Detection of Overshadowing Attack in 4G and 5G Networks

Despite the promises of current and future cellular networks to increase security, privacy, and robustness, 5G networks are designed to streamline discovery and initiate connections with limited computation and communication costs, leading to the predictability of control channels. This predictability enables signal-level attacks, particularly on unprotected initial access signals. To assess vulnerability in access control and enhance robustness in cellular networks, we present a strategic approach leveraging O-RAN architecture in this paper that detects and classifies signal-level attacks for actionable countermeasure defense. We evaluate attack scenarios of various power levels on both 4G/LTE-Advanced and 5G communication systems. We categorize the types of attack models based on the attack cost: Overshadowing and Jamming. Overshadowing represents low attack power categories with time and frequency synchronization, while Jamming represents un-targeted attacks that cause similar quality-of-service degradation as overshadowing attacks but require high power levels. Our detection strategy relies on supervised machine-learning models, specifically a Reservoir Computing (RC) based supervised learning approach that leverages physical and MAC-layer information for attack detection and classification. We demonstrate the efficacy of our detection strategy through extensive experimental evaluations using the O-RAN platform with software-defined radios (SDRs) and commercial off-the-shelf (COTS) user equipment (UEs). Empirical results show that our method can classify the change in statistics caused by most overshadowing and jamming attacks with more than 95% classification accuracy.