Generative Adversarial Network for Wireless Signal Spoofing
Proceedings of the ACM Workshop on Wireless Security and Machine Learning, pp.55-60, (2019)
The paper presents a novel approach of spoofing wireless signals by using a general adversarial network (GAN) to generate and transmit synthetic signals that cannot be reliably distinguished from intended signals. It is of paramount importance to authenticate wireless signals at the PHY layer before they proceed through the receiver chain...More
PPT (Upload PPT)
- Wireless communications is susceptible to adversaries due to the open and shared nature of wireless medium.
- The spoofing attack is launched by an adversary that aims to mimic a legitimate user in its transmissions.
- One common approach for wireless signal spoofing is recording a legitimate user’s transmission and replaying the signal later by potentially adjusting the transmit power.
- While this approach can represent various features in the signal at a high level, it may fall short of reliably mimicking combined waveform, channel, and device effects.
- In this context, machine learning provides automated means to authenticate signals by analyzing wireless signals and identifying anomalies.
- Enabled by recent advances in computational resources, deep learning can effectively process raw spectrum data and operate on latent representations, while analyzing high-dimensional spectrum dynamics that feature-based machine learning algorithms fail to achieve
- Wireless communications is susceptible to adversaries due to the open and shared nature of wireless medium
- We show that the success probability increases to 36.2% against a defender that uses a deep learning classifier
- We find that the same classifier pre-trained at R, which works very well to discriminate signals from T from random or replayed signals, cannot successfully identify synthetic signals generated by the general adversarial network (GAN)
- We designed a GAN-based spoofing attack that generates synthetic data that is transmitted by an adversary transmitter and distinguishes real and synthetic data at an adversary receiver
- The signals generated by the GAN generator are transmitted for spoofing attack
- The GAN-based spoofing attack provides a major improvement in attack success probability over the random signal and replay attacks even when the node locations change from training to test time
- Method of spoofing attack
Random signal Replay (Amplify and forward)
AT ’s location (0, 10) (0, 11) (0, 15) (0, 20)
GAN is run only for 478 epochs in this simulation setting.
- The success probability of spoofing attack is increased to 76.2%, when the GAN is used by the adversary.
- AT may request the collaboration of AR to retrain a GAN and use its updated generator for spoofing attack.
- If such update is not available, AT can still use its current generator to launch the attack.
- The authors can see that as AT moves away from T , the attack success probability decreases.
- This is an expected result since the distribution of the received channel characteristics varies as the receiver moves to a different location.
- The attack success probability is still significantly higher than the one achieved by the replay attack
- The authors show that the success probability increases to 36.2% against a defender that uses a deep learning classifier.
- This probability is still much less than 50%, i.e., most of replay-based spoofing attacks based on amplifying and forwarding signals are still not successful.
- The success probability of spoofing attack increases to 76.2%, when the GAN-based approach is used.
- The authors check the maximum perturbation in G and D loss functions over the most recent 100 epochs of GAN training.
- The success probability of spoofing attack is increased to 76.2%, when the GAN is used by the adversary
- The authors designed a novel approach of spoofing wireless signals by generating synthetic signals by the GAN.
- The authors considered the case that an adversary transmits synthetic signals such that they are misclassified as the intended ones.
- The authors first showed that if there is no attack, a pre-trained deep learning-based classifier can distinguish signals reliably.
- The authors considered a simple spoofing mechanism such as the replay attack that can only keep some pattern of intended signals.
- The success probability of replay attack against a deep learning-based classifier remains limited.
- The authors designed a GAN-based spoofing attack that generates synthetic data that is transmitted by an adversary transmitter and distinguishes real and synthetic data at an adversary receiver.
- The GAN-based spoofing attack provides a major improvement in attack success probability over the random signal and replay attacks even when the node locations change from training to test time.
- As the GAN opens them new opportunities to effectively spoof wireless signals, new defense mechanisms are called for as future work
- Table1: Success probability of spoofing attack by different methods
- Table2: The impact of AT ’s mobility on success probability of spoofing attack
- There are different types of attacks on wireless communications in the literature . In particular, attacks on spectrum sensing include spectrum sensing data falsification (SSDF) attack [14, 15], primary user emulation (PUE) attack , eavesdropping , and noncooperation . Attacks on data transmission include jamming  in form of a denial-of-service (DoS) attack  with different levels of prior information . There are also attacks on higher layers, e.g., attacks on routing in the network layer  and network flow inference attacks . Defense methods were developed to address these attacks. For example, an adaptive, jamming-resistant spectrum access protocol was proposed in  for cognitive radio ad hoc networks, where there are multiple channels that the secondary users can utilize. Jamming games between a cognitive user and a smart jammer was considered in , where they individually determine their transmit powers.
- This effort is supported by the U.S Army Research Office under contract W911NF-17-C-0090
Study subjects and analysis
In the simulation setting, the location of T is (0, 0), the location of R is (10, 0), the location of AT is (0, 10), the location of AR is (10, 0.1) (see Figs. 2 and 3), and the normalized transmit power at B is 1000. R collects 1000 samples, each with 400 spectrum sensing results, and a label (‘T ’ or ‘not T ’) as training data and applies the classifier on another 1000 samples to evaluate accuracy. We used the above deep neural network and tuned its parameters
signal samples: 500
We now consider the spoofing attack based on the GAN . As the first step, AR collects 500 signal samples from T and 500 signal samples from AT , where AT can flag its transmissions such that AR can have ground truth. Each sample has coded data of 8 bits under the QPSK modulation, i.e., 4 signals
- K. Davaslioglu and Y. E. Sagduyu, “Generative adversarial learning for spectrum sensing," IEEE International Conference on Communications (ICC), Kansas City, MO, May 20–24, 2018.
- T. O’Shea, J. Corgan, and C. Clancy, “Convolutional radio modulation recognition networks," International Conference on Engineering Applications of Neural Networks, Aberdeen, United Kingdom, Sept. 2–5, 2016.
- Y. Shi, Y. E Sagduyu, T. Erpek, K. Davaslioglu, Z. Lu, and J. Li, “Adversarial deep learning for cognitive radio security: Jamming attack and defense strategies,” IEEE International Conference on Communications (ICC) Workshop on Promises and Challenges of Machine Learning in Communication Networks, Kansas City, MO, May 24, 2018.
- Y. Vorobeychik and M. Kantarcioglu, Adversarial machine learning, Morgan & Claypool, 2018.
- Y. Shi, Y. E. Sagduyu, K. Davaslioglu, and R. Levy, “Vulnerability detection and analysis in adversarial deep learning," Guide to Vulnerability Analysis for Computer Networks and Systems - An Artificial Intelligence Approach, Springer, Cham, 2018.
- Y. Shi, T. Erpek, Y. E. Sagduyu, and J. Li, “Spectrum data poisoning with adversarial deep learning,” IEEE Military Communications Conference (MILCOM), 2018.
- M. Sadeghi and E.G. Larsson, “Adversarial attacks on deep-learning based radio signal classification," IEEE Wireless Communications Letters, 2018.
- B. Flowers, R. M. Buehrer, and W. C. Headley, “Evaluating adversarial evasion attacks in the context of wireless communications," arXiv preprint, arXiv:1903.01563, 2019.
- M. Z. Hameed, A. Gyorgy, and D. Gunduz, “Communication without interception: Defense against deep-learning-based modulation detection," arXiv preprint, arXiv:1902.10674, 2019.
- S. Kokalj-Filipovic and R. Miller, “Adversarial examples in RF deep learning: Detection of the attack and its physical robustness," arXiv preprint, arXiv:1902.06044, 2019.
- I. Goodfellow, J. Pouget-Abadie, M. Mirza, B. Xu, D. Warde-Farley, S. Ozair, A. Courville A, and Y. Bengio, “Generative Adversarial Nets,” Advances in Neural Information Processing Systems, 2014.
- T. Erpek, Y. E. Sagduyu, and Y. Shi, “Deep learning for launching and mitigating wireless jamming attacks," IEEE Transactions on Cognitive Communications and Networking, vol. 5, no. 1, pp. 2–14, Mar. 2019.
- T. C. Clancy, and N. Goergen, “Security in cognitive radio networks: Threats and mitigation," IEEE Conference on Cognitive Radio Oriented Wireless Networks and Communications (CrownCom), Singapore, May 15–17, 2008.
- F. Penna, Y. Sun, L. Dolecek, and D. Cabric, “Detecting and counteracting statistical attacks in cooperative spectrum sensing," IEEE Transactions on Signal Processing, vol. 60, no. 4, pp. 1806–1822, Apr. 2012.
- Y. E. Sagduyu, “Securing cognitive radio networks with dynamic trust against spectrum sensing data falsification," IEEE Military Communications Conference (MILCOM), Baltimore, MD, Oct. 6–8, 2014.
- Z. Yuan, D. Niyato, H. Li, J.B. Song, and Z. Han, “Defeating primary user emulation attacks using belief propagation in cognitive radio networks," IEEE Journal Selected Areas in Communications, vol. 30, no. 10, pp. 1850–1860, Nov. 2012.
- Y. Zou, J. Zhu, L. Yang, Y.-C. Liang, and Y.-D. Yao, “Securing physical-layer communications for cognitive radio networks," IEEE Communications Magazine, vol. 53, no. 9, pp. 48–54, Sep. 2015.
- Y. E. Sagduyu, R. Berry, and A. Ephremides, “MAC games for distributed wireless network security with incomplete information of selfish and malicious user types," IEEE International Conference on Game Theory for Networks (GameNets), 2009.
- Y. E. Sagduyu, Y. Shi, A. B. MacKenzie, and T. Hou, “Regret minimization for primary/secondary access to satellite resources with cognitive interference," IEEE Transactions on Wireless Communications, vol. 17, no. 5, pp. 3512–3523, May 2018.
- Y. E. Sagduyu and A. Ephremides, “A game-theoretic analysis of denial of service attacks in wireless random access," Journal of Wireless Networks, vol. 15, no. 5, pp. 651-666, 2009.
- Y. E. Sagduyu, R. Berry, and A. Ephremides, “Jamming games in wireless networks with incomplete information," IEEE Communications Magazine, vol. 49, no 8, pp. 112–118, Aug. 2011.
- Z. Lu, Y. E. Sagduyu, and J. Li, “Securing the backpressure algorithm for wireless networks," IEEE Transactions on Mobile Computing, vol. 16, no. 4, pp. 1136–1148, Apr. 2017.
- Z. Lu and C. Wang, “Enabling network anti-inference via proactive strategies: a fundamental perspective," IEEE/ACM Transactions on Networking, vol. 25, no. 1, pp. 43–55, Feb. 2017.
- Q. Wang, K. Ren, P. Ning, and S. Hu, “Jamming-resistant multiradio multichannel opportunistic spectrum access in cognitive radio networks,” IEEE Transactions on Vehicular Technology, vol. 65, no. 10, pp. 8331–8344, 2016.
- L. Xiao, J. Liu, Q. Li, N. B. Mandayam, and H. V. Poor, “User-centric view of jamming games in cognitive radio networks,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 12, pp. 2578–2590, 2015.
- M. Lichtman, R.P. Jover, M. Labib, R. Rao, V. Marojevic, and J.H. Reed, “LTE/LTEA jamming, spoofing, and sniffing: Threat assessment and mitigation," IEEE Communications Magazine, vol. 54, no. 4, pp. 54–61, 2016.
- K. Gai, M. Qiu, Z. Ming, H. Zhao, and L. Qiu, “Spoofing-jamming attack strategy using optimal power distributions in wireless smart grid networks," IEEE Transactions on Smart Grid, vol. 8, no. 5, pp. 2431–2439, Sept. 2017.
- Y. Chen, W. Trappe, and R.P. Martin, “Detecting and localizing wireless spoofing attacks," IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, 2007.
- Y. Sheng, K. Tan, G. Chen, D. Kotz, and A. Campbell, “Detecting 802.11 MAC layer spoofing using received signal strength," IEEE Conference on Computer Communications (INFOCOM), Phoenix, AZ, 2008.
- M. Sajjad, S. Khan, T. Hussain, K. Muhammad, A.K. Sangaiah, A. Castiglione, C. Esposito, and S.W. Baik, “CNN-based anti-spoofing two-tier multi-factor authentication system," Pattern Recognition Letters, 2018.
- A. Ferdowsi and W. Saad, “Deep learning for signal authentication and security in massive internet of things systems," arXiv preprint, arXiv:1803.00916, 2018.
- L. Xiao, D. Jiang, D. Xu, H. Zhu, Y. Zhang, and V. Poor, “Two-dimensional antijamming mobile communication based on reinforcement learning," IEEE Transactions on Vehicular Technology, vol. 67, no. 10, pp. 9499–9512, Oct. 2018.
- Z. Wu. Y. Zhao, Z. Yin, and H. Luo, “Jamming signals classification using convolutional neural network," IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), pp. 62–67, 2017.
- D. T. Hoang, D. Niyato, P. Wang, and D. I. Kim, “Performance analysis of wireless energy harvesting cognitive radio networks under smart jamming attacks,” IEEE Transactions on Cognitive Communications and Networking, vol. 1, no. 2, pp. 200– 216, June 2015.
- Y. Liang, Z. Cai, J. Yu, Q. Han, and Y. Li, “Deep learning based inference of private information using embedded sensors in smart devices," IEEE Network, 2018.
- Y. Yang, Y. Li, W. Zhang, F. Qin, P. Zhu, and C.-X. Wang, “Generative-adversarialnetwork-based wireless channel modeling: Challenges and opportunities," IEEE Communications Magazine, vol. 57, no. 3, pp. 22–27, Mar. 2019.
- T.J. O’Shea, T. Roy, N. West, and B.C. Hilburn, “Physical Layer communications system design over-the-air using adversarial networks," arXiv preprint, arXiv:1803.03145, 2018.
- T.J. O’Shea, T. Roy, and N. West, “Approximating the void: Learning stochastic channel models from observation with variational generative adversarial networks," arXiv preprint, arXiv:1805.06350, 2018.
- T. Kinnunen, M. Sahidullah, H. Delgado, M. Todisco, N. Evans, J. Yamagishi, and K.A. Lee, “The ASVspoof 2017 challenge: Assessing the limits of replay spoofing attack detection," 2017.
- A. Hoehn and P. Zhang, “Detection of replay attacks in cyber-physical systems," IEEE American Control Conference (ACC), 2016.