Adversarial Deep Learning for Cognitive Radio Security: Jamming Attack and Defense Strategies

摘要

This paper presents an adversarial machine learning approach to launch jamming attacks on wireless communications and introduces a defense strategy. In a cognitive radio network, a transmitter senses channels, identifies spectrum opportunities, and transmits data to its receiver in idle channels. On the other hand, an attacker may also sense channels, identify busy channels and aim to jam transmissions of legitimate users. In a dynamic system with complex channel, traffic and interference characteristics, the transmitter applies some pre-trained machine learning algorithm to classify a channel as idle or busy. This classifier is unknown to the attacker that senses a channel, captures the transmitter's decisions by tracking the acknowledgments and applies deep learning (in form of an exploratory attack, i.e., inference attack) to build a classifier that is functionally equivalent to the one at the transmitter. This approach is shown to support the attacker to reliably predict successful transmissions based on the sensing results and effectively jam these transmissions. Then, a defense scheme is developed against adversarial deep learning by exploiting the sensitivity of deep learning to training errors. The transmitter deliberately takes a small number of wrong actions (in form of a causative attack, i.e., poisoning attack, launched against the attacker) when it accesses the spectrum. The objective is to prevent the attacker from building a reliable classifier. For that purpose, the attacker systematically selects when to take wrong actions to balance the conflicting effects of deceiving the attacker and making correct transmission decisions. This defense scheme successfully fools the attacker into making prediction errors and allows the transmitter to sustain its performance against intelligent jamming attacks.