TY - GEN
T1 - A New Sub-Use Case for Signaling Storm Attack in Open RAN and an ML-based Detection Approach
AU - Mayhoub, Samara
AU - Chatzimiltis, Sotiris
AU - Alimohammadi, Hamed
AU - He, Zhizhou
AU - Abdulkareem, Sulyman Age
AU - Shojafar, Mohammad
AU - Akbas, Ayhan
AU - Foh, Chuan Heng
PY - 2025/1/27
Y1 - 2025/1/27
N2 - The Open Radio Access Network (Open RAN) architecture introduces flexibility, interoperability, and high performance through its open interfaces, disaggregated and virtualized components, and intelligent controllers. However, the open interfaces and disaggregation of base stations leave only the Open Radio Unit (O-RU) physically deployed in the field, making it more vulnerable to malicious attacks. This paper addresses signaling storm attacks and introduces a new sub-use case within the signaling storm use case of the 0 RAN Alliance standards by exploring novel attack triggers. Specifically, we examine the compromise of O-RUs and their power sockets, which can lead to a surge in handovers and reregistration procedures. Additionally, we leverage Open RAN's intelligence capabilities to detect these signaling storm attacks. Seven machine learning algorithms have been evaluated based on their detection rate, accuracy, and inference time. Results indicate that the BiDirectional Long Short-Term Memory (BiDLSTM) model outperforms others, achieving a detection rate of {88.24% and accuracy of 96.15%.
AB - The Open Radio Access Network (Open RAN) architecture introduces flexibility, interoperability, and high performance through its open interfaces, disaggregated and virtualized components, and intelligent controllers. However, the open interfaces and disaggregation of base stations leave only the Open Radio Unit (O-RU) physically deployed in the field, making it more vulnerable to malicious attacks. This paper addresses signaling storm attacks and introduces a new sub-use case within the signaling storm use case of the 0 RAN Alliance standards by exploring novel attack triggers. Specifically, we examine the compromise of O-RUs and their power sockets, which can lead to a surge in handovers and reregistration procedures. Additionally, we leverage Open RAN's intelligence capabilities to detect these signaling storm attacks. Seven machine learning algorithms have been evaluated based on their detection rate, accuracy, and inference time. Results indicate that the BiDirectional Long Short-Term Memory (BiDLSTM) model outperforms others, achieving a detection rate of {88.24% and accuracy of 96.15%.
KW - 5G
KW - AI/ML
KW - Open RAN
KW - Signaling Storm
UR - https://ieeexplore.ieee.org/document/10849726
UR - https://www.scopus.com/pages/publications/85218193291
U2 - 10.1109/CSCN63874.2024.10849726
DO - 10.1109/CSCN63874.2024.10849726
M3 - Conference publication
AN - SCOPUS:85218193291
T3 - IEEE Conference on Standards for Communications and Networking (CSCN)
SP - 308
EP - 313
BT - 2024 IEEE Conference on Standards for Communications and Networking (CSCN)
PB - IEEE
T2 - 2024 IEEE Conference on Standards for Communications and Networking, CSCN 2024
Y2 - 25 November 2024 through 27 November 2024
ER -