internal state machine analysis module and checks packet fields through a conformance check module while monitoring network traffic in real time to detect and mitigate Denial of Service attacks. Additionally, we designed a fuzzer to simulate random attacks, testing the capability of the anomaly traffic detector. The anomaly traffic detector not only successfully passes the test cases highlighted in the O-RAN Security Test Specifications, effectively detecting unauthorized traffic and signaling, but also identifies real-world vulnerability exploits, including CVE-2023-40997, CVE-2023-40998, CVE-2023-41627, and CVE-2023-41628, thereby significantly enhancing the security of the Near-RT RIC.","PeriodicalId":33803,"journal":{"name":"IEEE Open Journal of the Communications Society","volume":"6 ","pages":"1682-1694"},"PeriodicalIF":6.3000,"publicationDate":"2025-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10907911","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Open Journal of the Communications Society","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10907911/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

As 5G networks advance, the Open Radio Access Network (O-RAN) is crucial in enabling openness and fostering collaboration across the telecom industry. O-RAN enhances flexibility, scalability, and interoperability through open interfaces, reducing dependence on a single vendor and promoting interoperability among vendors and solutions. The Near-Real-Time Radio Intelligent Controller (Near-RT RIC) is crucial for optimizing network resources and improving user experience. However, the openness of O-RAN also introduces security challenges, particularly from third-party developed xApps and E2 nodes that may exploit vulnerabilities to launch attacks. This paper proposes an anomaly traffic detector to protect the Near-RT RIC from threats on the E2 interface. The anomaly traffic detector verifies the legality of signaling through an internal state machine analysis module and checks packet fields through a conformance check module while monitoring network traffic in real time to detect and mitigate Denial of Service attacks. Additionally, we designed a fuzzer to simulate random attacks, testing the capability of the anomaly traffic detector. The anomaly traffic detector not only successfully passes the test cases highlighted in the O-RAN Security Test Specifications, effectively detecting unauthorized traffic and signaling, but also identifies real-world vulnerability exploits, including CVE-2023-40997, CVE-2023-40998, CVE-2023-41627, and CVE-2023-41628, thereby significantly enhancing the security of the Near-RT RIC.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Open Journal of the Communications Society Multiple-

CiteScore

13.70

自引率

3.80%

发文量

审稿时长

10 weeks

期刊介绍： The IEEE Open Journal of the Communications Society (OJ-COMS) is an open access, all-electronic journal that publishes original high-quality manuscripts on advances in the state of the art of telecommunications systems and networks. The papers in IEEE OJ-COMS are included in Scopus. Submissions reporting new theoretical findings (including novel methods, concepts, and studies) and practical contributions (including experiments and development of prototypes) are welcome. Additionally, survey and tutorial articles are considered. The IEEE OJCOMS received its debut impact factor of 7.9 according to the Journal Citation Reports (JCR) 2023. The IEEE Open Journal of the Communications Society covers science, technology, applications and standards for information organization, collection and transfer using electronic, optical and wireless channels and networks. Some specific areas covered include: Systems and network architecture, control and management Protocols, software, and middleware Quality of service, reliability, and security Modulation, detection, coding, and signaling Switching and routing Mobile and portable communications Terminals and other end-user devices Networks for content distribution and distributed computing Communications-based distributed resources control.