The impending adoption of Open Radio Access Network (O-RAN) is fueling innovation in the RAN towards data-driven operation. Unlike traditional RAN where the RAN data and its usage is restricted within proprietary and monolithic RAN equipment, the O-RAN architecture opens up access to RAN data via RAN intelligent controllers (RICs), to third-party machine learning (ML) powered applications - rApps and xApps - to optimize RAN operations. Consequently, a major focus has been placed on leveraging RAN data to unlock greater efficiency gains. However, there is an increasing recognition that RAN data access to apps could become a source of vulnerability and be exploited by malicious actors. Motivated by this, we carry out a comprehensive investigation of data vulnerabilities on both xApps and rApps, respectively hosted in Near- and Non-real-time (RT) RIC components of O-RAN. We qualitatively analyse the O-RAN security mechanisms and limitations for xApps and rApps, and consider a threat model informed by this analysis. We design a viable and effective black-box evasion attack strategy targeting O-RAN RIC Apps while accounting for the stringent timing constraints and attack effectiveness. The strategy employs four key techniques: the model cloning algorithm, input-specific perturbations, universal adversarial perturbations (UAPs), and targeted UAPs. This strategy targets ML models used by both xApps and rApps within the O-RAN system, aiming to degrade network performance. We validate the effectiveness of the designed evasion attack strategy and quantify the scale of performance degradation using a real-world O-RAN testbed and emulation environments. Evaluation is conducted using the Interference Classification xApp and the Power Saving rApp as representatives for near-RT and non-RT RICs. We also show that the attack strategy is effective against prominent defense techniques for adversarial ML.

翻译：开放式无线接入网络（O-RAN）的即将采用正推动无线接入网络向数据驱动运营的创新方向发展。与传统无线接入网络将无线接入网络数据及其使用限制在专有且单一的网络设备内不同，O-RAN架构通过无线接入网络智能控制器向第三方机器学习应用——rApp和xApp——开放无线接入网络数据访问权限，以优化无线接入网络运营。因此，利用无线接入网络数据释放更大效率增益已成为主要关注点。然而，人们日益认识到，应用对无线接入网络数据的访问可能成为漏洞来源并被恶意行为者利用。基于此动机，我们分别对托管于O-RAN近实时与非实时无线接入网络智能控制器组件中的xApp和rApp进行了数据漏洞的全面研究。我们定性分析了O-RAN针对xApp和rApp的安全机制及其局限性，并基于此分析构建了威胁模型。我们设计了一种针对O-RAN无线接入网络智能控制器应用的可行且有效的黑盒规避攻击策略，同时兼顾严格的时间约束和攻击有效性。该策略采用四种关键技术：模型克隆算法、输入特异性扰动、通用对抗性扰动以及定向通用对抗性扰动。该策略针对O-RAN系统中xApp和rApp使用的机器学习模型，旨在降低网络性能。我们通过真实的O-RAN测试平台和仿真环境验证了所设计规避攻击策略的有效性，并量化了性能下降的规模。评估以干扰分类xApp和节能rApp作为近实时与非实时无线接入网络智能控制器的代表案例进行。我们还证明了该攻击策略对对抗性机器学习的主流防御技术具有有效性。