Machine Learning-based Early Attack Detection Using Open RAN Intelligent Controller

TL;DR

This paper presents a machine learning-based framework leveraging Open RAN's near-real-time RIC to detect DoS attacks early at the RAN level with high accuracy, enhancing network security.

Contribution

It introduces a novel approach combining Open RAN and ML algorithms for early attack detection directly at the RAN, with a custom RIC interface and real-time analysis.

Findings

Achieved 95% accuracy in classifying malicious vs. genuine traffic.

Successfully detected attacks at the Distributed Unit before reaching the Centralized Unit.

Demonstrated the effectiveness of ML algorithms in a realistic testbed environment.

Abstract

We design and demonstrate a method for early detection of Denial-of-Service attacks. The proposed approach takes advantage of the OpenRAN framework to collect measurements from the air interface (for attack detection) and to dynamically control the operation of the Radio Access Network (RAN). For that purpose, we developed our near-Real Time (RT) RAN Intelligent Controller (RIC) interface. We apply and analyze a wide range of Machine Learning algorithms to data traffic analysis that satisfy the accuracy and latency requirements set by the near-RT RIC. Our results show that the proposed framework is able to correctly classify genuine vs. malicious traffic with high accuracy (i.e., 95%) in a realistic testbed environment, allowing us to detect attacks already at the Distributed Unit (DU), before malicious traffic even enters the Centralized Unit (CU).