Explanation-Guided Backdoor Attacks Against Model-Agnostic RF Fingerprinting Systems

Abstract

Despite the proven capabilities of deep neural networks (DNNs) in identifying devices through radio frequency (RF) fingerprinting, the security vulnerabilities of these deep learning models have been largely overlooked. While the threat of backdoor attacks is well-studied in the image domain, few works have explored this threat in the context of RF signals. In this paper, we thoroughly analyze the susceptibility of DNN-based RF fingerprinting to backdoor attacks, focusing on a more practical scenario where attackers lack access to control model gradients and training processes. We propose leveraging explainable machine learning techniques and autoencoders to guide the selection of trigger positions and values, allowing for the creation of effective backdoor triggers in a model-agnostic manner. To comprehensively evaluate this backdoor attack, we employ four diverse datasets with two protocols (Wi-Fi and LoRa) across various DNN architectures. Given that RF signals are often transformed into the frequency or time-frequency domains, this study also assesses attack efficacy in the time-frequency domain. Furthermore, we experiment with potential detection and defense methods, demonstrating the difficulty of fully safeguarding against our proposed backdoor attack. Additionally, we consider the attack performance in the domain shift case.