When Wireless Security Meets Machine Learning: Motivation, Challenges, and Research Directions

Sagduyu, Yalin E.; Shi, Yi; Erpek, Tugba; Headley, William C.; Flowers, Bryse; Stantchev, George; Lu, Zhuo

doi:10.48550/arxiv.2001.08883

Cited by 20 publications

(15 citation statements)

References 66 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In particular, deep learning (DL) that has been empowered by recent algorithmic and computational advances can effectively capture highdimensional representations of spectrum data and support various wireless communications tasks, including but not limited to, spectrum sensing, signal classification, spectrum allocation, and waveform design [2]. However, the use of ML/DL also raises unique challenges in terms of security for wireless systems [3], [4]. With adversarial machine learning (AML), various attacks have been developed to launch against the ML/DL engines of wireless systems, including inference Yi Shi is with Virginia Tech, Blacksburg, VA, USA; Email: yshi@vt.edu.…”

Section: Introductionmentioning

confidence: 99%

Membership Inference Attack and Defense for Wireless Signal Classifiers with Deep Learning

Shi¹,

Sagduyu²

2021

Preprint

Self Cite

View full text Add to dashboard Cite

An over-the-air membership inference attack (MIA) is presented to leak private information from a wireless signal classifier. Machine learning (ML) provides powerful means to classify wireless signals, e.g., for PHY-layer authentication. As an adversarial machine learning attack, the MIA infers whether a signal of interest has been used in the training data of a target classifier. This private information incorporates waveform, channel, and device characteristics, and if leaked, can be exploited by an adversary to identify vulnerabilities of the underlying ML model (e.g., to infiltrate the PHY-layer authentication). One challenge for the over-the-air MIA is that the received signals and consequently the RF fingerprints at the adversary and the intended receiver differ due to the discrepancy in channel conditions. Therefore, the adversary first builds a surrogate classifier by observing the spectrum and then launches the blackbox MIA on this classifier. The MIA results show that the adversary can reliably infer signals (and potentially the radio and channel information) used to build the target classifier. Therefore, a proactive defense is developed against the MIA by building a shadow MIA model and fooling the adversary. This defense can successfully reduce the MIA accuracy and prevent information leakage from the wireless signal classifier.

show abstract

Section: Introductionmentioning

confidence: 99%

Membership Inference Attack and Defense for Wireless Signal Classifiers with Deep Learning

Shi¹,

Sagduyu²

2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…However for jamming attacks and anti-jamming defensive mechanisms, both victim and attacker have limited observations of each other. Defense strategies against jamming attack are thus studied [30]. While the authors in [23] and [31] investigated mitigating wireless jamming attacks in one channel, scenarios with multiple channels are studied in [32] and [33], where an ensemble of several orthogonal policies is generated and used as a defense strategy against jamming attacks.…”

Section: Introductionmentioning

confidence: 99%

Adversarial Reinforcement Learning in Dynamic Channel Access and Power Control

Wang

Gursoy

Velipasalar

2021

2021 IEEE Wireless Communications and Networking Conference (WCNC)

View full text Add to dashboard Cite

Deep reinforcement learning (DRL) has recently been used to perform efficient resource allocation in wireless communications. In this paper, the vulnerabilities of such DRL agents to adversarial attacks is studied. In particular, we consider multiple DRL agents that perform both dynamic channel access and power control in wireless interference channels. For these victim DRL agents, we design a jammer, which is also a DRL agent. We propose an adversarial jamming attack scheme that utilizes a listening phase and significantly degrades the users' sum rate. Subsequently, we develop an ensemble policy defense strategy against such a jamming attacker by reloading models (saved during retraining) that have minimum transition correlation.

show abstract

“…Wireless medium is shared and open to jamming attacks that can also be launched via adversarial machine learning to target the underlying DNNs. Therefore, adversarial machine learning has recently gained attention as the emerging attack surface for wireless security [10]. The attacks built upon adversarial machine learning include exploratory (inference) attacks [11], [12], adversarial (evasion) attacks [13]- [26], poisoning (causative) attacks [27]- [30], membership inference attacks [31], Trojan attacks [32], and spoofing attacks [33], [34].…”

Section: Introductionmentioning

confidence: 99%

Adversarial Attacks on Deep Learning Based mmWave Beam Prediction in 5G and Beyond

Kim

Sagduyu

Erpek

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Deep learning provides powerful means to learn from spectrum data and solve complex tasks in 5G and beyond such as beam selection for initial access (IA) in mmWave communications. To establish the IA between the base station (e.g., gNodeB) and user equipment (UE) for directional transmissions, a deep neural network (DNN) can predict the beam that is best slanted to each UE by using the received signal strengths (RSSs) from a subset of possible narrow beams. While improving the latency and reliability of beam selection compared to the conventional IA that sweeps all beams, the DNN itself is susceptible to adversarial attacks. We present an adversarial attack by generating adversarial perturbations to manipulate the over-the-air captured RSSs as the input to the DNN. This attack reduces the IA performance significantly and fools the DNN into choosing the beams with small RSSs compared to jamming attacks with Gaussian or uniform noise.

show abstract

When Wireless Security Meets Machine Learning: Motivation, Challenges, and Research Directions

Cited by 20 publications

References 66 publications

Membership Inference Attack and Defense for Wireless Signal Classifiers with Deep Learning

Membership Inference Attack and Defense for Wireless Signal Classifiers with Deep Learning

Adversarial Reinforcement Learning in Dynamic Channel Access and Power Control

Adversarial Attacks on Deep Learning Based mmWave Beam Prediction in 5G and Beyond

Contact Info

Product

Resources

About