Defending Adversarial Attacks on Deep Learning Based Power Allocation in Massive MIMO Using Denoising Autoencoders

TL;DR

This paper introduces a denoising autoencoder-based defense mechanism to protect deep learning models for power allocation in massive MIMO networks from adversarial attacks, ensuring robustness without retraining.

Contribution

It proposes a novel autoencoder-based mitigation technique that defends against adversarial attacks on deep learning power allocation models in maMIMO networks without retraining.

Findings

Effectively mitigates adversarial attacks across multiple threat models

Outperforms existing benchmarks in attack mitigation

Maintains high accuracy without attacks and low computational overhead

Abstract

Recent work has advocated for the use of deep learning to perform power allocation in the downlink of massive MIMO (maMIMO) networks. Yet, such deep learning models are vulnerable to adversarial attacks. In the context of maMIMO power allocation, adversarial attacks refer to the injection of subtle perturbations into the deep learning model's input, during inference (i.e., the adversarial perturbation is injected into inputs during deployment after the model has been trained) that are specifically crafted to force the trained regression model to output an infeasible power allocation solution. In this work, we develop an autoencoder-based mitigation technique, which allows deep learning-based power allocation models to operate in the presence of adversaries without requiring retraining. Specifically, we develop a denoising autoencoder (DAE), which learns a mapping between potentially perturbed data and its corresponding unperturbed input. We test our defense across multiple attacks and in multiple threat models and demonstrate its ability to (i) mitigate the effects of adversarial attacks on power allocation networks using two common precoding schemes, (ii) outperform previously proposed benchmarks for mitigating regression-based adversarial attacks on maMIMO networks, (iii) retain accurate performance in the absence of an attack, and (iv) operate with low computational overhead.