A New Sub-Use Case for Signaling Storm Attack in Open RAN and an ML-based Detection Approach

Samara Mayhoub; Sotiris Chatzimiltis; Hamed Alimohammadi; Zhizhou He; Sulyman Abdulkareem; Mohammad Shojafar; Ayhan Akbas; Chuan Heng Foh

doi:10.1109/CSCN63874.2024.10849726

Conference proceeding

A New Sub-Use Case for Signaling Storm Attack in Open RAN and an ML-based Detection Approach

Samara Mayhoub, Sotiris Chatzimiltis, Hamed Alimohammadi, Zhizhou He, Sulyman Abdulkareem, Mohammad Shojafar, Ayhan Akbas and Chuan Heng Foh

2024 IEEE Conference on Standards for Communications and Networking (Online), pp.308-313

IEEE Conference on Standards for Communications and Networking

IEEE Conference on Standards for Communications and Networking (Online) (Belgrade, Serbia, 25/11/2024–27/11/2024)

27/01/2025

DOI: https://doi.org/10.1109/CSCN63874.2024.10849726

Abstract

Accuracy

AI/ML

Handover

Machine learning algorithms

Open RAN

Prevention and mitigation

Signaling Storm

Sockets

Standards

Storms

Surges

Switches

The Open Radio Access Network (Open RAN) architecture introduces flexibility, interoperability, and high performance through its open interfaces, disaggregated and virtualized components, and intelligent controllers. However, the open interfaces and disaggregation of base stations leave only the Open Radio Unit (O-RU) physically deployed in the field, making it more vulnerable to malicious attacks. This paper addresses signaling storm attacks and introduces a new sub-use case within the signaling storm use case of the 0 RAN Alliance standards by exploring novel attack triggers. Specifically, we examine the compromise of O-RUs and their power sockets, which can lead to a surge in handovers and reregistration procedures. Additionally, we leverage Open RAN's intelligence capabilities to detect these signaling storm attacks. Seven machine learning algorithms have been evaluated based on their detection rate, accuracy, and inference time. Results indicate that the BiDirectional Long Short-Term Memory (BiDLSTM) model outperforms others, achieving a detection rate of {8 8. 2 4 \%} and accuracy of {9 6. 1 5 \%}.

Metrics

1 Record Views

Details

Title: A New Sub-Use Case for Signaling Storm Attack in Open RAN and an ML-based Detection Approach
Creators: Samara Mayhoub - 5GIC and 6GIC, Institute for Communication Systems (ICS), University of Surrey
Sotiris Chatzimiltis - 5GIC and 6GIC, Institute for Communication Systems (ICS), University of Surrey
Hamed Alimohammadi - 5GIC and 6GIC, Institute for Communication Systems (ICS), University of Surrey
Zhizhou He - 5GIC and 6GIC, Institute for Communication Systems (ICS), University of Surrey
Sulyman Abdulkareem - 5GIC and 6GIC, Institute for Communication Systems (ICS), University of Surrey
Mohammad Shojafar - 5GIC and 6GIC, Institute for Communication Systems (ICS), University of Surrey
Ayhan Akbas - 5GIC and 6GIC, Institute for Communication Systems (ICS), University of Surrey
Chuan Heng Foh - 5GIC and 6GIC, Institute for Communication Systems (ICS), University of Surrey
Publication Details: 2024 IEEE Conference on Standards for Communications and Networking (Online), pp.308-313
Conference: IEEE Conference on Standards for Communications and Networking (Online) (Belgrade, Serbia, 25/11/2024–27/11/2024)
Series: IEEE Conference on Standards for Communications and Networking
Publisher: IEEE
Number of pages: 6
First online publication date: 27/01/2025
Grant note: This work was supported in part by the Highly Intelligent, Highly Performing RAN (HiPer-RAN) Project and in part by the Mobile oRAN for highly Dense Environments (5G MoDE) Project, Two major winners of the U.K.’s Department of Science, Innovation and Technology (DSIT) Open Networks Ecosystem Competition.
Identifiers: 991002066402346; WOS:001442211400054
Academic Unit: University of Surrey; School of Computer Science and Electronic Engineering
Language: English
Resource Type: Conference proceeding

A New Sub-Use Case for Signaling Storm Attack in Open RAN and an ML-based Detection Approach

Abstract

Metrics

Details

Usage Policy