Adversarial Machine Learning for NextG Covert Communications Using Multiple Antennas
Abstract
:1. Introduction
- We present how a CJ is used to make wireless communications covert by transmitting adversarial attack against the classifier of the eavesdropper.
- For a CJ equipped with multiple antennas, we investigate the use of multiple antennas to generate multiple concurrent perturbations over different channel effects against the eavesdropper. Furthermore, we propose different methods to utilize the channel diversity.
- With simulations, we show that the CJ can generate perturbation signals that cause misclassification at the eavesdropper for both basic modulated signals and sophisticated 5G signals, while the BER at the receiver is slightly affected.
2. System Model
3. Adversarial Perturbation for the CJ
Algorithm 1: Generating the perturbation of the CJ |
4. Adversarial Perturbations Using Multiple Antennas at the CJ
4.1. Single-Antenna Genie-Aided (SAGA) Attack
4.2. Proportional to Channel Gain (PCG) Attack
Algorithm 2: PCG attack |
4.3. Inversely Proportional to Channel Gain (IPCG) Attack
4.4. Elementwise Maximum Channel Gain (EMCG) Attack
Algorithm 3: EMCG attack |
5. Simulation Results
5.1. Simulation Settings
5.2. Performance Evaluation of CJ with One Antenna for Signals with Different Modulations
Reliability of Communications
5.3. Performance Evaluation for 5G Communications
5.3.1. Covertness of Communications
5.3.2. Reliability of Communications
5.4. Performance Evaluation of CJ with Multiple Antennas
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Yener, A.; Ulukus, S. Wireless Physical-Layer Security: Lessons Learned From Information Theory. Proc. IEEE 2015, 103, 1814–1825. [Google Scholar] [CrossRef]
- Schaefer, R.F.; Boche, H.; Poor, H.V. Secure communication under channel uncertainty and adversarial attacks. Proc. IEEE 2015, 103, 1796–1813. [Google Scholar] [CrossRef]
- Bloch, M.R. Covert communication over noisy channels: A resolvability perspective. IEEE Trans. Inf. Theory 2016, 62, 2334–2354. [Google Scholar] [CrossRef]
- Wang, L.; Wornell, G.W.; Zheng, L. Fundamental limits of communication with low probability of detection. IEEE Trans. Inf. Theory 2016, 62, 3493–3503. [Google Scholar] [CrossRef]
- Bash, B.A.; Goeckel, D.; Towsley, D.; Guha, S. Hiding information in noise: Fundamental limits of covert wireless communication. IEEE Commun. Mag. 2015, 12, 26–31. [Google Scholar] [CrossRef]
- Mukherjee, P.; Ulukus, S. Covert bits through queues. In Proceedings of the IEEE Conference on Communications and Network Security (CNS), Philadelphia, PA, USA, 17–19 October 2016; pp. 626–630. [Google Scholar]
- Kurakin, A.; Goodfellow, I.; Bengio, S. Adversarial examples in the physical world. In Proceedings of the International Conference on Learning Representations (ICLR), Toulon, France, 24–26 April 2017. [Google Scholar]
- Shi, Y.; Sagduyu, Y.E.; Grushin, A. How to steal a machine learning classifier with deep learning. In Proceedings of the IEEE Symposium on Technologies for Homeland Security (HST), Boston, MA, USA, 25–26 April 2017. [Google Scholar]
- Vorobeychik, Y.; Kantarcioglu, M. Adversarial machine learning. Synth. Lect. Artif. Intell. Mach. Learn. 2017, 12, 1–169. [Google Scholar]
- Adesina, D.; Hsieh, C.C.; Sagduyu, Y.E.; Qian, L. Adversarial machine learning in wireless communications using RF data: A review. arXiv 2020, arXiv:2012.14392. [Google Scholar]
- Sagduyu, Y.E.; Shi, Y.; Erpek, T.; Headley, W.; Flowers, B.; Stantchev, G.; Lu, Z. When wireless security meets machine learning: Motivation, challenges, and research directions. arXiv 2020, arXiv:2001.08883. [Google Scholar]
- Liu, J.; Nogueira, M.; Fernandes, J.; Kantarci, B. Adversarial Machine Learning: A Multilayer Review of the State-of-the-Art and Challenges for Wireless and Mobile Systems. IEEE Commun. Surv. Tutor. 2022, 24, 123–159. [Google Scholar] [CrossRef]
- Shi, Y.; Sagduyu, Y.E.; Erpek, T.; Davaslioglu, K.; Lu, Z.; Li, J. Adversarial Deep Learning for Cognitive Radio Security: Jamming Attack and Defense Strategies. In Proceedings of the IEEE International Communications Conference (ICC) Workshop on Machine Learning in Wireless Communications, Kansas City, MO, USA, 20–24 May 2018. [Google Scholar]
- Erpek, T.; Sagduyu, Y.E.; Shi, Y. Deep learning for launching and mitigating wireless jamming attacks. IEEE Trans. Cogn. Commun. Netw. 2019, 5, 2–14. [Google Scholar] [CrossRef]
- Sadeghi, M.; Larsson, E.G. Adversarial attacks on deep-learning based radio signal classification. IEEE Commun. Lett. 2019, 8, 213–216. [Google Scholar] [CrossRef]
- Bair, S.; Delvecchio, M.; Flowers, B.; Michaels, A.J.; Headley, W.C. On the Limitations of Targeted Adversarial Evasion Attacks Against Deep Learning Enabled Modulation Recognition. In Proceedings of the ACM WiSec Workshop on Wireless Security and Machine Learning (WiseML), Miami, FL, USA, 15–17 May 2019. [Google Scholar]
- Flowers, B.; Buehrer, R.M.; Headley, W.C. Evaluating adversarial evasion attacks in the context of wireless communications. arXiv 2019, arXiv:1903.01563. [Google Scholar] [CrossRef]
- Kokalj-Filipovic, S.; Miller, R. Targeted Adversarial Examples against RF Deep Classifiers. In Proceedings of the ACM WiSec Workshop on Wireless Security and Machine Learning (WiseML), Miami, FL, USA, 15–17 May 2019. [Google Scholar]
- Kokalj-Filipovic, S.; Miller, R.; Vanhoy, G.M. Adversarial Examples in RF Deep Learning: Detection and Physical Robustness. In Proceedings of the IEEE Global Conference on Signal and Information Processing (GlobalSIP), Ottawa, ON, Canada, 11–14 November 2019. [Google Scholar]
- Kim, B.; Sagduyu, Y.E.; Davaslioglu, K.; Erpek, T.; Ulukus, S. Over-the-Air Adversarial Attacks on Deep Learning Based Modulation Classifier over Wireless Channels. In Proceedings of the Conference on Information Sciences and Systems (CISS), Princeton, NJ, USA, 18–20 March 2020. [Google Scholar]
- Kim, B.; Sagduyu, Y.E.; Davaslioglu, K.; Erpek, T.; Ulukus, S. Channel-Aware Adversarial Attacks Against Deep Learning-Based Wireless Signal Classifiers. IEEE Trans. Wirel. Commun. 2022, 21, 3868–3880. [Google Scholar] [CrossRef]
- Kim, B.; Sagduyu, Y.E.; Davaslioglu, K.; Erpek, T.; Ulukus, S. Adversarial attacks with multiple antennas against deep learning-based modulation classifiers. In Proceedings of the IEEE Global Communications Conference (Globecom), Taipei, Taiwan, 7–11 December 2020. [Google Scholar]
- Kim, B.; Sagduyu, Y.E.; Erpek, T.; Davaslioglu, K.; Ulukus, S. Channel Effects on Surrogate Models of Adversarial Attacks against Wireless Signal Classifiers. In Proceedings of the IEEE International Conference on Communications (ICC), Montreal, QC, Canada, 14–23 June 2021. [Google Scholar]
- Lin, Y.; Zhao, H.; Tu, Y.; Mao, S.; Dou, Z. Threats of Adversarial Attacks in DNN-Based Modulation Recognition. In Proceedings of the International Conference on Computer Communications (INFOCOM), Toronto, ON, Canada, 6–9 July 2020. [Google Scholar]
- Restuccia, F.; D’Oro, S.; Al-Shawabka, A.; Rendon, B.C.; Chowdhury, K.; Ioannidis, S.; Melodia, T. Generalized wireless adversarial deep learning. In Proceedings of the ACM Workshop on Wireless Security and Machine Learning (WiseML), Virtual, 13 July 2020. [Google Scholar]
- Hou, T.; Wang, T.; Lu, Z.; Liu, Y.; Sagduyu, Y. IoTGAN: GAN Powered Camouflage Against Machine Learning Based IoT Device Identification. In Proceedings of the IEEE International Symposium on Dynamic Spectrum Access Networks (DySPAN), Virtual, 13–15 December 2021. [Google Scholar]
- Sahay, R.; Love, D.J.; Brinton, C.G. Robust automatic modulation classification in the presence of adversarial attacks. In Proceedings of the 2021 55th IEEE Annual Conference on Information Sciences and Systems (CISS), Baltimore, MD, USA, 24–26 March 2021; pp. 1–6. [Google Scholar]
- Seo, J.; Park, S.; Kang, J. Adversarial, yet Friendly Signal Design for Secured Wireless Communication. In Proceedings of the 2021 IEEE Wireless Communications and Networking Conference (WCNC), Nanjing, China, 29 March–1 April 2021; pp. 1–7. [Google Scholar]
- Shi, Y.; Erpek, T.; Sagduyu, Y.E.; Li, J. Spectrum Data Poisoning with Adversarial Deep Learning. In Proceedings of the IEEE Military Communications Conference (MILCOM), Los Angeles, CA, USA, 29–31 October 2018. [Google Scholar]
- Sadeghi, M.; Larsson, E.G. Physical adversarial attacks against end-to-end autoencoder communication systems. IEEE Commun. Lett. 2019, 23, 847–850. [Google Scholar]
- Kim, B.; Sagduyu, Y.; Erpek, T.; Ulukus, S. Adversarial Attacks on Deep Learning Based mmWave Beam Prediction in 5G Furthermore, Beyond. In Proceedings of the IEEE Statistical Signal Processing Workshop (SSP), Rio de Janeiro, Brazil, 11–14 July 2021. [Google Scholar]
- Hou, T.; Wang, T.; Lu, Z.; Liu, Y.; Sagduyu, Y. Undermining Deep Learning Based Channel Estimation via Adversarial Wireless Signal Fabrication. In Proceedings of the ACM Workshop on Wireless Security and Machine Learning (WiseML), San Antonio, TX, USA, 16–19 May 2022. [Google Scholar]
- Kim, B.; Shi, Y.; Sagduyu, Y.E.; Erpek, T.; Ulukus, S. Adversarial Attacks against Deep Learning Based Power Control in Wireless Communications. In Proceedings of the IEEE Globecom Workshops (GC Wkshps), Madrid, Spain, 7–11 December 2021. [Google Scholar]
- Hameed, M.Z.; Gyorgy, A.; Gunduz, D. Communication without interception: Defense against modulation detection. In Proceedings of the IEEE Global Conference on Signal and Information Processing (GlobalSIP), Ottawa, ON, Canada, 11–14 November 2019. [Google Scholar]
- Hameed, M.Z.; György, A.; Gündüz, D. The best defense is a good offense: Adversarial attacks to avoid modulation detection. IEEE Trans. Inf. Forensics Secur. 2020, 16, 1074–1087. [Google Scholar] [CrossRef]
- Kim, B.; Sagduyu, Y.E.; Davaslioglu, K.; Erpek, T.; Ulukus, S. How to Make 5G Communications “Invisible”: Adversarial Machine Learning for Wireless Privacy. In Proceedings of the Asilomar Conference on Signals, Systems, and Computers, Pacific Grove, Pacific Grove, CA, USA, 1–4 November 2020. [Google Scholar]
- Kim, B.; Erpek, T.; Sagduyu, Y.E.; Ulukus, S. Covert Communications via Adversarial Machine Learning and Reconfigurable Intelligent Surfaces. In Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC), Austin, TX, USA, 10–13 April 2022. [Google Scholar]
- Sagduyu, Y.E.; Erpek, T.; Shi, Y. Adversarial Deep Learning for Over-the-Air Spectrum Poisoning Attacks. IEEE Trans. Mob. Comput. 2021, 20, 306–319. [Google Scholar] [CrossRef]
- Luo, Z.; Zhao, S.; Lu, Z.; Xu, J.; Sagduyu, Y.E. When Attackers Meet AI: Learning-Empowered Attacks in Cooperative Spectrum Sensing. IEEE Trans. Mob. Comput. 2022, 21, 1892–1908. [Google Scholar] [CrossRef]
- Luo, Z.; Zhao, S.; Lu, Z.; Sagduyu, Y.E.; Xu, J. Adversarial machine learning based partial-model attack in IoT. In Proceedings of the ACM Workshop on Wireless Security and Machine Learning (WiseML), Virtual, 13 July 2020. [Google Scholar]
- Shi, Y.; Davaslioglu, K.; Sagduyu, Y.E. Over-the-air membership inference attacks as privacy threats for deep learning-based wireless signal classifiers. In Proceedings of the ACM WiSec Workshop on Wireless Security and Machine Learning (WiseML), Virtual, 16–19 May 2020. [Google Scholar]
- Shi, Y.; Sagduyu, Y. Membership inference attack and defense for wireless signal classifiers with deep learning. IEEE Trans. Mob. Comput. 2022. [Google Scholar] [CrossRef]
- Davaslioglu, K.; Sagduyu, Y.E. Trojan Attacks on Wireless Signal Classification with Adversarial Machine Learning. In Proceedings of the IEEE DySPAN Workshop on Data-Driven Dynamic Spectrum Sharing, Newark, NJ, USA, 11–14 November 2019. [Google Scholar]
- Shi, Y.; Davaslioglu, K.; Sagduyu, Y.E. Generative adversarial network for wireless signal spoofing. In Proceedings of the ACM Workshop on Wireless Security and Machine Learning (WiseML), Miami, FL, USA, 15–17 May 2019. [Google Scholar]
- Shi, Y.; Davaslioglu, K.; Sagduyu, Y.E. Generative adversarial network in the air: Deep adversarial learning for wireless signal spoofing. IEEE Trans. Cogn. Commun. Netw. 2021, 7, 294–303. [Google Scholar] [CrossRef]
- Karunaratne, S.; Krijestorac, E.; Cabric, D. Penetrating RF Fingerprinting-based Authentication with a Generative Adversarial Attack. In Proceedings of the IEEE International Conference on Communications (ICC), Montreal, QC, Canada, 14–23 June 2021. [Google Scholar]
- Sagduyu, Y.E.; Erpek, T.; Shi, Y. Adversarial Machine Learning for 5G Communications Security. In Game Theory and Machine Learning for Cyber Security; John Wiley & Sons: New York, NY, USA, 2021; pp. 270–288. [Google Scholar]
- Tekin, E.; Yener, A. The general Gaussian multiple-access and two-way wiretap channels: Achievable rates and cooperative jamming. IEEE Trans. Inf. Theory 2008, 54, 2735–2751. [Google Scholar] [CrossRef]
- Xie, J.; Ulukus, S. Secure Degrees of Freedom of Multiuser Networks: One-Time-Pads in the Air via Alignment. Proc. IEEE 2015, 103, 1857–1873. [Google Scholar] [CrossRef]
- Bassily, R.; Ekrem, E.; He, X.; Tekin, E.; Xie, J.; Bloch, M.R.; Ulukus, S.; Yener, A. Cooperative Security at the Physical Layer: A Summary of Recent Advances. IEEE Signal Process. Mag. 2013, 30, 16–28. [Google Scholar] [CrossRef]
- Sagduyu, Y.E.; Berry, R.A.; Ephremides, A. Jamming games in wireless networks with incomplete information. IEEE Commun. Mag. 2011, 49, 112–118. [Google Scholar] [CrossRef]
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Kim, B.; Sagduyu, Y.; Davaslioglu, K.; Erpek, T.; Ulukus, S. Adversarial Machine Learning for NextG Covert Communications Using Multiple Antennas. Entropy 2022, 24, 1047. https://doi.org/10.3390/e24081047
Kim B, Sagduyu Y, Davaslioglu K, Erpek T, Ulukus S. Adversarial Machine Learning for NextG Covert Communications Using Multiple Antennas. Entropy. 2022; 24(8):1047. https://doi.org/10.3390/e24081047
Chicago/Turabian StyleKim, Brian, Yalin Sagduyu, Kemal Davaslioglu, Tugba Erpek, and Sennur Ulukus. 2022. "Adversarial Machine Learning for NextG Covert Communications Using Multiple Antennas" Entropy 24, no. 8: 1047. https://doi.org/10.3390/e24081047