Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Cross-Domain AI for Early Attack Detection and Defense Against Malicious Flows in O-RAN

Bruno Missi Xavier, Merim Dzaferagic, Irene Vilà, Magnos Martinello, Marco Ruffini

TL;DR

This work tackles early attack detection in mobile networks by deploying cross-domain AI in Open-RAN (O-RAN). It fuses outputs from a transport-network in-network classifier with KPI-based signals from the RAN, enabling an AutoML-driven training loop that updates a RAN xApp classifier via a cross-domain labeling function. In a realistic OpenIreland setup, the In-Network Classifier reaches about $98\%$ accuracy, the RAN Classifier around $93\%$, and a Benchmark with ideal labels around $96\%$, demonstrating the value of cross-domain feedback for near-source defense. The proposed approach provides a scalable pathway to continuous, automated improvements in network security for disaggregated 5G/O-RAN architectures and supports near-source interception of malicious flows.

Abstract

Only the chairs can edit In the fight against cyber attacks, Network Softwarization (NS) is a flexible and adaptable shield, using advanced software to spot malicious activity in regular network traffic. However, the availability of comprehensive datasets for mobile networks, which are fundamental for the development of Machine Learning (ML) solutions for attack detection near their source, is still limited. Cross-Domain Artificial Intelligence (AI) can be the key to address this, although its application in Open Radio Access Network (O-RAN) is still at its infancy. To address these challenges, we deployed an end-to-end O-RAN network, that was used to collect data from the RAN and the transport network. These datasets allow us to combine the knowledge from an in-network ML traffic classifier for attack detection to bolster the training of an ML-based traffic classifier specifically tailored for the RAN. Our results demonstrate the potential of the proposed approach, achieving an accuracy rate of 93%. This approach not only bridges critical gaps in mobile network security but also showcases the potential of cross-domain AI in enhancing the efficacy of network security measures.

Cross-Domain AI for Early Attack Detection and Defense Against Malicious Flows in O-RAN

TL;DR

This work tackles early attack detection in mobile networks by deploying cross-domain AI in Open-RAN (O-RAN). It fuses outputs from a transport-network in-network classifier with KPI-based signals from the RAN, enabling an AutoML-driven training loop that updates a RAN xApp classifier via a cross-domain labeling function. In a realistic OpenIreland setup, the In-Network Classifier reaches about accuracy, the RAN Classifier around , and a Benchmark with ideal labels around , demonstrating the value of cross-domain feedback for near-source defense. The proposed approach provides a scalable pathway to continuous, automated improvements in network security for disaggregated 5G/O-RAN architectures and supports near-source interception of malicious flows.

Abstract

Only the chairs can edit In the fight against cyber attacks, Network Softwarization (NS) is a flexible and adaptable shield, using advanced software to spot malicious activity in regular network traffic. However, the availability of comprehensive datasets for mobile networks, which are fundamental for the development of Machine Learning (ML) solutions for attack detection near their source, is still limited. Cross-Domain Artificial Intelligence (AI) can be the key to address this, although its application in Open Radio Access Network (O-RAN) is still at its infancy. To address these challenges, we deployed an end-to-end O-RAN network, that was used to collect data from the RAN and the transport network. These datasets allow us to combine the knowledge from an in-network ML traffic classifier for attack detection to bolster the training of an ML-based traffic classifier specifically tailored for the RAN. Our results demonstrate the potential of the proposed approach, achieving an accuracy rate of 93%. This approach not only bridges critical gaps in mobile network security but also showcases the potential of cross-domain AI in enhancing the efficacy of network security measures.
Paper Structure (10 sections, 4 figures, 2 tables)

This paper contains 10 sections, 4 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Cross-Domain AI for ml Feedback and Training Process
  3. Case Study: Intrusion Detection
  4. Dataset forming
  5. Experimental Setup
  6. ran deployment
  7. In-network deployment
  8. Cross-Domain AI Continuous Training and Operation
  9. Classification Results
  10. Conclusion and Future Work

Figures (4)

  • Figure 1: System overview.
  • Figure 2: Cross-domain methodology scheme.
  • Figure 3: Temporal accuracy trends for continuous Cross-Domain ai operation.
  • Figure 4: Confusion Matrix of Traffic Classification.