Det-RAN: Data-Driven Cross-Layer Real-Time Attack Detection in 5G Open RANs

Abstract

Fifth generation (5G) and beyond cellular networks are vulnerable to security threats, primarily due to the lack of integrity protection in the Radio Resource Control (RRC) layer. In order to address this problem, we propose a real- time anomaly detection framework that leverages the concept of distributed applications in 5G Open RAN networks. Specifically, we identify Physical Layer (PHY) features that can generate a reliable fingerprint, infer in a novel way the time of arrival of uplink packets lacking integrity protection, and handle cross- layer features. By identifying legitimate message sources and detecting suspicious activities through an Artificial Intelligence (AI) design, we demonstrate that Open RAN-based applications that run at the edge can be designed to provide additional security to the network. Our solution is first validated in extensive emulation environments achieving over 85% accuracy in predicting potential attacks on unseen test scenarios. We then integrate our approach into a real-world prototype with a large channel emulator to assess its real-time performance and costs. Our solution meets the low-latency real-time constraints of 2 ms, making it well-suited for real-world deployments.