Anomalous state detection in radio access networks: A proof-of-concept

IF 7.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications Pub Date : 2024-07-26 DOI:10.1016/j.jnca.2024.103979

Michael Frey , Thomas Evans , Angela Folz , Mary Gregg , Jeanne Quimby , Jacob D. Rezac

{"title":"Anomalous state detection in radio access networks: A proof-of-concept","authors":"Michael Frey , Thomas Evans , Angela Folz , Mary Gregg , Jeanne Quimby , Jacob D. Rezac","doi":"10.1016/j.jnca.2024.103979","DOIUrl":null,"url":null,"abstract":"<div><p>Modern radio access networks (RANs) are both highly complex and potentially vulnerable to unauthorized security setting changes. A RAN is studied in a proof-of-concept experiment to demonstrate that an unauthorized network state is detectable at layers in the RAN architecture away from the source of the state setting. Specifically, encryption state is set at the packet data convergence protocol (PDCP) layer in the Long-Term Evolution (LTE) network model and an anomalous cipher-<span><math><mi>OFF</mi></math></span> state is shown to be detectable at the physical layer. Three tranches of experimental data totaling 1,987 runs and each involving 285 measurands were collected and used to construct and demonstrate single-feature, multi-feature, and multi-run encryption state detectors. These detectors show a range of performances with the single-feature detector based on reference signal received quality achieving near-0% false alarms and near-100% true detections. Multi-run averaging detectors show similar low-error performance, even just based on marginally effective detector features. The detectors’ performances are studied across the three tranches of experimental data and found by multiple complementary measures to be generalizable provided the testbed protocol is carefully controlled. Essential to these results was an automated, comprehensively instrumented experiment testbed in which measurands were treated as distributions.</p></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"231 ","pages":"Article 103979"},"PeriodicalIF":7.7000,"publicationDate":"2024-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804524001565","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Modern radio access networks (RANs) are both highly complex and potentially vulnerable to unauthorized security setting changes. A RAN is studied in a proof-of-concept experiment to demonstrate that an unauthorized network state is detectable at layers in the RAN architecture away from the source of the state setting. Specifically, encryption state is set at the packet data convergence protocol (PDCP) layer in the Long-Term Evolution (LTE) network model and an anomalous cipher- $OFF$ state is shown to be detectable at the physical layer. Three tranches of experimental data totaling 1,987 runs and each involving 285 measurands were collected and used to construct and demonstrate single-feature, multi-feature, and multi-run encryption state detectors. These detectors show a range of performances with the single-feature detector based on reference signal received quality achieving near-0% false alarms and near-100% true detections. Multi-run averaging detectors show similar low-error performance, even just based on marginally effective detector features. The detectors’ performances are studied across the three tranches of experimental data and found by multiple complementary measures to be generalizable provided the testbed protocol is carefully controlled. Essential to these results was an automated, comprehensively instrumented experiment testbed in which measurands were treated as distributions.

查看原文本刊更多论文

无线接入网络中的异常状态检测：概念验证

现代无线接入网络（RAN）不仅高度复杂，而且很容易受到未经授权的安全设置更改的影响。我们在概念验证实验中对一个 RAN 进行了研究，以证明未经授权的网络状态可在 RAN 架构中远离状态设置源的各层被检测到。具体来说，在长期演进（LTE）网络模型的分组数据汇聚协议（PDCP）层设置加密状态，并在物理层检测到异常的密码关闭状态。收集了三批实验数据，总计 1,987 次运行，每次涉及 285 个测量值，用于构建和演示单特征、多特征和多运行加密状态检测器。这些检测器的性能各不相同，其中基于参考信号接收质量的单特征检测器的误报率接近 0%，真实检测率接近 100%。多运行平均检测器显示出类似的低误报性能，甚至只是基于微弱有效的检测器特征。在对三批实验数据进行研究后发现，只要测试平台协议得到严格控制，探测器的性能可以通过多种互补措施加以推广。取得这些结果的关键在于一个自动化的、全面仪器化的实验平台，在这个平台上，测量值被视为分布。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Network and Computer Applications 工程技术-计算机：跨学科应用

CiteScore

21.50

自引率

3.40%

发文量

142

审稿时长

37 days

期刊介绍： The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.