Securing the near-real-time (near-RT) control operations in Open Radio Access Networks (Open RAN) is increasingly critical, yet remains insufficiently addressed, as new runtime threats target the control loop while the system is operational. In this paper, we propose a multi-layer defence framework designed to enhance the security of near-RT RAN Intelligent Controller (RIC) operations. We classify operational-time threats into three categories, message-level, data-level, and control logic-level, and design and implement a dedicated detection and mitigation component for each: a signature-based E2 message inspection module performing structural and semantic validation of signalling exchanges, a telemetry poisoning detector based on temporal anomaly scoring using an LSTM network, and a runtime xApp attestation mechanism based on execution-time hash challenge-response. The framework is evaluated on an O-RAN testbed comprising FlexRIC and a commercial RAN emulator, demonstrating effective detection rates, low latency overheads, and practical integration feasibility. Results indicate that the proposed safeguards can operate within near-RT time constraints while significantly improving protection against runtime attacks, introducing less than 80 ms overhead for a network with 500 User Equipment (UEs). Overall, this work lays the foundation for deployable, layered, and policy-driven runtime security architectures for the near-RT RIC control loop in Open RAN, and provides an extensible framework into which future mitigation policies and threat-specific modules can be integrated.

翻译：保障开放无线接入网（Open RAN）中近实时（near-RT）控制操作的安全性日益关键，但现有方案仍显不足，因为新的运行时威胁会在系统运行期间直接针对控制回路发起攻击。本文提出一种多层防御框架，旨在增强近实时无线接入网智能控制器（RIC）操作的安全性。我们将运行时威胁分为三类：消息级、数据级和控制逻辑级，并为每一类设计并实现了一个专用的检测与缓解组件：一个基于签名的端到端消息检查模块，用于对信令交换进行结构和语义验证；一个基于LSTM网络进行时序异常评分的遥测数据投毒检测器；以及一个基于执行时哈希挑战-应答机制的运行时xApp认证机制。该框架在一个包含FlexRIC和商用RAN仿真器的O-RAN测试平台上进行了评估，结果表明其具有较高的检测效率、较低的延迟开销以及实际集成的可行性。结果显示，所提出的安全防护措施能够在近实时时间约束内运行，同时显著提升对运行时攻击的防护能力，在拥有500个用户设备（UE）的网络中引入的额外延迟低于80毫秒。总体而言，本工作为Open RAN中近实时RIC控制回路构建了可部署、分层且策略驱动的运行时安全架构基础，并提供了一个可扩展的框架，未来可集成更多缓解策略与针对特定威胁的模块。