TY  - EJOU
AU  - Yu, Hyeonsoo 
AU  - Kim, Hwankuk 

TI  - Performance Analysis of an AI-Based IDS xApp for Cyberattack Anomaly Detection in O-RAN Near-RT RIC
T2  - Computer Modeling in Engineering \& Sciences

PY  - 2026
VL  - 147
IS  - 2
SN  - 1526-1506

AB  - The introduction of the Open Radio Access Network (O-RAN) architecture enhances network flexibility but introduces novel security threats targeting open interfaces and the RAN Intelligent Controller (RIC). Particularly in the Near-RT RIC environment, an effective Intrusion Detection System (IDS) that satisfies strict near-real-time constraints of within 1 s is essential to defend against cyber attacks. This paper proposes an Artificial Intelligence (AI)-based IDS xApp designed for real-time cyber attack monitoring in the O-RAN Near-RT RIC environment, and quantitatively analyzes its anomaly detection performance and inference latency characteristics against multi-layer security threats utilizing Open RAN Centralized Unit(O-CU) network layer data and Open RAN Distributed Unit (O-DU) radio telemetry data. Evaluation using a public dataset (NetsLab 5G O-RAN IDD) on four deep learning models (LSTM, CNN, Transformer, Autoencoder) showed that supervised learning-based models achieved high F1-scores (reaching up to 0.99) on both datasets. Furthermore, their performance variation remained highly stable at approximately the <mml:math id="mml-ieqn-1"><mml:mo>±</mml:mo></mml:math>0.1 pp level upon transition from the training environment (the Service and Management Orchestration, SMO) to the deployment environment (Near-RT RIC). In the inference latency analysis, the system’s scalability was evaluated by increasing the number of prediction instances up to 80,000. The results confirmed that the latency follows a highly predictable linear time complexity (<mml:math id="mml-ieqn-2"><mml:mrow><mml:mrow><mml:mi>
KW  - Open RAN security; near-RT RIC; IDS xApp; AI-driven intrusion detection; inference latency

DO  - 10.32604/cmes.2026.082095