簡易檢索 / 詳目顯示

回結果列表
研究生: 黃俊鴻
Jun-Hong Huang
論文名稱: 支持 SDR 的 O-RAN 惡意基站開發基於機器學習的 xApps
Developing Machine Learning-Based xApps for Rogue Base Stations in SDR-Enabled O-RAN
指導教授: 鄭欣明
Shin-Ming Cheng
口試委員: 查士朝
Shi-Cho Cha
柯拉飛
Rafael David Kaliski
李奇育
CHI-YU LI
徐瑞壕
Ruei-Hau Hsu
學位類別: 碩士
Master
系所名稱: 電資學院 - 資訊工程系
Department of Computer Science and Information Engineering
論文出版年: 2022
畢業學年度: 110
語文別: 英文
論文頁數: 58
中文關鍵詞: 5G 非獨立式網路攻擊檢測安卓應用程式電波訊號流氓基地台攻擊軟體定義無線電監督式學習
外文關鍵詞: 5G Non-Standalone, Attack Detection, Android APP, RF Signature, Rogue Base Station (BS) Attacks, Software-Defined Radio, Supervised Machine Learning
相關次數: 點閱:282下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • Recommendation Letter . . . . . . . . . . . . . . . . . . . . . . . . i Approval Letter . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii Abstract in Chinese . . . . . . . . . . . . . . . . . . . . . . . . . . iii Abstract in English . . . . . . . . . . . . . . . . . . . . . . . . . . iv Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix List of Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . x 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1 O-RAN Components and Interfaces . . . . . . . . . . . . 5 2.1.1 Near-RT RIC . . . . . . . . . . . . . . . . . . . . 5 2.1.2 E2 Interface . . . . . . . . . . . . . . . . . . . . . 6 2.2 Network Architecture of 5G NSA . . . . . . . . . . . . . 6 2.3 Rogue BS Attacks in 5G NSA . . . . . . . . . . . . . . . 7 2.3.1 Isolated Rogue BS Attack . . . . . . . . . . . . . 8 2.3.2 Relay Rogue BS Attack . . . . . . . . . . . . . . 8 2.3.3 Covert Rogue BS Attack . . . . . . . . . . . . . . 9 2.4 PHOENIX . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.5 Smile . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3 System Architecture . . . . . . . . . . . . . . . . . . . . . . . . 11 3.1 Attack Model . . . . . . . . . . . . . . . . . . . . . . . . 11 3.2 Attack Process . . . . . . . . . . . . . . . . . . . . . . . 12 3.3 Detector Model . . . . . . . . . . . . . . . . . . . . . . . 13 4 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 4.1 Detector System Model . . . . . . . . . . . . . . . . . . . 14 4.1.1 Data Collection . . . . . . . . . . . . . . . . . . . 15 4.1.2 Feature Extraction . . . . . . . . . . . . . . . . . 16 4.1.3 Feature Selection. . . . . . . . . . . . . . . . . . . 16 4.1.4 Model Training . . . . . . . . . . . . . . . . . . . 17 4.1.5 Model Evaluation . . . . . . . . . . . . . . . . . . 18 4.2 Detector Design . . . . . . . . . . . . . . . . . . . . . . . 18 4.2.1 Detection Process . . . . . . . . . . . . . . . . . . 18 4.2.2 Model Updates . . . . . . . . . . . . . . . . . . . 20 5 Experiment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.1 Rogue Base Station . . . . . . . . . . . . . . . . . . . . . 22 5.1.1 System Configuration . . . . . . . . . . . . . . . 22 5.1.2 Attack Process . . . . . . . . . . . . . . . . . . . 23 5.2 Detector System Model . . . . . . . . . . . . . . . . . . . 23 5.2.1 Raw Signal Collection . . . . . . . . . . . . . . . 23 5.2.2 Feature Extraction . . . . . . . . . . . . . . . . . 25 5.2.3 Feature Selection. . . . . . . . . . . . . . . . . . . 27 5.2.4 Parameter Tuning. . . . . . . . . . . . . . . . . . 28 5.2.5 Evaluation Metrics . . . . . . . . . . . . . . . . . 30 5.2.6 Performance evaluation . . . . . . . . . . . . . . 31 5.3 Detector Design . . . . . . . . . . . . . . . . . . . . . . . 40 5.3.1 Detection Process . . . . . . . . . . . . . . . . . . 40 5.3.2 Model Update . . . . . . . . . . . . . . . . . . . . 42 6 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Letter of Authority . . . . . . . . . . . . . . . . . . . . . . . . . . 47

    [1] A. Garcia-Saavedra and X. Costa-Perez, “O-RAN: Disrupting the virtualized RAN ecosystem,” vol. 5,
    pp. 96–103, Dec. 2021.
    [2] M. Polese, “Understanding O-RAN: Architecture, interfaces, algorithms, security, and research challenges,”
    arXiv preprint arXiv:2202.01032, Feb. 2022.
    [3] A. S. Abdalla et al., “Toward next generation open radio access network – what O-RAN can and
    cannot do!,” arXiv preprint arXiv:2111.13754, Nov. 2021.
    [4] J. Feng, B.-K. Hong, , and S.-M. Cheng, “DDoS attacks in experimental LTE networks,” in Proc.
    IEEE AINA 2020, Apr. 2020.
    [5] J. Cao, M. Ma, H. Li, R. Ma, Y. Sun, P. Yu, and L. Xiong, “A survey on security aspects for 3GPP 5G
    networks,” vol. 22, pp. 170–195, 1stquarter 2020.
    [6] R. Khan, P. Kumar, D. N. K. Jayakody, and M. Liyanage, “A survey on security and privacy of 5G
    technologies: Potential solutions, recent advancements, and future directions,” vol. 22, pp. 196–248,
    1stquarter 2020.
    [7] 3GPP TS 33.401, “System Architecture Evolution (SAE); Security architecture,” tech. rep., 2010.
    version 9.2.0.
    [8] Y. Wang, Z. Zhang, and Y. Xie, “Privacy-preserving and standard-compatible AKA protocol for 5G,”
    in Proc. USENIX Security 2021, Aug. 2021.
    [9] “srsLTE: a free and open-source 4G LTE software suite.” https://docs.srslte.com/en/
    latest/. [Online; accessed 19-July-2008].
    [10] “OpenAirInterface: a flexible platform towards an open LTE ecosystem.” https://www.
    openairinterface.org/?page_id=2762. [Online; accessed ].
    [11] 3GPP TS 33.501, “Security architecture and procedures for 5G system,” tech. rep., Aug. 2020. version
    16.3.0.
    [12] A. Shaik, R. Borgaonkar, J. Seifert, N. Asokan, and V. Niemi, “Practical attacks against privacy and
    availability in 4G/LTE mobile communication systems,” in Proc. NDSS 2016, Feb. 2016.
    [13] W.-L. Heish, B.-K. Hong, and S.-M. Cheng, “Toward large-scale rogue base station attacks using
    container-based virtualization,” in Proc. IEEE VTC 2019-Fall, Aug. 2019.
    [14] D. Rupprecht, K. Kohls, T. Holz, and C. Poepper, “IMP4GT: IMPersonation attacks in 4G NeTworks,”
    in Proc. NDSS 2020, Feb. 2020.
    [15] G. Lee et al., “This is your president speaking: Spoofing alerts in 4G LTE networks,” in Proc. ACM
    MobiSys 2019, pp. 404–416, June 2019.
    [16] “Snoopsnitch.” https://opensource.srlabs.de/projects/snoopsnitch, 2019. Accessed:
    2021-04-04.
    [17] P. Ziayi, S.-M. Farmanbar, and M. Rezvani, “YAICD: Yet another IMSI catcher detector in GSM,”
    Security and Communication Networks, vol. 2021, Jan. 2021.
    [18] M. Echeverria, Z. Ahmed, B. Wang, M. F. Arif, S. R. Hussain, and O. Chowdhury, “PHOENIX:
    Device-centric cellular network protocol monitoring using runtime verification,” in Proc. NDSS 2021,
    Jan. 2021.
    [19] Z. Li, W. Wang, C. Wilson, J. Chen, C. Qian, T. Jung, L. Zhang, K. Liu, X. Li, and Y. Liu, “FBS-Radar:
    Uncovering fake base stations at scale in the wild,” in Proc. NDSS 2017, Jan. 2017.
    [20] C. Quintin, “Detecting fake 4G LTE base stations in real time,” in Proc. USENIX Enigma 2021, Feb.
    2021.
    [21] L. Karaçay et al., “A network-based positioning method to locate false base stations,” vol. 8,
    pp. 111368–111382, Aug. 2021.
    [22] R. Borgaonkar, A. Martin, S. Park, A. Shaik, and J.-P. Seifert, “White-Stingray: Evaluating IMSI
    catchers detection applications,” in Proc. WOOT 2017, Aug. 2017.
    [23] Z. Zhuang, X. Ji, et al., “FBSleuth: Fake base station forensics via radio frequency fingerprinting,”
    in Proc. ACM AsiaCCS 2018, p. 261–272, June 2018.
    [24] S. Park, A. Shaik, R. Borgaonkar, and J.-P. Seifert, “Anatomy of commercial IMSI catchers and detectors,”
    in Proc. ACM WPES 2019, pp. 74–86, Nov. 2019.
    [25] P. K. Nakarmi, M. A. Ersoy, E. U. Soykan, and K. Norrman, “Murat: Multi-RAT false base station
    detector],” arXiv preprint arXiv:2102.08780, Feb. 2021.
    [26] A. Singla et al., “Look before you leap: Secure connection bootstrapping for 5G networks to defend
    against fake base-stations,” in Proc. ACM Asia CCS 2021, pp. 501–515, June 2021.
    [27] “Smile: Statistical machine intelligence and learning engine.” https://haifengl.github.io.
    [Online; accessed ].
    [28] S. Erni, P. Leu, M. Kotuliak, and M. R. andSrdjan Capkun, “AdaptOver: Adaptive overshadowing of
    LTE signals,” CoRR, vol. abs/2106.05039, 2021.
    [29] N. Ludant and G. Noubir, “SigUnder: a stealthy 5G low power attack and defenses,” in Proc. ACM
    WiSec 2021, p. 250–260, June 2021.
    [30] M. Kotuliak, S. Erni, P. Leu, M. Roeschlin, and S. Capkun, “LTrack: Stealthy tracking of mobile
    phones in LTE,” arXiv preprint arXiv:2106.05007, Jun 2021.

    無法下載圖示 全文公開日期 2027/08/02 (校內網路)
    全文公開日期 2027/08/02 (校外網路)
    全文公開日期 2027/08/02 (國家圖書館:臺灣博碩士論文系統)
    QR CODE