Adversarial Evasion Attack on Intrusion Detection Systems and Defense Methods in Open RAN Networks
Abstract
Intrusion Detection Systems (IDS) are an important element for open radio access networks (Open RAN), as they provide essential defense services against cyber threats. Typically, IDS in Open RAN relies on machine learning models, which makes it vulnerable to adversaries aiming to evade detection. In particular, a DDoS attack capable of evading the IDS of an Open RAN infrastructure poses a significant risk to the telecommunications service provider. Nevertheless, few studies have focused on adversarial attacks targeting IDS in Open RAN networks. In this context, this paper presents an adversarial attack called Distributed DoS Adversarial Detection Evasion (DDoS-ADE), which is designed to evade DDoS detection by an IDS deployed in the RAN Intelligent Controller (RIC) of an Open RAN infrastructure. In addition to presenting this evasion attack, the paper investigates the effectiveness of two defense strategies: (i) model feature reduction and (ii) adversarial training. Both the proposed DDoS-ADE attack and the defense methods were implemented and evaluated in the OpenRAN@Brasil testbed. The results show that DDoS-ADE is able to evade 94,66% of an unprotected IDS. In comparison, the implemented defense methods are capable of reducing evasion by up to 98,45%.References
Alliance, O.-R. (2021). O-ran ai/ml workflow description and requirements 1.03. Relatório Técnico O-RAN.WG2.AIML-v01.03, O-RAN Alliance. Acessado em 20 de janeiro de 2025.
Alliance, O.-R. (2025a). O-ran security threat modeling and risk assessment 5.0. Relatório Técnico O-RAN.WG11.TR.Threat-Modeling.O-R004-v05.00, O-RAN Alliance. Acessado em 10 de Fevereiro de 2025.
Alliance, O.-R. (2025b). O-ran study on security for artificial intelligence and machine learning (ai/ml) in o-ran 3.0. Relatório Técnico O-RAN.WG11.TR.AIML-Security-Analysis.0-R004-v03.00, O-RAN Alliance. Acessado em 15 de Fevereiro de 2025.
Amachaghi, E. N., Shojafar, M., Foh, C. H., and Moessner, K. (2024). A survey for intrusion detection systems in open ran. IEEE Access, 12:88146–88173.
Ayub, M. A., Johnson, W. A., Talbert, D. A., and Siraj, A. (2020). Model evasion attack on intrusion detection systems using adversarial machine learning. In 2020 54th Annual Conference on Information Sciences and Systems (CISS), pages 1–6.
Bhagoji, A. N., Cullina, D., Sitawarin, C., and Mittal, P. (2017). Enhancing robustness of machine learning systems via data transformations.
Chang, J.-E., Chiu, Y.-C., Ma, Y.-W., Li, Z.-X., and Shao, C.-L. (2024). Packet continuity ddos attack detection for open fronthaul in oran system. In NOMS 2024-2024 IEEE Network Operations and Management Symposium, pages 1–5.
Costa, J. C., Roxo, T., Proença, H., and Inácio, P. R. M. (2024). How deep learning sees the world: A survey on adversarial attacks defenses. IEEE Access, 12:61113–61136.
Dias, V. (2025). Usap-5g - sid-xapp branch. [link].
Ergu, Y. A., Nguyen, V.-L., Hwang, R.-H., Lin, Y.-D., Cho, C.-Y., Yang, H.-K., Shin, H., and Duong, T. Q. (2025). Efficient adversarial attacks against drl-based resource allocation in intelligent o-ran for v2x. IEEE Transactions on Vehicular Technology, 74(1):1674–1686.
Marinova, S. and Leon-Garcia, A. (2024). Intelligent o-ran beyond 5g: Architecture, use cases, challenges, and opportunities. IEEE Access, 12:27088–27114.
Nicolae, M.-I., Sinn, M., Tran, M. N., Buesser, B., Rawat, A., Wistuba, M., Zantedeschi, V., Baracaldo, N., Chen, B., Ludwig, H., Molloy, I. M., and Edwards, B. (2019a). Adversarial robustness toolbox v1.0.0.
Nicolae, M.-I., Sinn, M., Tran, M. N., Buesser, B., Rawat, A., Wistuba, M., Zantedeschi, V., Baracaldo, N., Chen, B., Ludwig, H., Molloy, I. M., and Edwards, B. (2019b). Adversarial robustness toolbox v1.0.0.
O-RAN Alliance (2018). O-ran whitepaper - building the next generation ran. Whitepaper, O-RAN Alliance.
Polese, M., Bonati, L., D’Oro, S., Basagni, S., and Melodia, T. (2023). Understanding o-ran: Architecture, interfaces, algorithms, security, and research challenges. IEEE Communications Surveys Tutorials, 25(2):1376–1411.
Rimedo Labs (2023). Rimedo labs. [link].
Sapavath, N. N., Kim, B., Chowdhury, K., and Shah, V. K. (2023). Experimental study of adversarial attacks on ml-based xapps in o-ran. In GLOBECOM 2023 - 2023 IEEE Global Communications Conference, pages 6352–6357.
Sharafaldin, I., Habibi Lashkari, A., and Ghorbani, A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. pages 108–116.
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. In 2019 International Carnahan Conference on Security Technology (IC-CST), pages 1–8.
Silva, M., Oliveira, L., Dias, V., Gomes, M., Farias, F., Riker, A., and Abelém, A. (2025). Automatizando a alocação de usuários em slices 5g em arquiteturas open ran. In Anais do XXX Workshop de Gerência e Operação de Redes e Serviços, pages 127–140, Porto Alegre, RS, Brasil. SBC.
SRS (2025). Open-source and ORAN-native 5G CU/DU with a complete stack from I/Q to IP from SRS.
Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., and Fergus, R. (2014). Intriguing properties of neural networks.
Tramèr, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., and McDaniel, P. (2020). Ensemble adversarial training: Attacks and defenses.
Xavier, B. M., Dzaferagic, M., Collins, D., Comarela, G., Martinello, M., and Ruffini, M. (2023). Machine learning-based early attack detection using open ran intelligent controller. In ICC 2023 - IEEE International Conference on Communications, pages 1856–1861.
Zhang, S., Xie, X., and Xu, Y. (2020). A brute-force black-box method to attack machine learning-based systems in cybersecurity. IEEE Access, PP:1–1.
Alliance, O.-R. (2025a). O-ran security threat modeling and risk assessment 5.0. Relatório Técnico O-RAN.WG11.TR.Threat-Modeling.O-R004-v05.00, O-RAN Alliance. Acessado em 10 de Fevereiro de 2025.
Alliance, O.-R. (2025b). O-ran study on security for artificial intelligence and machine learning (ai/ml) in o-ran 3.0. Relatório Técnico O-RAN.WG11.TR.AIML-Security-Analysis.0-R004-v03.00, O-RAN Alliance. Acessado em 15 de Fevereiro de 2025.
Amachaghi, E. N., Shojafar, M., Foh, C. H., and Moessner, K. (2024). A survey for intrusion detection systems in open ran. IEEE Access, 12:88146–88173.
Ayub, M. A., Johnson, W. A., Talbert, D. A., and Siraj, A. (2020). Model evasion attack on intrusion detection systems using adversarial machine learning. In 2020 54th Annual Conference on Information Sciences and Systems (CISS), pages 1–6.
Bhagoji, A. N., Cullina, D., Sitawarin, C., and Mittal, P. (2017). Enhancing robustness of machine learning systems via data transformations.
Chang, J.-E., Chiu, Y.-C., Ma, Y.-W., Li, Z.-X., and Shao, C.-L. (2024). Packet continuity ddos attack detection for open fronthaul in oran system. In NOMS 2024-2024 IEEE Network Operations and Management Symposium, pages 1–5.
Costa, J. C., Roxo, T., Proença, H., and Inácio, P. R. M. (2024). How deep learning sees the world: A survey on adversarial attacks defenses. IEEE Access, 12:61113–61136.
Dias, V. (2025). Usap-5g - sid-xapp branch. [link].
Ergu, Y. A., Nguyen, V.-L., Hwang, R.-H., Lin, Y.-D., Cho, C.-Y., Yang, H.-K., Shin, H., and Duong, T. Q. (2025). Efficient adversarial attacks against drl-based resource allocation in intelligent o-ran for v2x. IEEE Transactions on Vehicular Technology, 74(1):1674–1686.
Marinova, S. and Leon-Garcia, A. (2024). Intelligent o-ran beyond 5g: Architecture, use cases, challenges, and opportunities. IEEE Access, 12:27088–27114.
Nicolae, M.-I., Sinn, M., Tran, M. N., Buesser, B., Rawat, A., Wistuba, M., Zantedeschi, V., Baracaldo, N., Chen, B., Ludwig, H., Molloy, I. M., and Edwards, B. (2019a). Adversarial robustness toolbox v1.0.0.
Nicolae, M.-I., Sinn, M., Tran, M. N., Buesser, B., Rawat, A., Wistuba, M., Zantedeschi, V., Baracaldo, N., Chen, B., Ludwig, H., Molloy, I. M., and Edwards, B. (2019b). Adversarial robustness toolbox v1.0.0.
O-RAN Alliance (2018). O-ran whitepaper - building the next generation ran. Whitepaper, O-RAN Alliance.
Polese, M., Bonati, L., D’Oro, S., Basagni, S., and Melodia, T. (2023). Understanding o-ran: Architecture, interfaces, algorithms, security, and research challenges. IEEE Communications Surveys Tutorials, 25(2):1376–1411.
Rimedo Labs (2023). Rimedo labs. [link].
Sapavath, N. N., Kim, B., Chowdhury, K., and Shah, V. K. (2023). Experimental study of adversarial attacks on ml-based xapps in o-ran. In GLOBECOM 2023 - 2023 IEEE Global Communications Conference, pages 6352–6357.
Sharafaldin, I., Habibi Lashkari, A., and Ghorbani, A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. pages 108–116.
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. In 2019 International Carnahan Conference on Security Technology (IC-CST), pages 1–8.
Silva, M., Oliveira, L., Dias, V., Gomes, M., Farias, F., Riker, A., and Abelém, A. (2025). Automatizando a alocação de usuários em slices 5g em arquiteturas open ran. In Anais do XXX Workshop de Gerência e Operação de Redes e Serviços, pages 127–140, Porto Alegre, RS, Brasil. SBC.
SRS (2025). Open-source and ORAN-native 5G CU/DU with a complete stack from I/Q to IP from SRS.
Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., and Fergus, R. (2014). Intriguing properties of neural networks.
Tramèr, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., and McDaniel, P. (2020). Ensemble adversarial training: Attacks and defenses.
Xavier, B. M., Dzaferagic, M., Collins, D., Comarela, G., Martinello, M., and Ruffini, M. (2023). Machine learning-based early attack detection using open ran intelligent controller. In ICC 2023 - IEEE International Conference on Communications, pages 1856–1861.
Zhang, S., Xie, X., and Xu, Y. (2020). A brute-force black-box method to attack machine learning-based systems in cybersecurity. IEEE Access, PP:1–1.
Published
2025-09-01
How to Cite
DIAS, Victor; SILVA, Murilo; GOMES, Matheus; BORGES, Lucas; RIKER, André; ABELÉM, Antônio.
Adversarial Evasion Attack on Intrusion Detection Systems and Defense Methods in Open RAN Networks. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 163-179.
DOI: https://doi.org/10.5753/sbseg.2025.11492.
