NSF Project: Understanding and Combating Adversarial Spectrum Learning towards Spectrum-Efficient Wireless Networking

NSF Award 2044516: CAREER: Data-Driven Wireless Networking Designs for Efficiency and Security

Project Description

Today's wireless networks are being re-shaped by ubiquitous wireless connectivity (e.g., WiFi and 4G/5G) and emerging network architectures (e.g., Internet of Things, edge/fog computing, and cyber-physical systems). On one hand, wireless networks are being designed to provide efficient, high-bandwidth wireless connectivity to wireless users; on the other hand, the user demand for more efficient, reliable, and secure wireless data services. Wireless network designs have been traditionally guided by theoretical or decision logic frameworks, such as estimation and detection theory, control mechanisms, interference avoidance and cancelation designs. During the past decades, we have witnessed the substantial innovations in the wireless network design domain based on these frameworks. At the same time, wireless network operations are facing increasingly more complicated environments (e.g., network coexistence, cross-technology communication, opportunistic/cognitive networking, and selfish/malicious behaviors). These environments push wireless network designs for even higher requirements of efficiency and security.

The proposed project focuses on exploring the new dimension of creating data-driven approaches towards improving the wireless network performance and security. Our approaches are motivated by the fact that wireless network nodes are able to hear (or overhear) various operational data exchanges broadcast over the wireless channel. The property of such network data reflects various operational conditions (e.g., transmission settings, channel status, node coordinations, and even firmware setups), and becomes an essential enabler for data-driven approaches going beyond traditional ones. We observe that the indications of using the large volume of wireless network data are twofold: on one hand, it should open a door for network nodes to leverage the data property to improve the wireless network efficiency and reliability; on the other hand, the data can also be observed by malicious nodes that try to gradually gain the knowledge about network operations and launch effective attacks. As a result, data-driven approaches proposed in this project aim at improving wireless network efficiency, reliability, as well as security. One key difference between data-driven and traditional network designs is that the online data due to network activities will be collected, processed and used towards a design objective.

Personnel

Principle Investigators:
- Zhuo Lu at University of South Florida
Students:
- Rui Duan
- Xiao Han
- Xiaowen Li
- Zhe Qu
- Jiahao Xue
- Wenwei Zhao

Results and Products

In MU-MIMO user selection commonly used in wireless networking, we discovered that this convenient CSI feed-back mechanism actually creates a subtle attack surface for attackers to subvert the user selection in MU-MIMO networks. Specifically, since the CSI feedback is self-reported and is transmitted in plaintext (e.g., in WiFi), an attacker is able to collect and analyze users’ feedback data, and further to delicately fabricate a forged channel feedback to manipulate the user selection results. We investigated the potential attacks against CSI-based user selection algorithms and developed a system, named MU-MIMO user selection strategy inference and subversion (MUSTER), to systematically study a security attacker’s strategies to subvert MU-MIMO user selection commonly used in wireless networking. We also investigated the defense strategies against the proposed MUSTER attack strategies.

During designing detailed MUSTER attack strategies, we focuses on three major attack objectives: (i) Targeted Denial of Service (TDoS): The attacker aims to starve particular users, such that the victims can never or barely get access to the transmitter. Such attacks can specify any victims to amplify its adverse impact, such as disconnecting important users who provide essential services, disrupting users requesting time-sensitive accesses, or starving local-network competitors. (ii) Cooperative Privilege Escalation (CPE): The attacker aims to escalate the privilege of particular users (e.g., a conspirator), increasing their possibility of being selected and obtaining exclusive service. In this way, the attacker and the conspirator can cooperatively gain unfair access to the transmitter and abuse network operations. (iii) Network Throughput Degradation (NTD): One of the key objectives of user selection algorithms is to select a user group that achieves the maximum network throughput. By fabricating a forged CSI feedback, the attacker can subvert user selection results and substantially degrade the target MU-MIMO network throughput.

We implemented MUSTER as a practical system and conduct experiments on real-world MU-MIMO networks with different user selection algorithms and settings. We investigated the proposed attacks on top of user selection predictions. Results shows that TDoS can achieve up to 97.48% success rate, CPE can achieve up to 94.86% success rate, and NTD can substantially leads to 34.7%∼ 54.3% network throughput degradation. The experiment results indicate that MUSTER can effectively launch desired attacks.

We proposed a defense strategy called reciprocal consistency checking. Note that the attack design reverse-engineers a user selection algorithm at the wireless access point (AP) (or base station) and leads to a malicious user creating fake channel state information (CSI) feedbacks to fool the algorithm at the AP. Reciprocal consistency checking, motivated by the wireless channel reciprocity, checks the consistency between the uplink channel estimated by the base station and the downlink channel feedback from the user. However, this straightforward approach may not work due to imbalanced amplitude attenuations and phase rotations in channels introduced by hardware circuit modules. We observe that the hardware-oriented distortion is identical for channels estimated at the same device. Thus, the ratios between any pair of channel gains should remain similar during a short period and the deviations of the ratios can become an indicator to potential CSI manipulations. As there are many ratios of multiple pairs of channel gains, we use the average of all channel ratios as the metric to indicate the presence of CSI manipulation.

We have validated the effectiveness of the proposed reciprocal consistency checking in various experimental scenarios. It is observed that when we appropriately set the threshold of the deviation of the average in all ratios of channel gain pairs, we can obtain a detection rate of 99.32% (i.e., the probability of detecting the presence of the attack that fakes CSI feedbacks to achieves its attack objective) and a false positive of 0.05% (i.e., the probability of raising an attack alarm in the scenario where there is actually no attack). When reciprocal consistency checking detects a user that fakes the CSI, it will preclude the user from the user selection group. Overall, reciprocal consistency checking is able to effectively prevent TDoS, CPE and NTD attacks, while resulting in the minimum disruption to normal users.

When creating a data-learning based attacker in wireless networks, we find that an effective strategy for identifying cellular IoT devices from cellular networks is to create probing based design and build Long Short-term Memory (LSTM) to identify potential IoT devices with near 100% accuracy.

Related Publications

◇ Zhe Qu, Rui Duan, Xiao Han, Shangqing Zhao, Yao Liu, and Zhuo Lu. Guessing on Dominant Paths: Understanding the Limitation of Wireless Authentication Using Channel State Information. IEEE Symposium on Security and Privacy (S&P). May. 2024.
◇ Wenwei Zhao, Xiaowen Li, Shangqing Zhao, Jie Xu, Yao Liu, and Zhuo Lu. Detecting Adversarial Spectrum Attacks via Distance to Decision Boundary Statistics. IEEE Conference on Computer Communications (INFOCOM). May. 2024.
◇ Jiahao Xue, Zhe Qu, Shangqing Zhao, Yao Liu and Zhuo Lu. Data-Driven Next-Generation Wireless Networking: Embracing AI for Performance and Security. IEEE Conference on Computer Communications and Networks (ICCCN). Jul. 2023.
◇ Tao Hou, Shengping Bi, Tao Wang, Zhuo Lu, Yao Liu, Satyajayant Misra, and Yalin Sagduyu. How Can the Adversary Effectively Identify Cellular IoT Devices Using LSTM Networks?. ACM Workshop on Wireless Security and Machine Learning (WiseML), May, 2023.
◇ Tao Hou, Shengping Bi, Tao Wang, Zhuo Lu, Yao Liu, Satyajayant Misra, and Yalin Sagduyu. MUSTER: Subverting User Selection in MU-MIMO Networks. IEEE Conference on Computer Communications (INFOCOM). pp. 140--149. 2022.
◇ Tao Hou, Tao Wang, Zhuo Lu, and Yalin Sagduyu. Undermining Deep Learning Based Channel Estimation via Adversarial Wireless Signal Fabrication. ACM Workshop on Wireless Security and Machine Learning (WiseML), 2022.

Broader Impacts

The introduction of data-driven approaches for wireless network efficiency and security has integrated into the Wireless Mobile Computing and Security class at University of South Florida.
Parts of the research results have been presented in IEEE INFOCOM 2022, 2024, IEEE ICCCN 2023, ACM WiSec-WiseML 2022-2023, IEEE S&P 2024.
The project involves two female Ph.D. students.