RAID: In-Network RA Signaling Storm Detection for 5G Open RAN

TL;DR

RAID is a real-time, in-network detection system using programmable switches and machine learning to identify and mitigate signaling storms in 5G Open RAN, ensuring QoS and control-plane stability.

Contribution

The paper introduces RAID, a novel in-network detection system leveraging P4-programmable switches and ML for microsecond-scale RA storm detection in 5G O-RAN.

Findings

Achieves over 94% detection accuracy.

Maintains detection delay around 3.4 microseconds.

Effective across various traffic loads.

Abstract

The disaggregation and virtualization of 5G Open RAN (O-RAN) introduces new vulnerabilities in the control plane that can greatly impact the quality of service (QoS) of latency-sensitive 5G applications and services. One critical issue is Random Access (RA) signaling storms where, a burst of illegitimate or misbehaving user equipments (UEs) send Radio Resource Control (RRC) connection requests that rapidly saturate a Central Unit's (CU) processing pipeline. Such storms trigger widespread connection failures within the short contention resolution window defined by 3GPP. Existing detection and mitigation approaches based on near-real-time RAN Intelligent Controller (n-RT RIC) applications cannot guarantee a timely reaction to such attacks as RIC control loops incur tens to hundreds of milliseconds of latency due to the non-deterministic nature of their general purpose processor (GPP) based architectures. This paper presents RAID, an in-network RA signaling storm detection and mitigation system that leverages P4-programmable switch ASICs to enable real-time protection from malicious attacks. RAID embeds a lightweight Random Forest (RF) classifier into a programmable Tofino switch, enabling line-rate flow classification with deterministic microsecond-scale inference delay. By performing ML-based detection directly in the data plane, RAID catches and filters malicious RA requests before they reach and overwhelm the RRC. RAID achieves above 94% detection accuracy with a fixed per-flow inference delay on the order of 3.4 microseconds, effectively meeting strict O-RAN control-plane deadlines. These improvements are sustained across multiple traffic loads, making RAID a fast and scalable solution for the detection and mitigation of signaling storms in 5G O-RAN.