Experimental Study of Adversarial Attacks on ML-based xApps in O-RAN

TL;DR

This paper experimentally demonstrates how adversarial machine learning attacks can significantly impair the performance of ML-based xApps in O-RAN, highlighting vulnerabilities in the near-real time RIC system.

Contribution

It provides the first experimental analysis of adversarial attacks on ML models within the O-RAN architecture, specifically on interference classification xApps.

Findings

Adversarial attacks can drastically reduce classifier accuracy.

Small data manipulations can impact O-RAN system performance.

Demonstrated vulnerability in a laboratory O-RAN testbed.

Abstract

Open Radio Access Network (O-RAN) is considered as a major step in the evolution of next-generation cellular networks given its support for open interfaces and utilization of artificial intelligence (AI) into the deployment, operation, and maintenance of RAN. However, due to the openness of the O-RAN architecture, such AI models are inherently vulnerable to various adversarial machine learning (ML) attacks, i.e., adversarial attacks which correspond to slight manipulation of the input to the ML model. In this work, we showcase the vulnerability of an example ML model used in O-RAN, and experimentally deploy it in the near-real time (near-RT) RAN intelligent controller (RIC). Our ML-based interference classifier xApp (extensible application in near-RT RIC) tries to classify the type of interference to mitigate the interference effect on the O-RAN system. We demonstrate the first-ever scenario of how such an xApp can be impacted through an adversarial attack by manipulating the data stored in a shared database inside the near-RT RIC. Through a rigorous performance analysis deployed on a laboratory O-RAN testbed, we evaluate the performance in terms of capacity and the prediction accuracy of the interference classifier xApp using both clean and perturbed data. We show that even small adversarial attacks can significantly decrease the accuracy of ML application in near-RT RIC, which can directly impact the performance of the entire O-RAN deployment.