| 摘要: | 5G O-RAN 的開放性使基地台可以由各家廠商的設備所組成,不再只是單一廠商壟斷,其開放接口使基站中的傳輸效能得到很大的改善,但也間接曝露了許多資安問題,如:RIC 的A1 接口、SMO 與RU/DU 的O1 接口及DU 與RU 之間的OpenFronthaul 等,這些開放接口在OSI 2 層及3 層成為DoS 攻擊的目標。5G O-RAN 在7.2x 分離前傳界面,此介面由於加密會引入具有挑戰性的時序要求,因此在OpenFronthaul 中的乙太網上未使用加密安全協定,而在O-RAN 的開放架構下更使DoS 在OSI 2 層攻擊成為可能。攻擊者可能冒充DU 或RU,破壞用戶數據或配置中的兩個端點之一及通過對RU 或Open Fronthaul 介面的攻擊以進行干擾,甚至取得訪問權限,如: 對S-Plane 進行攻擊,偽造主時鐘、刪除PTP 封包引起性能下降;而C/U-Plane遭受攻擊,則可能導致用戶資料被竊取,造成難以估計的損失[1]。O-RAN 聯盟在測試整合規範[2] 也提及在O-RAN Open Fronthaul 中OSI 2 層及3 層的DoS 測試必要性,故,本研究在現今較為廣泛的DDoS 流量攻擊中,針對DDoS flood 及LR-DDoS 攻擊在前傳介面所帶來的影響進行了研究,並提出一個「O-RAN Open Fronthaul 介面之基於DQN 的DDoS 緩解方法」。針對OSI 2 層的乙太網幀的流量進行特徵分析以識別異常流量並攔截。
為了模擬演算法效能,本研究開發了一個O-RAN 前傳發封包產生器,並結合Open5GS、srsRAN 及srsUE 建置O-RAN 仿真平台,以測試所提出的DDoS 防禦演算法在前傳中防禦能力。同時,我們也在實驗中證明了DQN 算法在處理多維度DDoS攻擊情境時,比其它代表性的DDoS 緩解演算法(K-means、SVM 及隨機森林) 的平均檢測率、平均誤報率結果更好;在基站的RAN 中DQN 也能更好的改善DDoS 頻寬占用。
最後,本研究也針對DQN 的不同的狀態及獎勵函數設計方法,以加拿大網路安全研究所提出的網路安全測試資料集進行訓練及測試,其結果除了證明本研究提出的DQN 演算法在真實環境中的DDoS 攻擊防禦能力,也證明了所提出的DQN 設計方法相較於對照組的DQN 設計更具適應環境變化的優勢,即我們的方法能以較佳適應能力,兼具DDoS flood 及LR-DDoS 的攻擊的緩解能力。
;The openness of 5G O-RAN allows base stations to be composed of equipment from various vendors, breaking the monopoly of single manufacturers. This open interface significantly
improves transmission performance within the base station but also indirectly exposes numerous security issues. These include the RIC’s A1 interface, the O1 interface between the SMO and RU/DU, and the Open Fronthaul between the DU and RU.
These open interfaces at OSI layers 2 and 3 become targets for DoS attacks.In the 7.2x split fronthaul interface of 5G O-RAN, encryption introduces challenging timing requirements,
leading to the absence of encryption security protocols over Ethernet in the Open Fronthaul. Under the open architecture of O-RAN, DoS attacks at OSI layer 2 are more feasible. Attackers may impersonate DU or RU, compromising one of the endpoints in user data or configurations, or gaining access to the DU and beyond through attacks on the RU or Open Fronthaul interfaces. For example, an attack on the S-Plane by forging master clocks or deleting PTP packets can cause performance degradation. An attack on the C-Plane or U-Plane could lead to the theft of user data, resulting in incalculable losses[1]. The O-RAN ALLIANCE’s testing and integration specifications[2] also mention the necessity of DoS testing at OSI layers 2 and 3 in O-RAN Open Fronthaul. Therefore, this study investigates the impact of DDoS flood and LR-DDoS attacks on the fronthaul interface under prevalent DDoS traffic attacks. It proposes a ”DQN-based DDoS Mitigation Method for the O-RAN Open Fronthaul Interface.” The study analyzes the characteristics of Ethernet frame traffic at OSI layer 2 to identify and intercept abnormal
traffic.
To simulate algorithm performance, this study developed an O-RAN fronthaul packetgenerator and integrated Open5GS, srsRAN, and srsUE to establish an O-RAN simulationplatform. This platform was used to test the proposed DDoS defense algorithm’s ability to protect the fronthaul. Additionally, we demonstrated in experiments that the DQN algorithm outperforms other representative DDoS mitigation algorithms (K-means, SVM, and Random Forest) in terms of average detection rate and average false positive rate when handling multidimensional DDoS attack scenarios. In the RAN of the base station, DQN also significantly improves bandwidth utilization during DDoS attacks.
Finally, this study also explores various state and reward function design methods for DQN, using a network security test dataset from the Canadian Cybersecurity Research
Institute for training and testing. The results not only demonstrate the defense capability of our proposed DQN algorithm against DDoS attacks in real-world environments
but also show that our DQN design method is more adaptable to environmental changes compared to the control group’s DQN design. Our method exhibits better adaptability and the capability to mitigate both DDoS flood and low-rate DDoS attacks.
Index term:O-RAN Base station, RIC, Open fronthaul, DDoS, Machine Learning. |
