An official website of the United States government
The open radio access network (O-RAN) offers new degrees of freedom for building and operating advanced cellular networks. Emphasizing on RAN disaggregation, open interfaces, multi-vendor support, and RAN intelligent controllers (RICs), O-RAN facilitates adaptation to new applications and technology trends. Yet, this architecture introduces new security challenges. This article proposes leveraging zero trust principles for O-RAN security. We introduce zero trust RAN (ZTRAN), which embeds service authentication, intrusion detection, and secure slicing subsystems that are encapsulated as xApps. We implement ZTRAN on the open artificial intelligence cellular (OAIC) research platform and demonstrate its feasibility and effectiveness in terms of legitimate user throughput and latency figures. Our experimental analysis illustrates how ZTRAN's intrusion detection and secure slicing microservices operate effectively and in concert as part of O-RAN Alliance's containerized near-real time RIC. Research directions include exploring machine learning and additional threat intelligence feeds for improving the performance and extending the scope of ZTRAN.
more »
« less
This content will become publicly available on June 8, 2026
Integrated LLM-Based Intrusion Detection with Secure Slicing xApp for Securing O-RAN-Enabled Wireless Network Deployments
The Open Radio Access Network (O-RAN) architecture is reshaping telecommunications by promoting openness, flexibility, and intelligent closed-loop optimization. By decoupling hardware and software and enabling multi-vendor deployments, O-RAN reduces costs, enhances performance, and allows rapid adaptation to new technologies. A key innovation is intelligent network slicing, which partitions networks into isolated slices tailored for specific use cases or quality of service requirements. The RAN Intelligent Controller further optimizes resource allocation, ensuring efficient utilization and improved service quality for user equipment (UEs). However, the modular and dynamic nature of O-RAN expands the threat surface, necessitating advanced security measures to maintain network integrity, confidentiality, and availability. Intrusion detection systems have become essential for identifying and mitigating attacks. This research explores using large language models (LLMs) to generate security recommendations based on the temporal traffic patterns of connected UEs. The paper introduces an LLM-driven intrusion detection framework and demonstrates its efficacy through experimental deployments, comparing non-fine-tuned and fine-tuned models for task-specific accuracy.
more »
« less
- PAR ID:
- 10639029
- Publisher / Repository:
- IEEE Explore
- Date Published:
- Journal Name:
- IEEE International Conference on Communications workshops
- ISSN:
- 2694-2941
- Page Range / eLocation ID:
- 274 to 279
- Subject(s) / Keyword(s):
- Intrusion detection LLM, latency Open Artificial Intelligence Cellular O-RAN security slicing xApp.
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
This demonstration explores the security concerns in 5G and beyond networks within open radio access network (O-RAN) deployments, focusing on active attacks disrupting cellular communications. An xApp developed on the open artificial intelligence cellular (OAIC) platform enables on-the-fly creation and management of network slices to mitigate such attacks. The xApp is hosted in the near-real time RAN intelligent controller (RIC) and establishes secure slices for the software radio network it controls. This solution presents a practical approach for resilient and secure network management in dynamic environments.more » « less
-
The open radio access network (O-RAN) is recognized for its modularity and adaptability, facilitating swift responses to emerging applications and technological advancements. However, this architecture's disaggregated nature, coupled with support from various vendors, introduces new security challenges. This paper proposes an innovative approach to bolster the security of future O-RAN deployments by leveraging RAN slicing principles. Central to this security enhancement is the concept of secure slicing. We introduce SliceX, an xApp designed to safeguard RAN resources while ensuring strict throughput and latency requirements are met for legitimate users. Leveraging the open artificial intelligence cellular re-search (OAIC) platform, we observed that the network latency averages around ten microseconds in a default configuration without SliceX. The latency escalates to over seven seconds in the presence of a malicious user equipment (UE) flooding the net-work with requests. SliceX intervenes, restoring network latency to normal levels, with a maximum latency of approximately 2.3 s. These and other numerical findings presented in this paper affirm the tangible advantages of SliceX in mitigating security threats and ensuring that 0- RAN deployments meet stringent performance requirements. Our research demonstrates the real-world effectiveness of secure slicing, making SliceX a valuable tool for military, government, and critical infrastructure opera-tors reliant on public wireless communication networks to fulfill their security, resiliency, and performance objectives.more » « less
-
The prevailing network security measures are often implemented on proprietary appliances that are deployed at fixed network locations with constant capacity. Such a rigid deployment is sometimes necessary, but undermines the flexibility of security services in meeting the demands of emerging applications, such as augmented/virtual reality, autonomous driving, and 5G for industry 4.0, which are provoked by the evolution of connected and smart devices, their heterogeneity, and integration with cloud and edge computing infrastructures. To loosen these rigid security deployments, in this paper, we propose a data-centric SECurity-as-a-Service (SECaaS) framework for elastic deployment and provisioning of security services at the Multi-Access Edge Computing (MEC) infrastructure. In particular, we discuss three security services that are suitable for edge deployment: (i) an intrusion detection and prevention system (IDPS), (ii) an access control enforcement system (ACE), and (iii) a communication anonymization service (CA). We benchmark the common security microservices along with the design and implementation of a proof of concept communication anonymization application.more » « less
-
Openness and intelligence are two enabling features to be introduced in next generation wireless networks, for example, Beyond 5G and 6G, to support service heterogeneity, open hardware, optimal resource utilization, and on-demand service deployment. The open radio access network (O-RAN) is a promising RAN architecture to achieve both openness and intelligence through virtualized network elements and well-defined interfaces. While deploying artificial intelligence (AI) models is becoming easier in O-RAN, one significant challenge that has been long neglected is the comprehensive testing of their performance in realistic environments. This article presents a general automated, distributed and AI-enabled testing framework to test AI models deployed in O-RAN in terms of their decision-making performance, vulnerability and security. This framework adopts a master-actor architecture to manage a number of end devices for distributed testing. More importantly, it leverages AI to automatically and intelligently explore the decision space of AI models in O-RAN. Both software simulation testing and software-defined radio hardware testing are supported, enabling rapid proof of concept research and experimental research on wireless research platforms.more » « less
