| dc.description.abstract | The openness of 5G O-RAN allows base stations to be composed of equipment from various vendors, breaking the monopoly of single manufacturers. This open interface significantly
improves transmission performance within the base station but also indirectly exposes numerous security issues. These include the RIC’s A1 interface, the O1 interface between the SMO and RU/DU, and the Open Fronthaul between the DU and RU.
These open interfaces at OSI layers 2 and 3 become targets for DoS attacks.In the 7.2x split fronthaul interface of 5G O-RAN, encryption introduces challenging timing requirements,
leading to the absence of encryption security protocols over Ethernet in the Open Fronthaul. Under the open architecture of O-RAN, DoS attacks at OSI layer 2 are more feasible. Attackers may impersonate DU or RU, compromising one of the endpoints in user data or configurations, or gaining access to the DU and beyond through attacks on the RU or Open Fronthaul interfaces. For example, an attack on the S-Plane by forging master clocks or deleting PTP packets can cause performance degradation. An attack on the C-Plane or U-Plane could lead to the theft of user data, resulting in incalculable losses[1]. The O-RAN ALLIANCE’s testing and integration specifications[2] also mention the necessity of DoS testing at OSI layers 2 and 3 in O-RAN Open Fronthaul. Therefore, this study investigates the impact of DDoS flood and LR-DDoS attacks on the fronthaul interface under prevalent DDoS traffic attacks. It proposes a ”DQN-based DDoS Mitigation Method for the O-RAN Open Fronthaul Interface.” The study analyzes the characteristics of Ethernet frame traffic at OSI layer 2 to identify and intercept abnormal
traffic.
To simulate algorithm performance, this study developed an O-RAN fronthaul packetgenerator and integrated Open5GS, srsRAN, and srsUE to establish an O-RAN simulationplatform. This platform was used to test the proposed DDoS defense algorithm’s ability to protect the fronthaul. Additionally, we demonstrated in experiments that the DQN algorithm outperforms other representative DDoS mitigation algorithms (K-means, SVM, and Random Forest) in terms of average detection rate and average false positive rate when handling multidimensional DDoS attack scenarios. In the RAN of the base station, DQN also significantly improves bandwidth utilization during DDoS attacks.
Finally, this study also explores various state and reward function design methods for DQN, using a network security test dataset from the Canadian Cybersecurity Research
Institute for training and testing. The results not only demonstrate the defense capability of our proposed DQN algorithm against DDoS attacks in real-world environments
but also show that our DQN design method is more adaptable to environmental changes compared to the control group’s DQN design. Our method exhibits better adaptability and the capability to mitigate both DDoS flood and low-rate DDoS attacks.
Index term:O-RAN Base station, RIC, Open fronthaul, DDoS, Machine Learning. | en_US |