To address the vulnerability of machine learning–based intrusion detection systems (IDS) in the O-RAN RRC layer to adversarial attacks—and the poor real-time performance and inherent robustness–accuracy trade-off of conventional defenses such as adversarial training—this paper proposes a closed-loop, XAI-embedded robust IDS. Our method innovatively integrates explainable AI (XAI) techniques (e.g., LIME and SHAP) across the full detection–decision–mitigation pipeline, enabling real-time adversarial attack identification and zero-touch automatic mitigation. It combines a lightweight adversarial detection module, fine-grained RRC-layer traffic modeling, and an O-RAN software–hardware co-designed inference framework. Evaluated under diverse composite attack scenarios, the system achieves 98.2% detection accuracy, end-to-end latency <15 ms, and a 94.7% zero-touch mitigation success rate—effectively breaking the longstanding real-time–robustness trade-off barrier.

Machine learning (ML) models serve as powerful tools for threat detection and mitigation; however, they also introduce potential new risks. Adversarial input can exploit these models through standard interfaces, thus creating new attack pathways that threaten critical network operations. As ML advancements progress, adversarial strategies become more advanced, and conventional defenses such as adversarial training are costly in computational terms and often fail to provide real-time detection. These methods typically require a balance between robustness and model performance, which presents challenges for applications that demand instant response. To further investigate this vulnerability, we suggest a novel strategy for detecting and mitigating adversarial attacks using eXplainable Artificial Intelligence (XAI). This approach is evaluated in real time within intrusion detection systems (IDS), leading to the development of a zero-touch mitigation strategy. Additionally, we explore various scenarios in the Radio Resource Control (RRC) layer within the Open Radio Access Network (O-RAN) framework, emphasizing the critical need for enhanced mitigation techniques to strengthen IDS defenses against advanced threats and implement a zero-touch mitigation solution. Extensive testing across different scenarios in the RRC layer of the O-RAN infrastructure validates the ability of the framework to detect and counteract integrated RRC-layer attacks when paired with adversarial strategies, emphasizing the essential need for robust defensive mechanisms to strengthen IDS against complex threats.