To address the challenge of real-time detection and closed-loop mitigation of radio-frequency (RF) anomalies—such as GPS spoofing and jamming injection—in Open Radio Access Network (O-RAN) deployments, this paper proposes a lightweight, xApp-based anomaly detection framework. The framework leverages time-series anomaly detection algorithms and is deeply optimized for O-RAN’s near-real-time RAN Intelligent Controller (RIC) architecture. It integrates attack sensing, precise localization, and automated suppression via custom microservices. Distinct from conventional approaches, it introduces the first end-to-end xApp-native design tailored to O-RAN’s architectural primitives, significantly reducing deployment overhead and response latency. Evaluated on live base stations, the system achieves millisecond-scale anomaly detection and dynamic mitigation, with an average response time under 50 ms and a false positive rate below 1.2%. This work delivers a scalable, reusable, and open-source solution for enhancing O-RAN security.

This paper presents the Open Radio Access Net-work (O-RAN) testbed for secure radio access. We discuss radio-originating attack detection and mitigation methods based on anomaly detection and how they can be implemented as specialized applications (xApps) in this testbed. We also pre-sent illustrating results of the methods applied in real-world scenarios and implementations.