Transfer-based Adversarial Poisoning Attacks for Online (MIMO-)Deep Receviers

TL;DR

This paper introduces a transfer-based adversarial poisoning attack on online deep neural network-based wireless receivers, demonstrating its effectiveness in degrading performance across various channel conditions.

Contribution

It proposes a novel attack method that poisons pilots without target knowledge, exploiting transferability to impair online deep receivers like DeepSIC in dynamic wireless environments.

Findings

Attack significantly reduces receiver performance in simulations.

Effective across synthetic and real-world channel models.

Demonstrates vulnerability of online deep receivers to adversarial poisoning.

Abstract

Recently, the design of wireless receivers using deep neural networks (DNNs), known as deep receivers, has attracted extensive attention for ensuring reliable communication in complex channel environments. To adapt quickly to dynamic channels, online learning has been adopted to update the weights of deep receivers with over-the-air data (e.g., pilots). However, the fragility of neural models and the openness of wireless channels expose these systems to malicious attacks. To this end, understanding these attack methods is essential for robust receiver design. In this paper, we propose a transfer-based adversarial poisoning attack method for online receivers. Without knowledge of the attack target, adversarial perturbations are injected to the pilots, poisoning the online deep receiver and impairing its ability to adapt to dynamic channels and nonlinear effects. In particular, our attack method targets Deep Soft Interference Cancellation (DeepSIC)[1] using online meta-learning. As a classical model-driven deep receiver, DeepSIC incorporates wireless domain knowledge into its architecture. This integration allows it to adapt efficiently to time-varying channels with only a small number of pilots, achieving optimal performance in a multi-input and multi-output (MIMO) scenario. The deep receiver in this scenario has a number of applications in the field of wireless communication, which motivates our study of the attack methods targeting it. Specifically, we demonstrate the effectiveness of our attack in simulations on synthetic linear, synthetic nonlinear, static, and COST 2100 channels. Simulation results indicate that the proposed poisoning attack significantly reduces the performance of online receivers in rapidly changing scenarios.