top of page


A light-weight security focused testbed that exercises a wide range of 5G exploits for testing novel security defenses and generating test data

An SDR and Cloud exploit testing framework for use in 5G mobile security test networks

     You can't defend what you cannot see

To design and develop security services atop O-RAN, one must first address the visibility problem. More concretely, the security services (e.g., intrusion detection and anomaly detection xApps) at the control plane must be able to access desired data telemetry that monitors the data plane.

The existing reference E2 Service Models (E2SMs) in the O-RAN specification, namely Key Performance Measurement (KPM), RAN Control (RC), and Network Interface (NI), are insufficient to support sophisticated security services for two main reasons. First, these E2SMs are simply not designed to drive security analytics. The existing E2SMs collect coarse-grained telemetry from the network which is insufficient to conduct fine-grained security analysis

     MobiFlow-enabled security Services

(1) Intrusion Detection System: 5G-Spector is a stateful rule-based expert system developed as an xApp that focuses on the detection of L3 exploits by analyzing the security-relevant state transitions of 5G’s Layer-3 RRC and NAS protocols. We will also extend MobiFlow to extract additional RAN features for other protocols
and new attacks.

(2) Anomaly Detection System: MobiFlow can be generalized to identify anomalous behavioral patterns, temporal triggers, or degenerate performance statistics among devices and base stations, such as for detecting network misconfigurations, fault patterns, or diagnosing unknown rogue UE patterns. In the past, such anomaly detection systems were built within the (smartphone) UEs or the networks. Embedding MobiFlow in the CU/DU offers a novel direction for such an application.

(3) Machine Learning System for Security: MobiFlow can drive machine learning (ML) models and techniques, such as deep learning frameworks. By collecting abundant datasets (e.g., from real-world testbeds) on MobiFlow, various ML models can be trained for novel security tasks, such as malicious UE classifica- tion and abnormal traffic pattern detection. In this regard, we have the expertise in using Variational Autoencoders (VAEs) to model the actions of the P4/SDN for anomaly detection in 5G mobile core from our prior work in traditional SDNs, and for microservice security analysis.

     Where to learn more

Haohuang Wen, Phillip Porras, Vinod Yegneswaran, and Zhiqiang Lin, "A fine-grained telemetry stream for security services in 5G open radio access networks," in Proceedings of the 1st International Workshop on Emerging Topics in Wireless (EmergingWireless '22)

What is 5G-Spector:  An Overview of a security-focused O-RAN compliant CU/DU services module that implements a new security audit service called MobiFlow

bottom of page