Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular Devices

Hussain, Syed Rafiul; Karim, Imtiaz; Ishtiaq, Abdullah Al; Chowdhury, Omar; Bertino, Elisa

doi:10.1145/3460120.3485388

Cited by 15 publications

(6 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To this end, we assume that any UEs can be malicious, and the communication channel between UEs and RANs is subject to man-in-themiddle (MiTM) attacks [14] such as signal injection [19]. More precisely, we focus on the L3 attack surfaces that exploit unprotected (i.e., not signed or encrypted) cellular messages within the NAS and RRC protocols [38] over the radio frequency (RF) channel, which have been extensively studied [10], [12], [14], [9], [16], [13], [39], [40], [41], [17]. We provide the list of such unprotected messages [21], [20] in Table V (in the Appendix).…”

Section: A Threat Modelmentioning

confidence: 99%

5G-Spector: An O-RAN Compliant Layer-3 Cellular Attack Detection Service

Wen,

Porras,

Yegneswaran

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Over the past several years, the mobile security community has discovered a wide variety of exploits against link and session-establishment protocols. These exploits can be implemented on software-defined radios (SDRs) that disrupt, spoof, or flood layer-3 (L3) messages to compromise security and privacy, which still apply to the latest 5G mobile network standard. Interestingly, unlike the prior generations of closed (proprietary) mobile network infrastructures, 5G networks are migrating toward a more intelligent and open-standards-based fully interoperable mobile architecture, called Open RAN or O-RAN. The implications of transitioning mobile infrastructures to a software-defined architectural abstraction are quite significant to the INFOSEC community, as it allows us to extend the mobile data plane and control plane with security-focused protocol auditing services and exploit detection. Based on this design, we present 5G-SPECTOR, the first comprehensive framework for detecting the wide spectrum of L3 protocol exploits on O-RAN. It features a novel security audit stream called MOBIFLOW that transfers fine-grained cellular network telemetry, and a programmable control-plane xApp called MOBIEXPERT. We present an extensible prototype of 5G-SPECTOR which can detect 7 types of cellular attacks in real-time. We also demonstrate its scalability to 11 unknown attacks as well as 31 real-world cellular traces, with effective performance (high accuracy, no false alarms) and low (<2% CPU, <100 MB memory) overhead.

show abstract

Section: A Threat Modelmentioning

confidence: 99%

5G-Spector: An O-RAN Compliant Layer-3 Cellular Attack Detection Service

Wen,

Porras,

Yegneswaran

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…The increasing sophistication of network attacks poses a significant threat to critical infrastructure across various sectors [43], [44]. Consequently, IDS plays a crucial role in safeguarding computer network systems against malicious activities, whether initiated by internal users or external infiltrators [45].…”

Section: B Intrusion Detection Systemsmentioning

confidence: 99%

E-XAI: Evaluating Black-Box Explainable AI Frameworks for Network Intrusion Detection

Arreche,

Guntur,

Roberts

et al. 2024

IEEE Access

View full text Add to dashboard Cite

The exponential growth of intrusions on networked systems inspires new research directions on developing artificial intelligence (AI) techniques for intrusion detection systems (IDS). In particular, the need to understand and explain these AI models to security analysts (managing these IDS to safeguard their networks) motivates the usage of explainable AI (XAI) methods in real-world IDS. In this work, we propose an end-to-end framework to evaluate black-box XAI methods for network IDS. We evaluate both global and local scopes for these black-box XAI methods for network intrusion detection. We analyze six different evaluation metrics for two popular black-box XAI techniques, namely SHAP and LIME. These metrics are descriptive accuracy, sparsity, stability, efficiency, robustness, and completeness. They cover main metrics from network security and AI domains. We evaluate our XAI evaluation framework using three popular network intrusion datasets and seven AI methods with different characteristics. We release our codes for the network security community to access it as a baseline XAI framework for network IDS. Our framework shows the limitations and strengths of current black-box XAI methods when applied to network IDS.

show abstract

“…The growing complexity of network attacks presents a serious risk to various essential infrastructures [44,45]. To counteract this, intrusion detection systems (IDSs) are implemented to protect networks from malicious actions conducted by both insiders and external attackers [46].…”

Section: Intrusion Detection Systemsmentioning

confidence: 99%

XAI-IDS: Toward Proposing an Explainable Artificial Intelligence Framework for Enhancing Network Intrusion Detection Systems

Arreche,

Guntur,

Abdallah

2024

Applied Sciences

View full text Add to dashboard Cite

The exponential growth of network intrusions necessitates the development of advanced artificial intelligence (AI) techniques for intrusion detection systems (IDSs). However, the reliance on AI for IDSs presents several challenges, including the performance variability of different AI models and the opacity of their decision-making processes, hindering comprehension by human security analysts. In response, we propose an end-to-end explainable AI (XAI) framework tailored to enhance the interpretability of AI models in network intrusion detection tasks. Our framework commences with benchmarking seven black-box AI models across three real-world network intrusion datasets, each characterized by distinct features and challenges. Subsequently, we leverage various XAI models to generate both local and global explanations, shedding light on the underlying rationale behind the AI models’ decisions. Furthermore, we employ feature extraction techniques to discern crucial model-specific and intrusion-specific features, aiding in understanding the discriminative factors influencing the detection outcomes. Additionally, our framework identifies overlapping and significant features that impact multiple AI models, providing insights into common patterns across different detection approaches. Notably, we demonstrate that the computational overhead incurred by generating XAI explanations is minimal for most AI models, ensuring practical applicability in real-time scenarios. By offering multi-faceted explanations, our framework equips security analysts with actionable insights to make informed decisions for threat detection and mitigation. To facilitate widespread adoption and further research, we have made our source code publicly available, serving as a foundational XAI framework for IDSs within the research community.

show abstract

Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular Devices

Cited by 15 publications

References 34 publications

5G-Spector: An O-RAN Compliant Layer-3 Cellular Attack Detection Service

5G-Spector: An O-RAN Compliant Layer-3 Cellular Attack Detection Service

E-XAI: Evaluating Black-Box Explainable AI Frameworks for Network Intrusion Detection

XAI-IDS: Toward Proposing an Explainable Artificial Intelligence Framework for Enhancing Network Intrusion Detection Systems

Contact Info

Product

Resources

About