NSF Project: Understanding and Combating Adversarial Spectrum Learning towards Spectrum-Efficient Wireless Networking

Collaborative Research: SWIFT: SMALL: Understanding and Combating Adversarial Spectrum Learning towards Spectrum-Efficient Wireless Networking

Project Description

This project is led by joint efforts of University of South Florida and University of Miami. The next-generation wireless network is expected to be efficient, reliable, secure and spectrum-intelligent to maximize the efficiency of using the wireless spectrum. Dynamic spectrum access and management designs have shown their potential to substantially improve the spectrum utilization efficiency. Meanwhile, to achieve the goal of securing efficient spectrum access and allocation, it is common in wireless networks systems to collect and use spectrum reports from individual nodes to detect malicious behaviors and/or eliminate attack impacts.

This goal of this project is to expose new security vulnerabilities associated with existing secure spectrum sensing designs and create new spectrum management and defense methods. Our motivating observation is that due to the shared nature of spectrum access operations in wireless networks, the spectrum data oriented security mechanism can either intentionally or unintentionally expose its decision to the wireless nodes (e.g., the fusion center always broadcasts its final decision of spectrum access to individual nodes). This means that malicious nodes in the network can know both spectrum data used for the spectrum access decision and the final decision at the same time. Hence, they can in fact train a machine learning model by using the spectrum data as the input and the decision as the output to steal the defense model used by spectrum management, and then launch specifically targeted attacks (e.g., by creating adversarial examples). We call the security issue raised by such attacks the problem of adversarial spectrum learning.

Personnel

Principle Investigators:
- Zhuo Lu and Yasin Yilmaz at University of South Florida
- Jie Xu at University of Miami
Students:
- Shangqing Zhao, Graduated in 2021
- Zhengping Luo, Graduated in 2021
- Almuthanna Nassar
- Keval Doshi
- Zhe Qu
- Wenwen Zhao
- Furkan Mumcu

Results and Products

We have analyzed the mathematical formulation of adversarial spectrum learning, identify feasible sub-models that can be used in the Learn-Evaluate-Beat attack framework and optimized the probabilistic sub-model selection standard to select the best sub-model to launch effective attacks. We built analytical frameworks of enforcing the influence-limiting policy as an enforcement policy in addition to a primary spectrum allocation algorithm, which, based on a guided mathematical framework, will ensure that a subset of malicious node will not have a significant influence on the eventual spectrum allocation decision. We developed deep neural network-based sequential detection algorithms and also adapted them to other problems in IoT communications and surveillance videos.

We have matured a comprehensive machine learning based model for spectrum sensing. The model spans from a linear model to a fully parameterized deep learning models for collaborative sensing. The model yields accurate predictions based on our collected spectrum sensing data of TV channels at our local areas.

We studied a new multi-armed bandits model called adversarial grouped linear bandits, which captures reward uncertainties due to the stochastic nature of the system and the adversarial behavior of attackers in a single model. This new bandits problem has a wide range of applications, including learning the optimal threshold function for detecting the presence of attack in an online fashion. We developed a new bandits learning algorithm for this new setting and proved its regret bound.

In our experimental evaluation, we find that adversarial spectrum learning is able to successfully fool the spectrum allocation decision process into making wrong decisions for 45%– 80% of the time, thereby resulting in severe performance disruption. We also find that our proposed attack framework for adversarial spectrum learning provides an effective attack strategy even when the number of malicious nodes is small in a network. For example, even when only 15% of nodes are malicious, they can lead to a nearly 20% overall operation disruption ratio in the network. It is found that for influence-limiting based defense against adversarial spectrum learning, optimizing the basic version of influence-limiting can lead to the minimum of the attack’s impact within around 8%-15% of network disruption when the number of attacks is large. It is also found that a low-cost version of influence-limiting has the same performance level with the basic version but achieves only around 10-17% of the complexity.

In addition, we developed deep neural network-based sequential detection algorithms and also adapted them to other problems in IoT communications and surveillance videos. We also studied a new adversarial example attack in deep reinforcement learning (DRL)-based wireless edge computing systems, which misleads computation offloading decisions by carefully transmitting a small interference signal to change the input states of the DRL policy.

Related Publications

◇ Mumcu, Furkan and Doshi, Keval and Yilmaz, Yasin. "Adversarial Machine Learning Attacks Against Video Anomaly Detection Systems," IEEE Computer Society Conference on Computer Vision and Pattern Recognition workshops. pp.2160-7516, 2022
◇ Hou, Tao and Wang, Tao and Lu, Zhuo and Liu, Yao and Sagduyu, Yalin. "IoTGAN: GAN Powered Camouflage Against Machine Learning Based IoT Device Identification", IEEE International Symposium on Dynamic Spectrum Access Networks (DySPAN). pp. 280-287, Dec 2021
◇ Zhengping Luo, Shangqing Zhao, Zhuo Lu, Jie Xu, and Yalin Sagduyu, "When Attackers Meet AI: Learning-empowered Attacks in Cooperative Spectrum Sensing," IEEE Transactions on Mobile Computing, vol. 21, pp. 1892-1908, 2021 .
◇ Almuthanna Nassar and Yasin Yilmaz, "Deep Reinforcement Learning for Adaptive Network Slicing in 5G for Intelligent Vehicular Systems and Smart Cities," IEEE Internet of Things Journal, pp. 2372-2541, 2021
◇Zhengping Luo, Shangqing Zhao, Rui Duan, Zhuo Lu, Yalin E. Sagduyu, and Jie Xu, "Low-cost Influence-Limiting Defense against Adversarial Machine Learning Attacks in Cooperative Spectrum Sensing," Proc. of ACM Workshop on Wireless Security and Machine Learning (WiSec-WiseML), July, 2021.
◇Keval Doshi and Yasin Yilmaz, "Online anomaly detection in surveillance videos with asymptotic bound on false alarm rate", Pattern Recognition, Vol. 114, June 2021.
◇ Letian Zhang and Jie Xu, "Fooling Edge Computation Offloading via Stealthy Interference Attack," ACM/IEEE Symposium on Edge Computing - Workshop on Edge Computing and Communications, Nov., 2020.

Broader Impacts

The introduction of machine learning/adversarial machine learning and adversarial spectrum learning has been added in the graduate class EEL6935 Wireless Mobile Computing and Security at University of South Florida.
Parts of the research results have been presented online in IEEE/ACM SEC-EdgeComm 2020, ACM WiSec-WiseML 2021, IEEE DySPAN 2021 and IEEE CVPR Workshop 2022.
One female Ph.D. student has been recruited to work on the related research at University of South Florida.