6 research outputs found
Generative Adversarial Networks for Black-Box API Attacks with Limited Training Data
As online systems based on machine learning are offered to public or paid
subscribers via application programming interfaces (APIs), they become
vulnerable to frequent exploits and attacks. This paper studies adversarial
machine learning in the practical case when there are rate limitations on API
calls. The adversary launches an exploratory (inference) attack by querying the
API of an online machine learning system (in particular, a classifier) with
input data samples, collecting returned labels to build up the training data,
and training an adversarial classifier that is functionally equivalent and
statistically close to the target classifier. The exploratory attack with
limited training data is shown to fail to reliably infer the target classifier
of a real text classifier API that is available online to the public. In
return, a generative adversarial network (GAN) based on deep learning is built
to generate synthetic training data from a limited number of real training data
samples, thereby extending the training data and improving the performance of
the inferred classifier. The exploratory attack provides the basis to launch
the causative attack (that aims to poison the training process) and evasion
attack (that aims to fool the classifier into making wrong decisions) by
selecting training and test data samples, respectively, based on the confidence
scores obtained from the inferred classifier. These stealth attacks with small
footprint (using a small number of API calls) make adversarial machine learning
practical under the realistic case with limited training data available to the
adversary
Over-the-Air Membership Inference Attacks as Privacy Threats for Deep Learning-based Wireless Signal Classifiers
This paper presents how to leak private information from a wireless signal
classifier by launching an over-the-air membership inference attack (MIA). As
machine learning (ML) algorithms are used to process wireless signals to make
decisions such as PHY-layer authentication, the training data characteristics
(e.g., device-level information) and the environment conditions (e.g., channel
information) under which the data is collected may leak to the ML model. As a
privacy threat, the adversary can use this leaked information to exploit
vulnerabilities of the ML model following an adversarial ML approach. In this
paper, the MIA is launched against a deep learning-based classifier that uses
waveform, device, and channel characteristics (power and phase shifts) in the
received signals for RF fingerprinting. By observing the spectrum, the
adversary builds first a surrogate classifier and then an inference model to
determine whether a signal of interest has been used in the training data of
the receiver (e.g., a service provider). The signal of interest can then be
associated with particular device and channel characteristics to launch
subsequent attacks. The probability of attack success is high (more than 88%
depending on waveform and channel conditions) in identifying signals of
interest (and potentially the device and channel information) used to build a
target classifier. These results show that wireless signal classifiers are
vulnerable to privacy threats due to the over-the-air information leakage of
their ML model
When Wireless Security Meets Machine Learning: Motivation, Challenges, and Research Directions
Wireless systems are vulnerable to various attacks such as jamming and
eavesdropping due to the shared and broadcast nature of wireless medium. To
support both attack and defense strategies, machine learning (ML) provides
automated means to learn from and adapt to wireless communication
characteristics that are hard to capture by hand-crafted features and models.
This article discusses motivation, background, and scope of research efforts
that bridge ML and wireless security. Motivated by research directions surveyed
in the context of ML for wireless security, ML-based attack and defense
solutions and emerging adversarial ML techniques in the wireless domain are
identified along with a roadmap to foster research efforts in bridging ML and
wireless security
IoT Network Security from the Perspective of Adversarial Deep Learning
Machine learning finds rich applications in Internet of Things (IoT) networks
such as information retrieval, traffic management, spectrum sensing, and signal
authentication. While there is a surge of interest to understand the security
issues of machine learning, their implications have not been understood yet for
wireless applications such as those in IoT systems that are susceptible to
various attacks due the open and broadcast nature of wireless communications.
To support IoT systems with heterogeneous devices of different priorities, we
present new techniques built upon adversarial machine learning and apply them
to three types of over-the-air (OTA) wireless attacks, namely jamming, spectrum
poisoning, and priority violation attacks. By observing the spectrum, the
adversary starts with an exploratory attack to infer the channel access
algorithm of an IoT transmitter by building a deep neural network classifier
that predicts the transmission outcomes. Based on these prediction results, the
wireless attack continues to either jam data transmissions or manipulate
sensing results over the air (by transmitting during the sensing phase) to fool
the transmitter into making wrong transmit decisions in the test phase
(corresponding to an evasion attack). When the IoT transmitter collects sensing
results as training data to retrain its channel access algorithm, the adversary
launches a causative attack to manipulate the input data to the transmitter
over the air. We show that these attacks with different levels of energy
consumption and stealthiness lead to significant loss in throughput and success
ratio in wireless communications for IoT systems. Then we introduce a defense
mechanism that systematically increases the uncertainty of the adversary at the
inference stage and improves the performance. Results provide new insights on
how to attack and defend IoT networks using deep learning
Adversarial Machine Learning in Wireless Communications using RF Data: A Review
Machine learning provides effective means to learn from spectrum data and
solve complex tasks involved in wireless communications. Supported by recent
advances in computational resources and algorithmic designs, deep learning has
found success in performing various wireless communication tasks such as signal
recognition and spectrum sensing. However, machine learning in general and deep
learning in particular has recently been found vulnerable to manipulations in
training and test times giving rise to a field of study called Adversarial
Machine Learning (AML). Although AML has been extensively studied in other data
domains such as computer vision and natural language processing, research for
AML in the wireless communications domain is in its early stage. This paper
presents a comprehensive review of the latest research efforts focused on AML
in wireless communications while accounting for the unique characteristics of
wireless systems. First, the necessary background on the various types of AML
attacks is provided. Then, a holistic survey of the works developing the AML
attacks and the corresponding defense mechanisms in the wireless domain is
presented. Finally, recent research trends are identified and the future
outlook for AML as a new attack surface for wireless communications is
described.Comment: 13 pages, 2 figure
Deep Learning for Wireless Communications
Existing communication systems exhibit inherent limitations in translating
theory to practice when handling the complexity of optimization for emerging
wireless applications with high degrees of freedom. Deep learning has a strong
potential to overcome this challenge via data-driven solutions and improve the
performance of wireless systems in utilizing limited spectrum resources. In
this chapter, we first describe how deep learning is used to design an
end-to-end communication system using autoencoders. This flexible design
effectively captures channel impairments and optimizes transmitter and receiver
operations jointly in single-antenna, multiple-antenna, and multiuser
communications. Next, we present the benefits of deep learning in spectrum
situation awareness ranging from channel modeling and estimation to signal
detection and classification tasks. Deep learning improves the performance when
the model-based methods fail. Finally, we discuss how deep learning applies to
wireless communication security. In this context, adversarial machine learning
provides novel means to launch and defend against wireless attacks. These
applications demonstrate the power of deep learning in providing novel means to
design, optimize, adapt, and secure wireless communications