Hacking the Waveform: Generalized Wireless Adversarial Deep Learning

TL;DR

This paper introduces a comprehensive analysis of adversarial attacks on wireless deep learning systems, proposing a new neural network architecture to effectively deceive classifiers under various channel conditions.

Contribution

It formulates the GWAP framework, proposes FIRNet for blackbox attacks, and demonstrates significant classifier accuracy reduction in real-world wireless scenarios.

Findings

FIRNet can reduce classifier accuracy up to 3x in simulations.

The approach confuses classifiers with up to 97% success in real testbeds.

Adversarial attacks remain effective across different wireless channel conditions.

Abstract

This paper advances the state of the art by proposing the first comprehensive analysis and experimental evaluation of adversarial learning attacks to wireless deep learning systems. We postulate a series of adversarial attacks, and formulate a Generalized Wireless Adversarial Machine Learning Problem (GWAP) where we analyze the combined effect of the wireless channel and the adversarial waveform on the efficacy of the attacks. We propose a new neural network architecture called FIRNet, which can be trained to "hack" a classifier based only on its output. We extensively evaluate the performance on (i) a 1,000-device radio fingerprinting dataset, and (ii) a 24-class modulation dataset. Results obtained with several channel conditions show that our algorithms can decrease the classifier accuracy up to 3x. We also experimentally evaluate FIRNet on a radio testbed, and show that our data-driven blackbox approach can confuse the classifier up to 97% while keeping the waveform distortion to a minimum.