Los puntos clave no están disponibles para este artículo en este momento.
The impending adoption of Open Radio Access Network (O-RAN) is fueling innovation in the RAN towards data-driven operation. Unlike traditional RAN where the RAN data and its usage is restricted within proprietary and monolithic RAN equipment, the O-RAN architecture opens up access to RAN data (i.e., network telemetry), via RAN intelligent controllers (RICs), to third-party machine learning (ML) powered applications - rApps and xApps - to optimize RAN operations. Consequently, a major focus has been placed on leveraging RAN data to unlock greater efficiency gains. However, there is an increasing recognition that RAN data access to apps could become a source of vulnerability and be exploited by malicious actors. Motivated by this, we carry out a comprehensive investigation of data vulnerabilities on both xApps and rApps, respectively hosted in Near- and Non-real-time (RT) RIC components of O-RAN. Our investigation begins by qualitatively analyzing the O-RAN security mechanisms and limitations relevant to xApps and rApps, such as their onboarding authentication process and RIC database access mechanisms. Considering a threat model informed by this analysis, we design a viable and effective black-box evasion attack strategy targeting O-RAN RIC Apps while accounting for the stringent timing constraints (particularly for xApps) and attack effectiveness. The attack strategy employs four key techniques: the model cloning algorithm, input-specific perturbations, universal adversarial perturbations (UAPs), and targeted UAPs. This strategy targets ML models used by both xApps and rApps within the O-RAN system, aiming to degrade network performance. We experimentally validate the effectiveness of the designed evasion attack strategy and quantify the scale of performance degradation using a real-world O-RAN testbed and emulation environments. This evaluation is conducted using the Interference Classification xApp and the Power Saving rApp as representative applications for near-RT and non-RT RICs, respectively. Further, we show that the attack strategy is effective against prominent defense techniques for adversarial ML, such as defensive distillation and adversarial training.
Gajjar et al. (Mon,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: