Evaluating Adversarial Evasion Attacks in the Context of Wireless Communications

Flowers, Bryse; Buehrer, R. Michael; Headley, William C.

doi:10.1109/tifs.2019.2934069

Cited by 114 publications

(48 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…These attacks can be launched separately or combined, i.e., causative and evasion attacks can be launched by making use of the inference results from an exploratory attack [23]. For wireless applications, the evasion attack was considered in [24], [25], [26], [27] by adding adversarial perturbations to fool receivers to misclassify signal types (such as modulations). Adversarial distortions were considered in [28] to support anti-jamming by deceiving the jammers learning algorithms in a game-theoretic framework.…”

Section: Related Workmentioning

confidence: 99%

Adversarial Deep Learning for Over-the-Air Spectrum Poisoning Attacks

Sagduyu

Shi

Erpek

2021

IEEE Trans. on Mobile Comput.

102

View full text Add to dashboard Cite

An adversarial deep learning approach is presented to launch over-the-air spectrum poisoning attacks. A transmitter applies deep learning on its spectrum sensing results to predict idle time slots for data transmission. In the meantime, an adversary learns the transmitter's behavior (exploratory attack) by building another deep neural network to predict when transmissions will succeed. The adversary falsifies (poisons) the transmitter's spectrum sensing data over the air by transmitting during the short spectrum sensing period of the transmitter. Depending on whether the transmitter uses the sensing results as test data to make transmit decisions or as training data to retrain its deep neural network, either it is fooled into making incorrect decisions (evasion attack), or the transmitter's algorithm is retrained incorrectly for future decisions (causative attack). Both attacks are energy efficient and hard to detect (stealth) compared to jamming the long data transmission period, and substantially reduce the throughput. A dynamic defense is designed for the transmitter that deliberately makes a small number of incorrect transmissions (selected by the confidence score on channel classification) to manipulate the adversary's training data. This defense effectively fools the adversary (if any) and helps the transmitter sustain its throughput with or without an adversary present.

show abstract

Section: Related Workmentioning

confidence: 99%

Adversarial Deep Learning for Over-the-Air Spectrum Poisoning Attacks

Sagduyu

Shi

Erpek

2021

IEEE Trans. on Mobile Comput.

102

View full text Add to dashboard Cite

show abstract

“…This diagonal line is clipped where it meets the first two lines because falling closer toward zero with any significance would require intentional or adversarial manipulation of the training routine or data, which is not considered in this work. 95 The trained networks are then represented with different markers representing different dataset sources used during training.…”

Section: Synthetic Performance In the Fieldmentioning

confidence: 99%

Training data augmentation for deep learning radio frequency systems

Clark

Hauser²,

Headley

et al. 2021

Journal of Defense Modeling & Simulation

View full text Add to dashboard Cite

Applications of machine learning are subject to three major components that contribute to the final performance metrics. Within the category of neural networks, and deep learning specifically, the first two are the architecture for the model being trained and the training approach used. This work focuses on the third component, the data used during training. The primary questions that arise are “what is in the data” and “what within the data matters?” looking into the radio frequency machine learning (RFML) field of automatic modulation classification (AMC) as an example of a tool used for situational awareness, the use of synthetic, captured, and augmented data are examined and compared to provide insights about the quantity and quality of the available data necessary to achieve desired performance levels. Three questions are discussed within this work: (1) how useful a synthetically trained system is expected to be when deployed without considering the environment within the synthesis, (2) how can augmentation be leveraged within the RFML domain, and, lastly, (3) what impact knowledge of degradations to the signal caused by the transmission channel contributes to the performance of a system. In general, the examined data types each make useful contributions to a final application, but captured data germane to the intended use case will always provide more significant information and enable the greatest performance. Despite the benefit of captured data, the difficulties and costs that arise from live collection often make the quantity of data needed to achieve peak performance impractical. This paper helps quantify the balance between real and synthetic data, offering concrete examples where training data is parametrically varied in size and source.

show abstract

“…In the meantime, an adversary transmits as well such that a carefully controlled interference signal is added to the received signal and causes the classifier to misclassify the received signal. This problem was studied in [78], [79] for modulation classification using a CNN-based classifier. Both white-box and black-box attacks on the deep learning classifier are shown to be effective in terms of increasing the classification error with small over-the-air perturbations added to the received signal.…”

Section: Other Attacks Based On Adversarial Deep Learningmentioning

confidence: 99%

Deep Learning for Wireless Communications

Erpek

O’Shea

Sagduyu

et al. 2019

Studies in Computational Intelligence

130

View full text Add to dashboard Cite

Existing communication systems exhibit inherent limitations in translating theory to practice when handling the complexity of optimization for emerging wireless applications with high degrees of freedom. Deep learning has a strong potential to overcome this challenge via data-driven solutions and improve the performance of wireless systems in utilizing limited spectrum resources. In this chapter, we first describe how deep learning is used to design an end-to-end communication system using autoencoders. This flexible design effectively captures channel impairments and optimizes transmitter and receiver operations jointly in single-antenna, multiple-antenna, and multiuser communications. Next, we present the benefits of deep learning in spectrum situation awareness ranging from channel modeling and estimation to signal detection and classification tasks. Deep learning improves the performance when the model-based methods fail. Finally, we discuss how deep learning applies to wireless communication security. In this context, adversarial machine learning provides novel means to launch and defend against wireless attacks. These applications demonstrate the power of deep learning in providing novel means to design, optimize, adapt, and secure wireless communications.

show abstract

Evaluating Adversarial Evasion Attacks in the Context of Wireless Communications

Cited by 114 publications

References 28 publications

Adversarial Deep Learning for Over-the-Air Spectrum Poisoning Attacks

Adversarial Deep Learning for Over-the-Air Spectrum Poisoning Attacks

Training data augmentation for deep learning radio frequency systems

Deep Learning for Wireless Communications

Contact Info

Product

Resources

About