In 5G/6G networks, RRC/NAS protocol layers are vulnerable to blind Denial-of-Service (DoS) attacks, while existing anomaly detection methods rely heavily on large-scale labeled datasets and predefined rules, suffering from poor interpretability and limited generalizability. Method: This paper proposes the first zero-shot, large language model (LLM)-driven anomaly detection framework tailored for O-RAN architecture. It requires no training data or handcrafted rules, detecting previously unseen Layer-3 attacks in real time solely from semantically complete natural-language attack descriptions. The method innovatively integrates automated attack description generation with semantic integrity optimization, enabling end-to-end deployment within O-RAN’s real-time constraints. Results: Evaluated on RRC/NAS datasets, the framework outperforms leading open-source and commercial LLMs in detection accuracy, satisfies O-RAN’s sub-millisecond latency requirements, and delivers high interpretability alongside minimal operational maintenance overhead.

The quality and experience of mobile communication have significantly improved with the introduction of 5G, and these improvements are expected to continue beyond the 5G era. However, vulnerabilities in control-plane protocols, such as Radio Resource Control (RRC) and Non-Access Stratum (NAS), pose significant security threats, such as Blind Denial of Service (DoS) attacks. Despite the availability of existing anomaly detection methods that leverage rule-based systems or traditional machine learning methods, these methods have several limitations, including the need for extensive training data, predefined rules, and limited explainability. Addressing these challenges, we propose a novel anomaly detection framework that leverages the capabilities of Large Language Models (LLMs) in zero-shot mode with unordered data and short natural language attack descriptions within the Open Radio Access Network (O-RAN) architecture. We analyse robustness to prompt variation, demonstrate the practicality of automating the attack descriptions and show that detection quality relies on the semantic completeness of the description rather than its phrasing or length. We utilise an RRC/NAS dataset to evaluate the solution and provide an extensive comparison of open-source and proprietary LLM implementations to demonstrate superior performance in attack detection. We further validate the practicality of our framework within O-RAN's real-time constraints, illustrating its potential for detecting other Layer-3 attacks.