cs.NIcs.CR
StormShield: Fingerprint-Based Detection and Mitigation of RRC Signaling Storms in O-RAN 5G RANs
May 13, 2026
The paper proposes StormShield, a fingerprint-based detection and mitigation technique implemented as an xApp on an O-RAN RIC, which effectively prevents gNB resource exhaustion caused by RRC signaling storms.
5G networks provide low-latency, high throughput, and massive connectivity, yet the control plane remains exposed to several security threats. Among the most common and impactful threats are Denial-of-Service (DoS) attacks, with Radio Resource Control (RRC) signaling storms being particularly effective and difficult to mitigate. In this attack, a malicious User Equipment (UE) aims to exhaust Next Generation Node Base (gNB) resources, preventing legitimate UEs from establishing a connection. Existing defenses are typically limited to detection, only evaluated through numerical simulations, and cannot discern between high-load network conditions and attacks. Most of them also assume static setups and do not take mobility into account. In this paper, we first evaluate the feasibility of the signaling storm attack by using the OpenAirInterface(OAI) 5G protocol stack. Then, we propose StormShield, a signaling storm attack detection and mitigation technique implemented as an xApp on an O-RAN Near-Real-Time (near-RT) RAN Intelligent Controller (RIC). It fingerprints and blocks Malicious UEs (MUEs) before gNB resources are exhausted. We prototyped our solution on an Over-The-Air (OTA) testbed with OAI, NVIDIA Aerial, and two different gNB setups. The first one leverages an USRP X410 Software-defined Radio (SDR) with 8.1 functional split; the second a commercial Foxconn Radio Unit (RU) with 7.2 functional split. Our experimental evaluation demonstrates that StormShield effectively prevents gNB resource exhaustion, identifying and blocking MUEs with an average detection accuracy of 97.6% within 106.5 ms from the beginning of the attack.
Security and Privacy in O-RAN for 6G: A Comprehensive Review of Threats and Mitigation Approaches
This paper provides a comprehensive review of the security vulnerabilities and p…
Semantics Over Syntax: Uncovering Pre-Authentication 5G Baseband Vulnerabilities
The paper introduces Constraint-Guided Semantic Testing (ConSeT), a novel framew…
Empowering Mobile Networks Security Resilience by using Post-Quantum Cryptography
This paper demonstrates a non-disruptive, sidecar-based integration of NIST-stan…
In-network Attack Detection with Federated Deep Learning in IoT Networks: Real Implementation and An…
This paper proposes and evaluates a federated deep learning framework using auto…
Resource Consumption Threats in Large Language Models
This survey systematically reviews resource consumption threats in large languag…
Fingerprinting Deep Neural Networks for Ownership Protection: An Analytical Approach
The paper proposes AnaFP, a theoretically guided analytical fingerprinting schem…
Rapid LoRA Aggregation for Wireless Channel Adaptation in Open-Set Radio Frequency Fingerprinting
The paper proposes a lightweight, self-adaptive framework using LoRA to efficien…
Multi-Agent LLM Governance for Safe Two-Timescale Reinforcement Learning in SDN-IoT Defense
The paper proposes a two-timescale governance framework using a multi-agent LLM…