TY - GEN
T1 - KPI Poisoning: An Attack in Open RAN Near Real-Time Control Loop
AU - Alimohammadi, Hamed
AU - Chatzimiltis, Sotiris
AU - Mayhoub, Samara
AU - Shojafar, Mohammad
AU - Soleymani, Seyed Ahmad
AU - Akbas, Ayhan
AU - Foh, Chuan Heng
PY - 2025/6/12
Y1 - 2025/6/12
N2 - Open Radio Access Network (Open RAN) is a new paradigm to provide fundamental features for supporting next-generation mobile networks. Disaggregation, virtualisation, closed-loop data-driven control, and open interfaces bring flexibility and interoperability to the network deployment. However, these features also create a new surface for security threats. In this paper, we introduce Key Performance Indicators (KPIs) poisoning attack in Near Real-Time control loops as a new form of threat that can have significant effects on the Open RAN functionality. This threat can arise from traffic spoofing on the E2 interface or compromised E2 nodes. The role of KPIs is explored in the use cases of Near Real-Time control loops. Then, the potential impacts of the attack are analysed. An ML-based approach is proposed to detect poisoned KPI values before using them in control loops. Emulations are conducted to generate KPI reports and inject anomalies into the values. A Long Short-Term Memory (LSTM) neural network model is used to detect anomalies. The results show that more amplified injected values are more accessible to detect, and using more report sequences leads to better performance in anomaly detection, with detection rates improving from 62% to 99%.
AB - Open Radio Access Network (Open RAN) is a new paradigm to provide fundamental features for supporting next-generation mobile networks. Disaggregation, virtualisation, closed-loop data-driven control, and open interfaces bring flexibility and interoperability to the network deployment. However, these features also create a new surface for security threats. In this paper, we introduce Key Performance Indicators (KPIs) poisoning attack in Near Real-Time control loops as a new form of threat that can have significant effects on the Open RAN functionality. This threat can arise from traffic spoofing on the E2 interface or compromised E2 nodes. The role of KPIs is explored in the use cases of Near Real-Time control loops. Then, the potential impacts of the attack are analysed. An ML-based approach is proposed to detect poisoned KPI values before using them in control loops. Emulations are conducted to generate KPI reports and inject anomalies into the values. A Long Short-Term Memory (LSTM) neural network model is used to detect anomalies. The results show that more amplified injected values are more accessible to detect, and using more report sequences leads to better performance in anomaly detection, with detection rates improving from 62% to 99%.
KW - KPI Poisoning
KW - Near Real-Time RIC
KW - Open RAN
UR - https://ieeexplore.ieee.org/document/11028721
UR - https://www.scopus.com/pages/publications/105009132700
U2 - 10.1109/FNWF63303.2024.11028721
DO - 10.1109/FNWF63303.2024.11028721
M3 - Conference publication
AN - SCOPUS:105009132700
T3 - IEEE Future Networks World Forum (FNWF)
SP - 712
EP - 718
BT - 2024 IEEE Future Networks World Forum (FNWF)
PB - IEEE
T2 - 2024 IEEE Future Networks World Forum, FNWF 2024
Y2 - 15 October 2024 through 17 October 2024
ER -