Abstract:

Wireless Membership Inference Attack (MIA) is presented to leak private information from wireless signal classifiers. Machine learning (ML) provides a powerful means to classify wireless signals. For PHY-layer authentication. As an adversarial machine learning attack, MIA infers whether a signal of interest is used in the training data of a target classifier. This private information includes waveform, channel, and device characteristics, which, if leaked, can be exploited by an attacker to identify vulnerabilities in the underlying ML model (e.g., penetrating PHY-layer authentication). The challenge with wireless MIA is that the received signal, and therefore the RF fingerprint, differs between the attacker and the intended receiver due to mismatched channel conditions. Therefore, an attacker first observes the spectrum and builds a surrogate classifier, and then launches black-box MIA on this classifier. The MIA results show that the attacker can reliably infer the signals (and possibly radio and channel information) used to build the target classifier. Therefore, an active defense against MIA is developed by building a shadow MIA model and deceiving the attacker. This defense can reduce the accuracy of MIA and prevent information leakage from the radio signal classifier.

Description:

.