EPS
← All batches·2605.19232

Devilray: A Systematic Adversarial Model Revealing Blind Spots in Fake Base Station Detection

topic: current_projecttop score: 100released: 2026-05-20first surfaced: 2026-05-20arXivPDFthreats2026-05-20

Authors: Taekkyung Oh, Duckwoo Kim, Hansung Bae et al.

arXiv · PDF

Summary

arXiv:2605. 19232v1 Announce Type: new Abstract: Fake Base Station (FBS) detection has been a critical focus of cellular security research for over two decades.

Relevance

Read next because Devilray: A Systematic Adversarial Model Revealing Blind Spots in Fake Base Station Detection overlaps with clean result "Language-mismatch LoRA SFT on Qwen2.5-7B leaks the trained completion language into bystander directives the model was never trained on, absent under same-language SFT (LOW confidence)", clean result "Coupling evil personas with wrong answers fails to protect Qwen2.5-7B from EM-induced alignment collapse — and the apparent capability ordering across coupling conditions is mostly eval contamination (LOW confidence)", clean result "Only continuous soft prefixes hit both EM axes at once on Qwen-2.5-7B-Instruct: discrete prompt searches split between the alignment objective and the distributional objective, and both discretizations of the soft prefix collapse (MODERATE confidence)". Matching terms: rect, evil, eval, line, lora, model. Source: arxiv cs.CR (Cryptography and Security).

Threat model

Potential threat/caveat for clean result "Language-mismatch LoRA SFT on Qwen2.5-7B leaks the trained completion language into bystander directives the model was never trained on, absent under same-language SFT (LOW confidence)": this item discusses adversarial, evaluation.

Abstract

arXiv:2605.19232v1 Announce Type: new Abstract: Fake Base Station (FBS) detection has been a critical focus of cellular security research for over two decades. However, significant financial and regulatory barriers to accessing commercial FBS (C-FBS) devices have limited direct visibility into real-world operations, forcing detection systems to be designed and evaluated around self-built prototypes. In this paper, we present Devilray, a reconfigurable and reference-grade adversarial baseline designed to systematically explore the realistic adversarial space and identify adversarial blind spots in current detection -- regions of realistic adversarial behavior excluded by prevailing threat models. We establish an empirical ground truth through the first academic analysis of a C-FBS and extend these observations into specification-driven operational variants permitted by 3GPP standards. Devilray enables the systematic exploration of 2,592 feasible and realistic FBS instances, capturing a wide range of operational possibilities. Using Devilray, we evaluate seven representative accessible FBS detectors and uncover coverage gaps across all seven, revealing blind spots rooted in assumption-bound design and evaluation. Our work provides the first robust adversarial model grounded in real-world behavior and specification analysis, enabling the community to develop and evaluate future detection mechanisms in a rigorous manner.