{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T10:39:03Z","timestamp":1780051143281,"version":"3.53.1"},"reference-count":35,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2025,11,3]],"date-time":"2025-11-03T00:00:00Z","timestamp":1762128000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>Mobile networking in 4G and 5G remains vulnerable against fake base stations. A fake base station can inject and manipulate the radio resource control (RRC) communication protocol to disable the user equipment\u2019s connectivity. To motivate our research, we empirically show that such a fake base station can cause an indefinite hold of the user equipment\u2019s connectivity using our fake base station prototype against an off-the-shelf phone. To defend against such threat, we design and build an anomaly detection system to detect the fake base station threats. It detects any base station\u2019s deviations from the 4G\/5G RRC protocol, which supports both the connectivity provision case (all works well and the user receives connectivity) and the connection-release case (cannot provide connectivity at the time and thus releases connections). Our scheme based on unsupervised machine learning dynamically and automatically controls and sets the detection parameters, which vary with mobility and the communication channel, and utilizes greater information to improve its effectiveness. Using software-defined radios and srsRAN, we implement a prototype of our scheme from sensing to data collection to machine-learning-based detection processing. Our empirical evaluations demonstrate the detection effectiveness and adaptability; i.e., our scheme accurately detects fake base stations deviating from the set protocol in mobile scenarios by adapting its model parameters. Our scheme achieves 100% accuracy in static scenarios against the fake base station threats. If the dynamic control is disabled, i.e., not adapting to mobility and different channel environments, the accuracy drops to 65\u201376%, but our scheme adjusts the model via dynamic training to recover to 100% accuracy.<\/jats:p>","DOI":"10.3390\/jcp5040094","type":"journal-article","created":{"date-parts":[[2025,11,3]],"date-time":"2025-11-03T19:30:27Z","timestamp":1762198227000},"page":"94","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Anomaly Detection Against Fake Base Station Threats Using Machine Learning"],"prefix":"10.3390","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0366-895X","authenticated-orcid":false,"given":"Amanul","family":"Islam","sequence":"first","affiliation":[{"name":"Department of Computer Science, University of Colorado Colorado Springs, Colorado Springs, CO 80918, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-5995-2923","authenticated-orcid":false,"given":"Sourav","family":"Purification","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Colorado Colorado Springs, Colorado Springs, CO 80918, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5736-5823","authenticated-orcid":false,"given":"Sang-Yoon","family":"Chang","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Colorado Colorado Springs, Colorado Springs, CO 80918, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2025,11,3]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Shaik, A., Borgaonkar, R., Asokan, N., Niemi, V., and Seifert, J.P. (2015). Practical attacks against privacy and availability in 4G\/LTE mobile communication systems. arXiv.","DOI":"10.14722\/ndss.2016.23236"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Hussain, S., Chowdhury, O., Mehnaz, S., and Bertino, E. (2018, January 18\u201321). LTEInspector: A systematic approach for adversarial testing of 4G LTE. Proceedings of the Network and Distributed Systems Security (NDSS) Symposium, San Diego, CA, USA.","DOI":"10.14722\/ndss.2018.23313"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Hussain, S.R., Echeverria, M., Karim, I., Chowdhury, O., and Bertino, E. (2019, January 11\u201315). 5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol. Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, London, UK.","DOI":"10.1145\/3319535.3354263"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Bitsikas, E., and P\u00f6pper, C. (2022, January 5\u20139). You have been warned: Abusing 5G\u2019s Warning and Emergency Systems. Proceedings of the 38th Annual Computer Security Applications Conference, Austin, TX, USA.","DOI":"10.1145\/3564625.3568000"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Lee, G., Lee, J., Lee, J., Im, Y., Hollingsworth, M., Wustrow, E., Grunwald, D., and Ha, S. (2019, January 17\u201321). This is your president speaking: Spoofing alerts in 4G LTE networks. Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services, Seoul, Republic of Korea.","DOI":"10.1145\/3307334.3326082"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Purification, S., and Chang, S.Y. (2025, January 8\u201311). Verifiable Alerts for 4G\/5G Public Warning System. Proceedings of the IEEE Conference on Communications and Network Security (CNS), Avignon, France.","DOI":"10.1109\/CNS66487.2025.11195018"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Kim, H., Lee, J., Lee, E., and Kim, Y. (2019, January 19\u201323). Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane. Proceedings of the IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP.2019.00038"},{"key":"ref_8","unstructured":"Karakoc, B., F\u00fcrste, N., Rupprecht, D., and Kohls, K. (June, January 29). Never Let Me Down Again: Bidding-Down Attacks and Mitigations in 5G and 4G. Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec \u201923, Guildford, UK."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Liu, B., Lu, C., Li, Z., Duan, H., Hao, S., Liu, M., Liu, Y., Wang, D., and Li, Q. (2020, January 9\u201313). Lies in the Air: Characterizing Fake-Base-Station Spam Ecosystem in China. Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Virtual.","DOI":"10.1145\/3372297.3417257"},{"key":"ref_10","unstructured":"Wen, H., Porras, P., Yegneswaran, V., and Lin, Z. (March, January 27). Thwarting Smartphone SMS Attacks at the Radio Interface Layer. Proceedings of the 30th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA."},{"key":"ref_11","unstructured":"Purification, S., Wuthier, S., Kim, J., Kim, I., and Chang, S.Y. (2025, January 6\u20138). Base Station Certificate and Authentication for 5G Radio Control Security. Proceedings of the 2025 IEEE 22nd International Conference on Mobile Ad-Hoc and Smart Systems (MASS), Chicago, IL, USA."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Purification, S., Wuthier, S., Kim, J., Kim, J., and Chang, S.Y. (2024, January 29\u201331). Fake Base Station Detection and Blacklisting. Proceedings of the 2024 33rd International Conference on Computer Communications and Networks (ICCCN), Kailua-Kona, HI, USA.","DOI":"10.1109\/ICCCN61486.2024.10637542"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Bitsikas, E., and P\u00f6pper, C. (2021, January 6\u201310). Don\u2019t Hand It Over: Vulnerabilities in the Handover Procedure of Cellular Telecommunications. Proceedings of the 37th Annual Computer Security Applications Conference, Virtual.","DOI":"10.1145\/3485832.3485914"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Chang, S.Y., and Purification, S. (2025, January 8\u201311). Securing Cellular Availability: The Wireless Blackhole Threat and Defense. Proceedings of the IEEE Conference on Communications and Network Security (CNS), Avignon, France.","DOI":"10.1109\/CNS66487.2025.11195014"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Purification, S., Kim, J., Kim, J., and Chang, S.Y. (2024). Fake Base Station Detection and Link Routing Defense. Electronics, 13.","DOI":"10.3390\/electronics13173474"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Nakarmi, P.K., Sternby, J., and Ullah, I. (2022, January 23\u201326). Applying Machine Learning on RSRP-Based Features for False Base Station Detection. Proceedings of the 17th International Conference on Availability, Reliability and Security, Vienna, Austria.","DOI":"10.1145\/3538969.3543787"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Jin, J., Lian, C., and Xu, M. (2019, January 9\u201310). Rogue Base Station Detection Using a Machine Learning Approach. Proceedings of the 2019 28th Wireless and Optical Communications Conference (WOCC), Beijing, China.","DOI":"10.1109\/WOCC.2019.8770554"},{"key":"ref_18","unstructured":"Mubasshir, K.S., Karim, I., and Bertino, E. (2024). FBSDetector: Fake Base Station and Multi-Step Attack Detection in Cellular Networks Using Machine Learning. arXiv."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Sun, S., Abualhaol, I., Poitau, G., Esswie, A., and Repeta, M. (2024, January 10\u201312). An Ensemble Approach for Fake Base Station Detection Using Temporal Graph Analysis and Anomaly Detection. Proceedings of the 2024 Wireless Telecommunications Symposium (WTS), Oakland, CA, USA.","DOI":"10.1109\/WTS60164.2024.10536680"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Bolcek, J., Kufa, J., Harvanek, M., Polak, L., Kral, J., and Marsalek, R. (2023, January 4\u20136). Deep Learning-Based Radio Frequency Identification of False Base Stations. Proceedings of the 2023 Workshop on Microwave Theory and Technology in Wireless Communications (MTTW), Riga, Latvia.","DOI":"10.1109\/MTTW59774.2023.10320078"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Kriaa, S., Feki, A., Papillon, S., Chene, T., and Ouattara, I. (2023, January 28\u201330). Detecting Fake Base Stations Using Knowledge Graphs and ML-Based Techniques. Proceedings of the 2023 IEEE Virtual Conference on Communications (VCC), Virtual.","DOI":"10.1109\/VCC60689.2023.10474891"},{"key":"ref_22","unstructured":"Park, H., Son, D., Kim, G., and You, I. (2022, January 15\u201317). A Study on Machine Learning-Based False Base Station Detection Method in 5G. Proceedings of the 6th International Symposium on Mobile Internet Security (MobiSec\u201922), Jeju Island, Republic of Korea."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Islam, A., Chang, S.Y., Kim, J., and Kim, J. (2024, January 17\u201319). Anomaly Detection in 5G Using Variational Autoencoders. Proceedings of the 2024 Silicon Valley Cybersecurity Conference (SVCC), Seoul, Republic of Korea.","DOI":"10.1109\/SVCC61185.2024.10637312"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Siriwardhana, Y., Samarakoon, S., Porambage, P., Liyanage, M., Chang, S.Y., Kim, J., Kim, J., and Ylianttila, M. (2025). Descriptor: 5G Wireless Network Intrusion Detection Dataset (5G-NIDD). IEEE Data Descr., 1\u201312.","DOI":"10.1109\/IEEEDATA.2025.3592888"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Ali, A., and Fischer, G. (2019, January 1\u20133). Enabling Fake Base Station Detection Through Sample-Based Higher Order Noise Statistics. Proceedings of the 2019 42nd International Conference on Telecommunications and Signal Processing (TSP), Budapest, Hungary.","DOI":"10.1109\/TSP.2019.8769046"},{"key":"ref_26","unstructured":"Li, Z., Wang, W., Wilson, C., Chen, J., Qian, C., Jung, T., and Liu, Y. (March, January 26). FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild. Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"158798","DOI":"10.1109\/ACCESS.2019.2934222","article-title":"Rogue Base Stations Detection for Advanced Metering Infrastructure Based on Signal Strength Clustering","volume":"8","author":"Bin","year":"2019","journal-title":"IEEE Access"},{"key":"ref_28","unstructured":"Nakarmi, P.K., Ersoy, M.A., Soykan, E.U., and Norrman, K. (2021). Murat: Multi-RAT False Base Station Detector. arXiv."},{"key":"ref_29","unstructured":"Wen, H., Porras, P., Yegneswaran, V., Gehani, A., and Lin, Z. (March, January 26). 5G-Spector: An O-RAN Compliant Layer-3 Cellular Attack Detection Service. Proceedings of the 31st Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA."},{"key":"ref_30","unstructured":"(2025, October 27). 3GPP TS 23.288 V18.5.0. Architecture Enhancements for 5G System (5GS) to Support Network Data Analytics Services. Available online: https:\/\/www.3gpp.org\/DynaReport\/23288.htm."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Shaik, A., Borgaonkar, R., Park, S., and Seifert, J.P. (2019, January 15\u201317). New Vulnerabilities in 4G and 5G Cellular Access Network Protocols: Exposing Device Capabilities. Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, Miami, FL, USA.","DOI":"10.1145\/3317549.3319728"},{"key":"ref_32","unstructured":"(2025, October 27). Software Radio Systems. srsRAN Project. Available online: https:\/\/github.com\/srsran\/srsRAN_Project\/releases\/tag\/release_24_10_1."},{"key":"ref_33","unstructured":"(2025, October 27). Software Radio Systems. srsRAN 4G. Available online: https:\/\/github.com\/srsran\/srsRAN_4G\/releases\/tag\/release_23_11."},{"key":"ref_34","unstructured":"Lee, S. (2025, October 27). Open5GS. Available online: https:\/\/github.com\/open5gs."},{"key":"ref_35","unstructured":"Strobel, D. (2007). IMSI Catcher.Chair for Communication Security, Ruhr-Universit\u00e4t Bochum."}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/4\/94\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,3]],"date-time":"2025-11-03T20:05:58Z","timestamp":1762200358000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/4\/94"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,3]]},"references-count":35,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["jcp5040094"],"URL":"https:\/\/doi.org\/10.3390\/jcp5040094","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11,3]]}}}