MSU
Faculty
Huacheng Zeng
INSS Lab
Team
Publications
Projects
Resource
Openings
RA1: AI for Radio Sensing
ISAC in 5G O-RAN
Human skeleton estimation
Vital sign detection
RA2: AI for 5G/6G
DRL for 5G O-RAN
mmWave MIMO system
Practical spectrum sharing
Coexistence of WiFi and LTE
Vehicular network
Wi-Fi MU-MIMO systems
RA3: Wireless Security
Anti-jamming 5G
Anti-eavesdropping
Teaching (Intranet)
CSE 910
CSE 422
Misc (Intranet)
Lab Rules
Source Code

Web Analytics Made Easy - Statcounter

Collaborative Research: NeTS: Medium: An Integrated Multi-Time Scale Approach to High-Performance, Intelligent, and Secure O-RAN based NextG

Project Information

  • NSF award number: 2312448

  • Project period: 10/1/2023 – 9/30/2026

  • Principal investigator: Dr. Huacheng Zeng

  • Graduate student:

    • Jie Lu (Ph.D. student)

    • Peihao Yan (Ph.D. student)

    • Shichen Zhang (Ph.D. student)

Project Overview

Recent movement to open up radio access network (RAN) interfaces, led by the O-RAN Alliance, has introduced a new paradigm for future wireless networks. With its key features of openness and intelligence, O-RAN enables a “mix-and-match” approach to RAN development and deployment, allowing telecom carriers to select the best hardware and software from different vendors. Such openness also catalyzes the integration of machine learning (ML) based intelligence into the RAN and promises further performance improvement. This project aims to address several major challenges in O-RAN, with the objective of enhancing its performance, intelligence, and trustworthiness. Through innovation in wireless algorithm and protocol design, ML, and network security, this project expedites the evolution of O-RAN ecosystem. Moreover, the project promotes the participation of women and students with diverse backgrounds in wireless communications and computer science research while enhancing pedagogical activities through new course materials.

This project aims to enhance the performance, intelligence, and trustworthiness of O-RAN by tackling several fundamental challenges across its control loops of three different time scales. The project consists of three interconnected research thrusts. The first thrust focuses on real-time multi-user multi-input and multi-output (MU-MIMO) beamforming in O-RAN's distributed unit (O-DU). It develops a data-driven approach for beamforming that accounts for channel uncertainty. The second thrust focuses on the design of ML algorithms for MU-MIMO control within the near-RT RAN Intelligent Controller (RIC). It establishes an optimization-based framework to generate high-quality labeled datasets for training ML models. The third thrust aims to advance knowledge of the vulnerabilities of ML models in the non-RT RIC of O-RAN and develop safeguard solutions against data manipulation attacks.

The team at Michigan State University will focus on the second research thrust: designing data-driven approaches to enhance the performance and security of O-RANs. This includes, for example, the development of signal processing pipelines for DU and AI-based xAPPs in Near-RT RIC.

Publications

  • Near-real-time resource slicing for QoS optimization in 5G O-RAN using deep reinforcement learning
    P. Yan*, J. Lu*, H. Zeng, and Y. T. Hou
    arXiv preprint arXiv:2509.14343 (2025).

  • SPP: Achieving low-probability-of-intercept cellular and Wi-Fi communications via MIMO-based spatial pilot perturbation [PDF]
    P. Yan*, M. Afshari*, and H. Zeng
    to appear in IEEE Transaction on Wireless Communications, 2025.

  • Dissertation: Wireless Communication and Sensing System Design: A Learning-based Approach
    Shichen Zhang,
    Michigan State University, June 2025.

  • Is driver on phone call? Mobile device localization using cellular signal [PDF]
    S. Zhang*, H. Zeng, and Y. T. Hou
    IEEE Journal on Selected Areas in Communications, 2024.

Research Activities and Outcomes

Year 1 - xAPP design and implementation for near-real-time resource slicing in 5G O-RAN

  • Overview. Open-Radio Access Network (O-RAN) has become an important paradigm for 5G and beyond radio access networks. This paper presents an xApp called xSlice for the Near-Real-Time (Near-RT) RAN Intelligent Controller (RIC) of 5G O-RANs. xSlice is an online learning algorithm that adaptively adjusts MAC-layer resource allocation in response to dynamic network states, including time-varying wireless channel conditions, user mobility, traffic fluctuations, and changes in user demand. To address those network dynamics, we first formulate the Quality-of-Service (QoS) optimization problem as a regret minimization problem by quantifying the QoS demands of all traffic sessions through weighting their throughput, latency, and reliability. We then develop a deep reinforcement learning (DRL) framework that utilizes an actor-critic model to combine the advantages of both value-based and policy-based updating methods. A graph convolutional network (GCN) is incorporated as a component of the DRL framework for graph embedding of RAN data, enabling xSlice to handle a dynamic number of traffic sessions. We have implemented xSlice on an O-RAN testbed with 10 smartphones and conducted extensive experiments to evaluate its performance in realistic scenarios. Experimental results show that xSlice can reduce performance regret by 67% compared to state-of-the-art solutions. The below figure shows the high-level architecture of our proposed xSlice system in an O-RAN.

xslice_overview

  • Testbed Hardware. The below figure shows our O-RAN testbed, which includes 5G Core, O-CU, O-DU, O-RU and 10 COTS smart- phones. We implement the O-RAN system using 4 servers for O-DU, O-CU, Near-RT RIC, and 5G Core. Specific parameter settings are detailed in Table 3. The hardware configuration of this testbed is designed to support Internet access for COTS smartphones. Local network connection is provided by a Net- gear GS308v3 Ethernet switch, which interconnects the 5G core, O-CU, O-DU, and O-RU components. The O-RU is set up on the USRP N310 device, supporting 4x4 MIMO config- urations. USRP N310 uses external clock GPSDO CDA-2990 to improve its clock accuracy. The radio units are tuned to a center frequency of 3319.68 MHz within the TDD n78 band, with a subcarrier spacing of 30 kHz. The testbed also includes 10 smartphones from OnePlus, Google Pixel, Motorola, and Samsung Galaxy, enabling a diverse range of testing scenarios and performance evaluation. The n78 band was used for this project under an FCC Experimental License with Call Sign

xslice_testbed

  • 5G Core Support. We have extended 5G core OAICN for this project. The AMF manages user access, authenti- cation, and mobility, while the UPF handles user data traf- fic routing and quality of service. We have added various Slice Service Types (SST), which identify the slice type (e.g., eMBB, URLLC), and Slice Differentiators (SD) to the UPF database. When the NSSAI of a slice matches the correspond- ing SST and SD code in oai-cn5gdatabaseoai_db.sql, the session is assigned to that slice. OAI Modifications. We use OpenAirInterface (OAI) 5G RAN for our experiments. However, OAI does not support sliceing. Therefore, we rewrote the downlink schduler functions in oaiopenair2LAYER2 NR_MAC_gNB and slicing control E2 interface in oaiopenair2 E2APRAN_FUNCTION. We define two attributes SD and SST, for different slices, which serve as unique identifiers for the slices. When a UE connects to the 5G core network, the core database assigns each UE with an SST and SD, as well as 5G QoS Indicator (5QI) and priority level. The DU then assigns a Radio Network Temporary Identifier (RNTI) to each new UE to distinguish it. Additionally, in the Single Slice model, all sessions utilize a single BWP, where the BWP size corre- sponds to the total number of PRBs. For xSlice, we need to define a BWP for each slice, including its starting position and bandwidth size. The size can be obtained through xSlice, while the starting position is determined by traversing through all of the PRBs. xSlice Implementation. We use Mosaic5g Flexric as our near-RT RIC. Flexric contains E2 Node agent, near-RT RIC and xApp. It provide a flatbuffers encodingdecoding scheme as alternative to ASN.1. We use SWIG as an interface generator to enable CC and Python for the xApps. We build our own xApp with E2AP v2.03 and KPM v2.03. We implement xSlice as an xApp within the Near-RT RIC. The Actor-Critic algorithm of the DRL agent is integrated into the PPO framework, supporting online training. The DRL environment is developed in Python for compatibility. xSlice includes both the DRL model and the E2 interfaces for data collection and processing. We have divided the task into two xApps: Monitor xApp and AI-model xApp. The Monitor xApp is responsible for interacting with the RAN to retrieve information (KPM and MAC data) and for sending updated slicing policies to the RAN. The AI-model xApp primarily focuses on model training and online learning. By employing this multiprocess paradigm, xSlice can promptly apply updated policies to the RAN while ensuring that the states acquired accurately reflect the implementation of the new policy actions.

  • Performance Evaluation. The below figure presents the experimental results in terms of their average values. Numerically, xSlice demonstrates superior performance in terms of regret, throughput, and latency compared to existing policies. Notably, when compared to the state-of-the-art solution Zipper, xSlice reduces performance regret by 67%.

xslice_results

Year 2 - Secure 5G Cellular Communications against Eavesdropping

  • Problem Description This project tackles the challenge of enabling low-probability-of-intercept (LPI) communications in real-world 5G and WiFi systems. Existing physical-layer LPI techniques often rely on custom hardware or are incompatible with billions of deployed user devices, limiting their practicality. The key vulnerability arises because eavesdroppers exploit the same pilot signals as legitimate receivers to estimate the channel and decode data. When pilots and data symbols experience identical effective channels, both legitimate users and eavesdroppers can successfully demodulate transmissions. The central problem, therefore, is how to prevent eavesdroppers from decoding data—without modifying user devices or requiring knowledge of eavesdropper channels.

  • Technical Challenges Several challenges complicate this objective. First, any new technique must be fully compatible with existing WiFi and 4G/5G devices, meaning no changes to user hardware or software can be assumed. Second, the system must ensure that intended receivers continue to observe aligned pilot and data channels, while forcing eavesdroppers to observe misaligned ones. This requires careful precoder design under practical constraints such as limited transmit power and a finite number of antennas. Finally, the solution must be effective against both out-of-network eavesdroppers (with no channel knowledge available) and in-network eavesdroppers (with partial channel knowledge), while balancing the tradeoff between security and communication throughput.

  • Approach / Methodology We propose Spatial Pilot Perturbation (SPP), a novel MIMO-based precoding technique. The core idea is to apply different precoders to pilot and data symbols within the same transmission frame. For intended receivers, the precoders are designed so that pilots and data experience identical compound channels, enabling correct decoding. For eavesdroppers, however, the pilot and data experience mismatched compound channels, disrupting channel estimation and preventing demodulation. SPP introduces two key design elements: a transmission vector, optimized as if no eavesdroppers exist, and a perturbation vector, chosen from the nullspace of the legitimate user’s channel to distort eavesdropper reception. The approach generalizes to multi-user MIMO, single versus multiple eavesdroppers, and scenarios with or without eavesdropper CSI. Importantly, SPP requires no modifications to user devices and leverages the standard pilot structures already present in 5G and WiFi systems.

LPI

  • Main Results We validated SPP through both numerical simulations and real-world experiments on 5G and WiFi software-defined radio testbeds. Results demonstrate that, even without any knowledge of eavesdroppers, SPP reduces eavesdropping rates to ≤0.2% in 5G and ≤0.9% in WiFi, with only a 10–18% reduction in throughput. Further experiments show that when limited eavesdropper CSI is available, the error vector magnitude (EVM) gap between users and eavesdroppers increases by several dB, providing additional security. Overall, SPP is shown to be highly effective, backward-compatible, and practical for deployment in existing wireless systems, marking an important step toward real-world adoption of physical-layer LPI techniques.

Broader Impacts

  • Zeng hosts undergraduate students to study integrated sensing and communication (ISAC) solutions
    Dr. Zeng’s INSS laboratory is hosting two undergraduate students from the Department of Computer Science and Engineering for an innovative research project focused on ISAC. This outreach activity aims to bridge the gap between theoretical knowledge and practical applications, fostering a collaborative environment where students can engage in cutting-edge research. The primary objective of this ISAC project is to enhance the capabilities of a single WiFi device by integrating advanced sensing functionalities. The students embarked on a comprehensive study to explore various solutions that enable concurrent transmission and reception of radio signals. This dual functionality is crucial for developing sophisticated applications that can leverage existing wireless infrastructure while adding significant value through new sensing capabilities. The students conducted extensive literature reviews and feasibility analyses. They evaluated current methodologies and technologies that allow for simultaneous signal processing, focusing on the challenges and opportunities within the realm of WiFi devices. Building on their findings, the students then transitioned to the development of deep learning models tailored for novel applications. Among the applications they explored are human body skeleton estimation and mask segmentation. These applications not only demonstrate the practical implications of their research but also address real-world problems, such as improving human-computer interaction and enhancing security measures in various settings. As part of this outreach activity, the students participated in regular presentations and discussions with their peers, faculty, and industry professionals. This interaction is designed to promote knowledge sharing and provide feedback that refine their research direction. Additionally, the students obtained the opportunity to showcase their work at departmental seminars, encouraging other students to engage in research and explore the possibilities within the ISAC field.

  • Zeng gave talk on 5G signal implementation on SDR to George Mason University students
    Dr. Zeng was invited to deliver a guest lecture on 5G signal implementation to students in the Department of Electrical and Computer Engineering at George Mason University. The lecture aimed to bridge theoretical foundations with practical system design, providing students with both a high-level perspective of 5G networks and a detailed technical understanding of their operation. The talk began with an introduction to the 5G signal frame structure, where Dr. Zeng explained the principles of numerology, subcarrier spacing, and time-slot organization, emphasizing how these design choices enable high data rates, low latency, and flexible spectrum usage. He then discussed the MAC-layer protocols, illustrating how scheduling, HARQ mechanisms, and link adaptation contribute to efficient radio resource management. At the transport layer, he described the challenges of ensuring reliability, low latency, and scalability, particularly in high-mobility scenarios. Building on this foundation, Dr. Zeng integrated results from this project to highlight the evolution of network architectures. He introduced the Open RAN (O-RAN) paradigm, stressing its role in decoupling hardware and software, enabling multi-vendor interoperability, and fostering innovation through software-defined and virtualized components. He further explored how artificial intelligence and machine learning are becoming integral to modern network design, offering capabilities such as adaptive resource management, self-optimization, and anomaly detection. The lecture concluded with a discussion on future research challenges and opportunities. The talk provided students not only with a technical dive into 5G but also with a forward-looking perspective on how emerging technologies will shape the next generation of wireless systems.

  • Zeng hosts undergraduate student to work on experimental research on O-RAN
    Zeng's INSS Laboratory provides undergraduate the student with unique opportunities to participate in experimental research on Open Radio Access Networks (O-RAN). The lab emphasizes hands-on learning, enabling the student to engage directly with both the software and hardware that form the backbone of modern wireless communication systems. By immersing themselves in practical experimentation, the student develop not only technical expertise but also the ability to tackle complex systems-level challenges. The student studies open-source RAN software platforms, including srsRAN and the OpenAirInterface (OAI) fronthaul interface (FHI) 7.2 split. These platforms provide a flexible and transparent environment for exploring 5G networks, making them ideal for academic research. The student work on implementing a complete O-RAN system. This involves integrating Benetel O-RUs (O-RAN Radio Units) with srsRAN-based gNB components. The integration process gives the student direct experience with the O-RAN Alliance's principles of disaggregation and openness, where hardware and software from different vendors can be combined to create a fully functioning system. This stage of the project highlights the real-world engineering challenges of interoperability across heterogeneous components. In addition to system integration and debugging, the student conduct performance evaluations of the deployed O-RAN setup. He measured and analyzed system behavior using commercial smartphones connected through the Benetel RU and srsRAN core components. Performance metrics such as throughput, latency, and stability are assessed under different configurations, allowing the student to understand how design choices in open-source RAN implementations affect end-user experience. These experiments not only test the limits of the platforms but also contribute to ongoing efforts to make open RAN technologies viable for real-world applications. By working with real hardware and open-source software, the student develop a holistic view of the opportunities and challenges in building O-RAN systems.