Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

RRC Signaling Storm Detection in O-RAN

Dang Kien Nguyen, Rim El Malki, Filippo Rebecchi

TL;DR

This work investigates RRC signaling storms as a DoS threat to 5G gNB control planes within the O-RAN ecosystem. It deploys an attack in the OpenAirInterface platform and presents a threshold-based detector leveraging RRC-layer features, implemented as an xApp under O-RAN. Results show attack detection within approximately $90$ ms, providing a mitigation window before gNB unavailability, with minimal overhead (~$1.2\%$ CPU and ~$0\%$ memory). The study contributes a practical defense approach for maintaining 5G availability and motivates future work on adaptive thresholds and broader scenario testing.

Abstract

The Open Radio Access Network (O-RAN) marks a significant shift in the mobile network industry. By transforming a traditionally vertically integrated architecture into an open, data-driven one, O-RAN promises to enhance operational flexibility and drive innovation. In this paper, we harness O-RAN's openness to address one critical threat to 5G availability: signaling storms caused by abuse of the Radio Resource Control (RRC) protocol. Such attacks occur when a flood of RRC messages from one or multiple User Equipments (UEs) deplete resources at a 5G base station (gNB), leading to service degradation. We provide a reference implementation of an RRC signaling storm attack, using the OpenAirInterface (OAI) platform to evaluate its impact on a gNB. We supplement the experimental results with a theoretical model to extend the findings for different load conditions. To mitigate RRC signaling storms, we develop a threshold-based detection technique that relies on RRC layer features to distinguish between malicious activity and legitimate high network load conditions. Leveraging O-RAN capabilities, our detection method is deployed as an external Application (xApp). Performance evaluation shows attacks can be detected within 90ms, providing a mitigation window of 60ms before gNB unavailability, with an overhead of 1.2% and 0% CPU and memory consumption, respectively.

RRC Signaling Storm Detection in O-RAN

TL;DR

This work investigates RRC signaling storms as a DoS threat to 5G gNB control planes within the O-RAN ecosystem. It deploys an attack in the OpenAirInterface platform and presents a threshold-based detector leveraging RRC-layer features, implemented as an xApp under O-RAN. Results show attack detection within approximately ms, providing a mitigation window before gNB unavailability, with minimal overhead (~ CPU and ~ memory). The study contributes a practical defense approach for maintaining 5G availability and motivates future work on adaptive thresholds and broader scenario testing.

Abstract

The Open Radio Access Network (O-RAN) marks a significant shift in the mobile network industry. By transforming a traditionally vertically integrated architecture into an open, data-driven one, O-RAN promises to enhance operational flexibility and drive innovation. In this paper, we harness O-RAN's openness to address one critical threat to 5G availability: signaling storms caused by abuse of the Radio Resource Control (RRC) protocol. Such attacks occur when a flood of RRC messages from one or multiple User Equipments (UEs) deplete resources at a 5G base station (gNB), leading to service degradation. We provide a reference implementation of an RRC signaling storm attack, using the OpenAirInterface (OAI) platform to evaluate its impact on a gNB. We supplement the experimental results with a theoretical model to extend the findings for different load conditions. To mitigate RRC signaling storms, we develop a threshold-based detection technique that relies on RRC layer features to distinguish between malicious activity and legitimate high network load conditions. Leveraging O-RAN capabilities, our detection method is deployed as an external Application (xApp). Performance evaluation shows attacks can be detected within 90ms, providing a mitigation window of 60ms before gNB unavailability, with an overhead of 1.2% and 0% CPU and memory consumption, respectively.

Paper Structure

This paper contains 18 sections, 5 equations, 3 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Literature Review
  3. Background
  4. O-RAN Architecture
  5. 5G Connection Establishment
  6. OAI Platform
  7. RRC Signaling Storms
  8. RRC Signaling Storm Definition
  9. Possible Scenarios
  10. Theoretical Model
  11. Attack Implementation and Validation
  12. Attack Implementation with OAI
  13. Attack Validation
  14. Proposed Detection Technique
  15. Detection Solution Implementation and Evaluation in O-RAN
  16. ...and 3 more sections

Figures (3)

  • Figure 1: 5G connection establishment
  • Figure 2: Performance of the proposed detection solution under (a) normal traffic conditions, (b) attack, and (c) high-load
  • Figure 3: Detection latency (i.e., attack case)