KR-20260066640-A - METHOD AND APPARATUS FOR PREVENTING INTRUSION IN OPEN RAN SYSTEM

Abstract

A method of an RIC according to an embodiment of the present disclosure in an O-RAN may include: receiving from a base station a report message containing KPM information for a first UE communicating through a base station; determining a risk level by comparing the value of each item of the KPM information included in the report message with a preset threshold value corresponding to each item of the KPM information; and transmitting a message to the base station instructing the termination of a session with the first UE based on the determination that a session termination is required by the determined risk level.

Inventors

• 김수창

Assignees

• 한국전자통신연구원

Dates

Publication Date

20260512

Application Date

20251103

Priority Date

20241104

Claims (1)

1. In a method for a near real-time RAN Intelligent Controller (RIC) in an open radio access network (O-RAN), A step of receiving from the base station a report message containing Key Performance Measurement (KPM) information for a first user equipment (UE) communicating through the base station; A step of determining a risk level by comparing the value of each item of KPM information included in the above report message with a preset threshold corresponding to each item of the above KPM information; and Based on the determination that session termination is required by the above-determined risk level, the step of transmitting a message to the base station instructing the termination of a session with the first UE is included. Near real-time RIC method in O-RAN.

Description

Method and apparatus for preventing attack in an open RAN system The present disclosure relates to open radio access network (RAN) system technology, and more specifically to intrusion prevention technology in open RAN systems. As mobile services such as social networking, video streaming, and online gaming have evolved, advanced mobile communication networks beyond LTE have had to satisfy technical requirements to support not only high transmission speeds but also a wider variety of service scenarios. The International Telecommunication Union (ITU)-R defined Key Performance Indicators (KPIs) and requirements for IMT-2020, the official name for 5G mobile communication. The KPIs for IMT-2020 are summarized as Enhanced Mobile BroadBand (eMBB) with high transmission speeds, Ultra Reliable Low Latency Communication (URLLC) with short transmission latency, and Massive Machine Type Communication (mMTC) to provide massive terminal connectivity. The 3rd Generation Partnership Project (3GPP), an international standard development organization for mobile communications, has been developing 5G standard specifications based on new radio access technologies that satisfy IMT-2020 requirements. Significant changes are taking place in 5G, such as the introduction of Software Defined Networking (SDN) and Network Function Virtualization (NFV) concepts into the core network to achieve automation and intelligence in network control, operation, and management. However, the Radio Access Network (RAN), which includes base stations, still maintains a closed structure and remains dependent on the protocols and interfaces of specific equipment manufacturers. This leads to interoperability issues between various manufacturers and hinders the market entry of diverse manufacturers. Accordingly, the Open Radio Access Network (O-RAN) Alliance was established in February 2018 under the leadership of five global telecommunications operators: AT&T, China Mobile, Deutsche Telekom, NTT Docomo, and Orange. The O-RAN Alliance is working to reshape the RAN industry into a more intelligent, open, virtualized, and fully interoperable mobile telecommunications network. Currently, the O-RAN Alliance consists of approximately 300 member entities, including telecommunications operators, companies, and research institutions, and is conducting standardization and developing open source platforms to promote the development of open, intelligent RANs for the 5G and, furthermore, 6G eras. Open LAN systems are emerging as a future alternative to mobile communication RANs. In an open LAN system, key functions can be performed by the RAN Intelligent Controller (RIC). RICs can be classified into Near Real-Time (RT) RICs and Non-RT RICs. Near Real-Time RICs can introduce eXtended applications (xApps), which are applications with open Application Programming Interfaces (APIs). xApps can manipulate the behavior of specific cells, groups of UEs, and specific UEs. Because open LANs have an open architecture, various third -party vendors can participate in the ecosystem, and the extensive use of open source creates vulnerabilities. Furthermore, open LANs are vulnerable to attacks initiated by malicious UEs, posing a significant risk of causing network issues and a high likelihood of compromising RAN performance and privacy protection. For example, attacks via malicious UEs can cause a Distributed Denial of Service (DDoS), run internal malicious programs, or disable the system or cause significant performance degradation through jamming. Despite these threats, there is a problem in that it is difficult to respond flexibly to security threats in Open RAN because countermeasures for security vulnerabilities have not been specified. Figure 1 is a conceptual diagram of the O-RAN architecture. FIG. 2 is a block diagram illustrating an example of a communication node constituting a communication system. Figure 3 is a flowchart illustrating the communication initiation procedure when a UE for which communication initiation is requested is a suspected UE in an intrusion prevention system including an open LAN. FIG. 4a is a partial flowchart of an operation to identify a UE suspected of intrusion in an intrusion detection xApp according to the present disclosure. Figure 4b is a flowchart of the case where an operation to identify a UE suspected of intrusion is performed in the intrusion detection xApp in succession to Figure 4a. FIG. 4c is a flowchart of the remaining operations for identifying a UE suspected of intrusion in the intrusion detection xApp, continuing from FIG. 4b. The present disclosure is capable of various modifications and may have various embodiments, and specific embodiments are illustrated in the drawings and described in detail. However, this is not intended to limit the present disclosure to specific embodiments, and it should be understood that it includes all modifications, equivalents, and substitutions that fall within the spirit and scope of the pre