Machine Learning based Cyber Attack Detection and Classification in O-RAN
摘要
5 G technology improves mobile communication with faster data speeds and reduced latency, but its open architecture raises cybersecurity issues. Attacks can compromise network reliability, privacy, and integrity. Modern communication systems, especially 5 G, introduce new attack surfaces requiring robust detection and classification for critical infrastructure security. In this work, we design and implement a robust cyber attack detection and classification framework for the 5 G O-RAN environment using machine learning and ensemble models. The framework distinguishes between different cyberattack scenarios, including reconnaissance, UDP scan, TCP connect scan, SYN scan, SYN flood, ICMP flood, HTTP flood, and slow-rate DoS attacks. The models are evaluated against deep learning models like convolutional neural networks, long short-term memory, and transformer. An extensive preprocessing pipeline which includes variance inflation factor, min-max normalization, and synthetic minority over-sampling technique to improve data quality and model performance. The models are trained and evaluated on a publicly available 5 G Open Radio Access Network dataset, using performance metrics like accuracy, precision, recall, F1-score, cross-validation accuracy, and log loss to assess their effectiveness and reliability in real-world settings. A comprehensive analysis revealed that machine learning models performed better than deep learning models in the detection and classification of cyberattacks. The random forest achieves an accuracy of 99.99% in distinguishing between benign and attack flows, thereby demonstrating its effectiveness in attack detection. CatBoost results in an accuracy of 99.99% outperforming other classifiers based on superior generalisation capability in attack classification.