Abstract
Open Radio Access Network (Open RAN) is a new paradigm to provide fundamental
features for supporting next-generation mobile networks. Disaggregation,
virtualisation, closed-loop data-driven control, and open interfaces bring
flexibility and interoperability to the network deployment. However, these
features also create a new surface for security threats. In this paper, we
introduce Key Performance Indicators (KPIs) poisoning attack in Near Real-Time
control loops as a new form of threat that can have significant effects on the
Open RAN functionality. This threat can arise from traffic spoofing on the E2
interface or compromised E2 nodes. The role of KPIs is explored in the use
cases of Near Real-Time control loops. Then, the potential impacts of the
attack are analysed. An ML-based approach is proposed to detect poisoned KPI
values before using them in control loops. Emulations are conducted to generate
KPI reports and inject anomalies into the values. A Long Short-Term Memory
(LSTM) neural network model is used to detect anomalies. The results show that
more amplified injected values are more accessible to detect, and using more
report sequences leads to better performance in anomaly detection, with
detection rates improving from 62% to 99%.