Samara Mayhoub

Open Radio Access Network (Open RAN) is a new paradigm to provide fundamental features for supporting next-generation mobile networks. Disaggregation, virtualisation, closed-loop data-driven control, and open interfaces bring flexibility and interoperability to the network deployment. However, these features also create a new surface for security threats. In this paper, we introduce Key Performance Indicators (KPIs) poisoning attack in Near Real-Time control loops as a new form of threat that can have significant effects on the Open RAN functionality. This threat can arise from traffic spoofing on the E2 interface or compromised E2 nodes. The role of KPIs is explored in the use cases of Near Real-Time control loops. Then, the potential impacts of the attack are analysed. An ML-based approach is proposed to detect poisoned KPI values before using them in control loops. Emulations are conducted to generate KPI reports and inject anomalies into the values. A Long Short-Term Memory (LSTM) neural network model is used to detect anomalies. The results show that more amplified injected values are more accessible to detect, and using more report sequences leads to better performance in anomaly detection, with detection rates improving from 62% to 99%.

This paper explores a rule based mediation approach to optimize the balance between coverage and capacity Key Performance Indicators (KPIs) in Self Organizing Networks (SONs). Traditional methods often provide mitigation solutions to resolve conflicts between these KPIs. In contrast, this study introduces a mediation optimization technique that dynamically adjusts electrical antenna tilt in response to changing user densities. Through the simulations, the proposed approach demonstrates significant improvements in network performance, effectively reducing the coverage and capacity losses typically observed when one KPI is prioritized over the other. This dynamic adjustment method offers a more balanced solution for optimizing SON performance.

The Open Radio Access Network (Open RAN) architecture introduces flexibility, interoperability, and high performance through its open interfaces, disaggregated and virtualized components, and intelligent controllers. However, the open interfaces and disaggregation of base stations leave only the Open Radio Unit (O-RU) physically deployed in the field, making it more vulnerable to malicious attacks. This paper addresses signaling storm attacks and introduces a new sub-use case within the signaling storm use case of the 0 RAN Alliance standards by exploring novel attack triggers. Specifically, we examine the compromise of O-RUs and their power sockets, which can lead to a surge in handovers and reregistration procedures. Additionally, we leverage Open RAN's intelligence capabilities to detect these signaling storm attacks. Seven machine learning algorithms have been evaluated based on their detection rate, accuracy, and inference time. Results indicate that the BiDirectional Long Short-Term Memory (BiDLSTM) model outperforms others, achieving a detection rate of {8 8. 2 4 \%} and accuracy of {9 6. 1 5 \%}.

Open Radio Access Network (Open RAN) has revolutionized future communications by introducing open interfaces and intelligent network management. Network slicing enables the creation of multiple virtual networks on a single physical infrastructure, providing tailored services for performance, security, and latency. Efficient RAN slice resource allocation requires accurate prediction of the slice loads from the collected reports. However, open interfaces brought by Open RAN have also caused new security challenges. Malicious attackers could modify the data between E2 nodes with Near Real-Time RIC, hence mislead the model for a poor performance. To prevent this attack, we hereby proposed a novel contrastive learning design, which uses data augmentation to grant the model the vulnerability of feature distortion. The contrastive learning model could learn the correlation of original data with distorted data. Meanwhile, the proposed contrastive learning has a greater generalization ability compared to conventional supervised learning, which is suitable for dynamic environments and could adapt to various noise levels. The proposed contrastive learning includes supervised and unsupervised contrastive learning (SCL and UCL). The proposed SCL could achieve 87.1 % out-of-distribution network slice classification accuracy, the proposed UCL could achieve 86.6 %, while the conventional MLP is 82.6 %. Meanwhile, the proposed method only requires 8.4 % of computation during training compared to that of conventional MLP.