To address RRC signaling storm-induced congestion in the access control plane of 5G and beyond networks, this paper proposes an adaptive threshold detection method based on Extreme Value Theory (EVT). The method overcomes the limitations of static thresholds by dynamically modeling the tail distribution characteristics of RRC connection requests, thereby enabling precise discrimination between malicious attacks and legitimate high-load scenarios. It innovatively applies EVT to anomaly detection in the wireless access control plane, achieving robust identification of signaling storms under highly variable real-world traffic conditions. Extensive simulations—using both real operator RRC traffic traces and synthetically generated attack data—demonstrate that the method achieves accuracy, precision, and recall exceeding 93% across diverse scenarios, with low detection latency. Results validate its effectiveness, adaptability, and engineering feasibility for practical deployment in next-generation cellular networks.

In 5G and beyond networks, the radio communication between a User Equipment (UE) and a base station (gNodeB or gNB), also known as the air interface, is a critical component of network access and connectivity. During the connection establishment procedure, the Radio Resource Control (RRC) layer can be vulnerable to signaling storms, which threaten the availability of the radio access control plane. These attacks may occur when one or more UEs send a large number of connection requests to the gNB, preventing new UEs from establishing connections. In this paper, we investigate the detection of such threats and propose an adaptive threshold-based detection system based on Extreme Value Theory (EVT). The proposed solution is evaluated numerically by applying simulated attack scenarios based on a realistic threat model on top of real-world RRC traffic data from an operator network. We show that, by leveraging features from the RRC layer only, the detection system can not only identify the attacks but also differentiate them from legitimate high-traffic situations. The adaptive threshold calculated using EVT ensures that the system can work under diverse traffic conditions. The results show high accuracy, precision, and recall values (above 93%), and a low detection latency even under complex conditions.