Explanation-Guided Backdoor Attacks Against Model-Agnostic RF Fingerprinting Systems

IF 9.2 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Transactions on Mobile Computing Pub Date : 2024-10-30 DOI:10.1109/TMC.2024.3487967

Tianya Zhao;Junqing Zhang;Shiwen Mao;Xuyu Wang

{"title":"Explanation-Guided Backdoor Attacks Against Model-Agnostic RF Fingerprinting Systems","authors":"Tianya Zhao;Junqing Zhang;Shiwen Mao;Xuyu Wang","doi":"10.1109/TMC.2024.3487967","DOIUrl":null,"url":null,"abstract":"Despite the proven capabilities of deep neural networks (DNNs) in identifying devices through radio frequency (RF) fingerprinting, the security vulnerabilities of these deep learning models have been largely overlooked. While the threat of backdoor attacks is well-studied in the image domain, few works have explored this threat in the context of RF signals. In this paper, we thoroughly analyze the susceptibility of DNN-based RF fingerprinting to backdoor attacks, focusing on a more practical scenario where attackers lack access to control model gradients and training processes. We propose leveraging explainable machine learning techniques and autoencoders to guide the selection of trigger positions and values, allowing for the creation of effective backdoor triggers in a model-agnostic manner. To comprehensively evaluate this backdoor attack, we employ four diverse datasets with two protocols (Wi-Fi and LoRa) across various DNN architectures. Given that RF signals are often transformed into the frequency or time-frequency domains, this study also assesses attack efficacy in the time-frequency domain. Furthermore, we experiment with potential detection and defense methods, demonstrating the difficulty of fully safeguarding against our proposed backdoor attack. Additionally, we consider the attack performance in the domain shift case.","PeriodicalId":50389,"journal":{"name":"IEEE Transactions on Mobile Computing","volume":"24 3","pages":"2029-2042"},"PeriodicalIF":9.2000,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Mobile Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10738467/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Despite the proven capabilities of deep neural networks (DNNs) in identifying devices through radio frequency (RF) fingerprinting, the security vulnerabilities of these deep learning models have been largely overlooked. While the threat of backdoor attacks is well-studied in the image domain, few works have explored this threat in the context of RF signals. In this paper, we thoroughly analyze the susceptibility of DNN-based RF fingerprinting to backdoor attacks, focusing on a more practical scenario where attackers lack access to control model gradients and training processes. We propose leveraging explainable machine learning techniques and autoencoders to guide the selection of trigger positions and values, allowing for the creation of effective backdoor triggers in a model-agnostic manner. To comprehensively evaluate this backdoor attack, we employ four diverse datasets with two protocols (Wi-Fi and LoRa) across various DNN architectures. Given that RF signals are often transformed into the frequency or time-frequency domains, this study also assesses attack efficacy in the time-frequency domain. Furthermore, we experiment with potential detection and defense methods, demonstrating the difficulty of fully safeguarding against our proposed backdoor attack. Additionally, we consider the attack performance in the domain shift case.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

针对模型不可知射频指纹系统的解释导向后门攻击

尽管深度神经网络（dnn）在通过射频（RF）指纹识别设备方面的能力已得到证实，但这些深度学习模型的安全漏洞在很大程度上被忽视了。虽然后门攻击的威胁在图像领域得到了很好的研究，但很少有作品在射频信号的背景下探索这种威胁。在本文中，我们深入分析了基于dnn的射频指纹识别对后门攻击的易感性，重点关注攻击者无法访问控制模型梯度和训练过程的更实际场景。我们建议利用可解释的机器学习技术和自动编码器来指导触发器位置和值的选择，允许以模型不可知的方式创建有效的后门触发器。为了全面评估这种后门攻击，我们在不同的DNN架构中使用了四种不同的数据集和两种协议（Wi-Fi和LoRa）。考虑到射频信号经常被转换到频域或时频域，本研究还评估了时频域的攻击效能。此外，我们对潜在的检测和防御方法进行了实验，证明了完全防范我们提出的后门攻击的难度。此外，我们还考虑了域移位情况下的攻击性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Transactions on Mobile Computing 工程技术-电信学

CiteScore

12.90

自引率

2.50%

发文量

403

审稿时长

6.6 months

期刊介绍： IEEE Transactions on Mobile Computing addresses key technical issues related to various aspects of mobile computing. This includes (a) architectures, (b) support services, (c) algorithm/protocol design and analysis, (d) mobile environments, (e) mobile communication systems, (f) applications, and (g) emerging technologies. Topics of interest span a wide range, covering aspects like mobile networks and hosts, mobility management, multimedia, operating system support, power management, online and mobile environments, security, scalability, reliability, and emerging technologies such as wearable computers, body area networks, and wireless sensor networks. The journal serves as a comprehensive platform for advancements in mobile computing research.