Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Enhancing O-RAN Security: Evasion Attacks and Robust Defenses for Graph Reinforcement Learning-based Connection Management

Ravikumar Balakrishnan, Marius Arvinte, Nageen Himayat, Hosein Nikopour, Hassnaa Moustafa

TL;DR

Robust training-based defenses against the challenging physical/jamming-based attacks are developed and shown to show a 15% improvement in the coverage rates when compared to employing no defense over a range of noise budgets.

Abstract

Adversarial machine learning, focused on studying various attacks and defenses on machine learning (ML) models, is rapidly gaining importance as ML is increasingly being adopted for optimizing wireless systems such as Open Radio Access Networks (O-RAN). A comprehensive modeling of the security threats and the demonstration of adversarial attacks and defenses on practical AI based O-RAN systems is still in its nascent stages. We begin by conducting threat modeling to pinpoint attack surfaces in O-RAN using an ML-based Connection management application (xApp) as an example. The xApp uses a Graph Neural Network trained using Deep Reinforcement Learning and achieves on average 54% improvement in the coverage rate measured as the 5th percentile user data rates. We then formulate and demonstrate evasion attacks that degrade the coverage rates by as much as 50% through injecting bounded noise at different threat surfaces including the open wireless medium itself. Crucially, we also compare and contrast the effectiveness of such attacks on the ML-based xApp and a non-ML based heuristic. We finally develop and demonstrate robust training-based defenses against the challenging physical/jamming-based attacks and show a 15% improvement in the coverage rates when compared to employing no defense over a range of noise budgets

Enhancing O-RAN Security: Evasion Attacks and Robust Defenses for Graph Reinforcement Learning-based Connection Management

TL;DR

Robust training-based defenses against the challenging physical/jamming-based attacks are developed and shown to show a 15% improvement in the coverage rates when compared to employing no defense over a range of noise budgets.

Abstract

Adversarial machine learning, focused on studying various attacks and defenses on machine learning (ML) models, is rapidly gaining importance as ML is increasingly being adopted for optimizing wireless systems such as Open Radio Access Networks (O-RAN). A comprehensive modeling of the security threats and the demonstration of adversarial attacks and defenses on practical AI based O-RAN systems is still in its nascent stages. We begin by conducting threat modeling to pinpoint attack surfaces in O-RAN using an ML-based Connection management application (xApp) as an example. The xApp uses a Graph Neural Network trained using Deep Reinforcement Learning and achieves on average 54% improvement in the coverage rate measured as the 5th percentile user data rates. We then formulate and demonstrate evasion attacks that degrade the coverage rates by as much as 50% through injecting bounded noise at different threat surfaces including the open wireless medium itself. Crucially, we also compare and contrast the effectiveness of such attacks on the ML-based xApp and a non-ML based heuristic. We finally develop and demonstrate robust training-based defenses against the challenging physical/jamming-based attacks and show a 15% improvement in the coverage rates when compared to employing no defense over a range of noise budgets
Paper Structure (17 sections, 11 equations, 8 figures)

This paper contains 17 sections, 11 equations, 8 figures.

Table of Contents

  1. Introduction
  2. System Model
  3. Threat Modeling and Adversarial Attacks on Connection Management xApp
  4. Threat Models
  5. Adversarial Attacks on Connection Management xApp
  6. Attacker Objective
  7. Digital Attacks
  8. Physical/Jamming Attack
  9. Defending against Adversarial Attacks on Connection Management xApp
  10. Hardware based Defense
  11. Algorithmic Defenses
  12. Adversarial Training
  13. Regularized Training
  14. Experimental Evaluation
  15. Attack Evaluation
  16. ...and 2 more sections

Figures (8)

  • Figure 1: xApp utilizes GNN-RL to determine connectivity decisions for a handover requesting user and cell-edge users within a sub-graph around it.
  • Figure 2: Information flow in connection management xApp highlighting threat surfaces to introduce adversarial perturbations. The three boxes indicate the three threat models.
  • Figure 3: Illustration of the three attacks investigated in this paper, shown from left to right, in increasing order of their capabilities and threat model strength: (i) a physical adversary that can only perturb the RSRP measurements for a subset of UEs, (ii) a physical adversary that can perturb the RSRP measurements for all UEs, and (iii) a fully digital adversary with direct access to the GNN inputs.
  • Figure 4: Illustration of the two proposed defenses for the RL-based allocation policy.
  • Figure 5: Illustration of the impact of digital attack on the coverage performance. Adversary is assumed to add noise directly to the input feature of the model.
  • ...and 3 more figures