Design and Implementation of an Efficient Intrusion Response System for 5G RAN Baseband Units

Abstract: The 5G Radio Access Network (RAN) is a critical system that must be secured against potential attacks, particularly its Base-Band Unit (BBU), which is a common target for intrusions. Ericsson, which is a big provider of such systems, has placed significant emphasis on implementing Intrusion Detection Systems (IDS) to detect threats. However, the attention given to Intrusion Response Systems (IRS) in general is limited, with current challenges including false alarms, response cost, response time and reliability. Also, the hardware limitations of the BBU present difficulties in designing an effective IRS. To address these challenges, a semi-automated IRS was implemented with a dynamic and cost-based response selection approach. Open Source SECurity (OSSEC), which is a free, open-source endpoint detection and response tool, was employed to execute the selected responses. The effectiveness of the IRS was assessed based on Ericsson's requirements, reliability, response time, response cost and false alarms. The results obtained show that the proposed IRS is reliable as it can handle a huge number of intrusions and has negligible performance overhead in less extreme attack cases. These findings offer valuable insights into addressing intrusions within a system with constrained hardware resources.