Abstract
As artificial intelligence (AI) has become an integral part of modern mobile networks, there is an increasing concern about vulnerabilities of intelligent machine learning (ML)-driven network components to adversarial effects. Due to the shared nature of wireless mediums, these components may be susceptible to sophisticated attacks that can manipulate the training and inference processes of the AI/ML models over the air. In our research, we focus on adversarial example attacks. During such an attack, an adversary aims to supply intelligently crafted input features to the target model so that it outputs a certain wrong result. This type of attack is the most realistic threat to the AI/ML models deployed in a 5G network since it takes place in the inference stage and therefore does not require having access to either the target model or the datasets during the training. In this study, we first provide experimental results for multiple use cases in order to demonstrate that such an attack approach can be carried out against various AI/ML-driven frameworks which might be present in the mobile network. After that, we discuss the defence mechanisms service providers may employ in order to protect the target network from adversarial effects.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alkhateeb, A.: Deepmimo: A generic deep learning dataset for millimeter wave and massive MIMO applications. ar**v:1902.06435 (2019)
Alrabeiah, M., Alkhateeb, A.: Deep learning for TDD and FDD massive MIMO: Map** channels in space and frequency. In: 2019 53rd Asilomar Conference on Signals, Systems, and Computers, pp. 1465–1470. IEEE, Piscataway (2019)
Alrabeiah, M., Alkhateeb, A.: Deep learning for mmWave beam and blockage prediction using sub-6 GHz channels. IEEE Trans. Commun. 68(9), 5504–5518 (2020)
Alzantot, M., Sharma, Y., Chakraborty, S., Zhang, H., Hsieh, C.J., Srivastava, M.B.: Genattack: Practical black-box attacks with gradient-free optimization. In: Proceedings of the Genetic and Evolutionary Computation Conference, pp. 1111–1119 (2019)
Brendel, W., Rauber, J., Bethge, M.: Decision-based adversarial attacks: Reliable attacks against black-box machine learning models. ar**v:1712.04248 (2017)
Cao, G., Lu, Z., Wen, X., Lei, T., Hu, Z.: Aif: an artificial intelligence framework for smart wireless network management. IEEE Commun. Lett. 22(2), 400–403 (2018). https://doi.org/10.1109/LCOMM.2017.2776917
Catak, E., Catak, F.O., Moldsvor, A.: Adversarial machine learning security problems for 6G: mmWave beam prediction use-case. ar**v:2103.07268 (2021)
Chen, M., Saad, W., Yin, C., Debbah, M.: Echo state networks for proactive caching in cloud-based radio access networks with mobile users. IEEE Trans. Wirel. Commun. 16(6), 3520–3535 (2017). https://doi.org/10.1109/TWC.2017.2683482
Chen, J., Jordan, M.I., Wainwright, M.J.: Hopskipjumpattack: A query-efficient decision-based attack. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1277–1294. IEEE, Piscataway (2020)
Cousik, T.S., Shah, V.K., Erpek, T., Sagduyu, Y.E., Reed, J.H.: Deep learning for fast and reliable initial access in AI-driven 6G mmWave networks. ar**v:2101.01847 (2021)
Dong, Y., Liao, F., Pang, T., Su, H., Zhu, J., Hu, X., Li, J.: Boosting adversarial attacks with momentum. In: 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 9185–9193 (2018). https://doi.org/10.1109/CVPR.2018.00957
Feinman, R., Curtin, R.R., Shintre, S., Gardner, A.B.: Detecting adversarial samples from artifacts. ar**v:1703.00410 (2017)
Fernández Maimó, L., Perales Gómez, A.L., Garcia Clemente, F.J., Gil Pérez, M., Martínez Pérez, G.: A self-adaptive deep learning-based system for anomaly detection in 5G networks. IEEE Access 6, 7700–7712 (2018). https://doi.org/10.1109/ACCESS.2018.2803446
Forest, F., Lebbah, M., Azzag, H., Lacaille, J.: Deep embedded som: joint representation learning and self-organization. Reconstruction 500, 500 (2000)
Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. ar**v:1412.6572 (2015)
GSMA: Fs.31 - baseline security controls (2020)
GSMA: Fs.30 - security manual (2021)
Guo, C., Rana, M., Cisse, M., van der Maaten, L.: Countering adversarial images using input transformations. ar**v:1711.00117 (2018)
Guo, Q., Gu, R., Wang, Z., Zhao, T., Ji, Y., Kong, J., Gour, R., Jue, J.P.: Proactive dynamic network slicing with deep learning based short-term traffic prediction for 5G transport network. In: 2019 Optical Fiber Communications Conference and Exhibition (OFC), pp. 1–3 (2019)
Haidine, A., Salmam, F.Z., Aqqal, A., Dahbi, A.: Artificial intelligence and machine learning in 5G and beyond: a survey and perspectives. In: Moving Broadband Mobile Communications Forward: Intelligent Technologies for 5G and Beyond, p. 47 (2021)
**, H., Song, Q., Hu, X.: Auto-keras: An efficient neural architecture search system. In: Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 1946–1956 (2019)
Kim, B., Sagduyu, Y.E., Davaslioglu, K., Erpek, T., Ulukus, S.: Over-the-air adversarial attacks on deep learning based modulation classifier over wireless channels. ar**v:2002.02400 (2020)
Kim, B., Sagduyu, Y.E., Erpek, T., Davaslioglu, K., Ulukus, S.: Adversarial attacks with multiple antennas against deep learning-based modulation classifiers. ar**v:2007.16204 (2020)
Kim, B., Sagduyu, Y.E., Davaslioglu, K., Erpek, T., Ulukus, S.: Channel-aware adversarial attacks against deep learning-based wireless signal classifiers. ar**v:2005.05321 (2021)
Kim, B., Sagduyu, Y.E., Erpek, T., Ulukus, S.: Adversarial attacks on deep learning based mmwave beam prediction in 5G and beyond. ar**v:2103.13989 (2021)
Kim, B., Shi, Y., Sagduyu, Y.E., Erpek, T., Ulukus, S.: Adversarial attacks against deep learning based power control in wireless communications. ar**v:2109.08139 (2021)
Kohonen, T.: Self-Organizing Maps, vol. 30. Springer Science & Business Media, Cham (2012)
Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial examples in the physical world. ar**v:1607.02533 (2017)
Liu, Q., Guo, J., Wen, C.K., **, S.: Adversarial attack on DL-based massive MIMO CSI feedback. J. Commun. Netw. 22(3), 230–235 (2020). https://doi.org/10.1109/JCN.2020.000016
Lyu, W., Zhang, Z., Jiao, C., Qin, K., Zhang, H.: Performance evaluation of channel decoding with deep neural networks. In: 2018 IEEE International Conference on Communications (ICC), pp. 1–6 (2018). https://doi.org/10.1109/ICC.2018.8422289
Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. ar**v:1706.06083 (2019)
Manoj, B.R., Sadeghi, M., Larsson, E.G.: Adversarial attacks on deep learning based power allocation in a massive MIMO network. ar**v:2101.12090 (2021)
Masri, A., Veijalainen, T., Martikainen, H., Mwanje, S., Ali-Tolppa, J., Kajó, M.: Machine-learning-based predictive handover. In: 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 648–652 (2021)
Meng, D., Chen, H.: Magnet: a two-pronged defense against adversarial examples. ar**v:1705.09064 (2017)
Meng, F., Chen, P., Wu, L., Wang, X.: Automatic modulation classification: a deep learning enabled approach. IEEE Trans. Vehic. Technol. 67(11), 10760–10772 (2018). https://doi.org/10.1109/TVT.2018.2868698
Metzen, J.H., Genewein, T., Fischer, V., Bischoff, B.: On detecting adversarial perturbations. ar**v:1702.04267 (2017)
Minovski, D., Ogren, N., Ahlund, C., Mitra, K.: Throughput prediction using machine learning in LTE and 5G networks. IEEE Trans. Mob. Comput., 1–1 (2021). https://doi.org/10.1109/TMC.2021.3099397
Nicolae, M.I., Sinn, M., Tran, M.N., Buesser, B., Rawat, A., Wistuba, M., Zantedeschi, V., Baracaldo, N., Chen, B., Ludwig, H., Molloy, I.M., Edwards, B.: Adversarial robustness toolbox v1.0.0. ar**v:1807.01069 (2019)
O’Shea, T., West, N.: Radio machine learning dataset generation with GNU radio. Proc. GNU Radio Conf. 1(1) (2016). https://pubs.gnuradio.org/index.php/grcon/article/view/11
O’Shea, T.J., Corgan, J., Clancy, T.C.: Convolutional radio modulation recognition networks. In: International Conference on Engineering Applications of Neural Networks, pp. 213–226. Springer, Berlin (2016)
Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. ar**v:1511.07528 (2015)
Papernot, N., Faghri, F., Carlini, N., Goodfellow, I., Feinman, R., Kurakin, A., **e, C., Sharma, Y., Brown, T., Roy, A., et al.: Technical report on the cleverhans v2. 1.0 adversarial examples library. ar**v:1610.00768 (2016)
Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against machine learning. ar**v:1602.02697 (2017)
Pawlak, J., Li, Y., Price, J., Wright, M., Al Shamaileh, K., Niyaz, Q., Devabhaktuni, V.: A machine learning approach for detecting and classifying jamming attacks against OFDM-based uavs. In: Proceedings of the 3rd ACM Workshop on Wireless Security and Machine Learning, pp. 1–6 (2021)
Peng, S., Jiang, H., Wang, H., Alwageed, H., Yao, Y.D.: Modulation classification using convolutional neural network based deep learning model. In: 2017 26th Wireless and Optical Communication Conference (WOCC), pp. 1–5 (2017). https://doi.org/10.1109/WOCC.2017.7929000
Peng, B., Seco-Granados, G., Steinmetz, E., Fröhle, M., Wymeersch, H.: Decentralized scheduling for cooperative localization with deep reinforcement learning. IEEE Trans. Vehic. Technol. 68(5), 4295–4305 (2019). https://doi.org/10.1109/TVT.2019.2913695
Rauber, J., Brendel, W., Bethge, M.: Foolbox: A python toolbox to benchmark the robustness of machine learning models. ar**v:1707.04131 (2018)
Ross, A.S., Doshi-Velez, F.: Improving the adversarial robustness and interpretability of deep neural networks by regularizing their input gradients. ar**v:1711.09404 (2017)
Ruff, L., Vandermeulen, R., Goernitz, N., Deecke, L., Siddiqui, S.A., Binder, A., Müller, E., Kloft, M.: Deep one-class classification. In: International Conference on Machine Learning, pp. 4393–4402. PMLR (2018)
Sadeghi, M., Larsson, E.G.: Physical adversarial attacks against end-to-end autoencoder communication systems. ar**v:1902.08391 (2019)
Safari, M.S., Pourahmadi, V., Sodagari, S.: Deep UL2DL: data-driven channel knowledge transfer from uplink to downlink. IEEE Open J.f Vehic. Technol. 1, 29–44 (2020). https://doi.org/10.1109/OJVT.2019.2962631
Sagduyu, Y.E., Erpek, T., Shi, Y.: Adversarial machine learning for 5G communications security. ar**v:2101.02656 (2021)
Sanguinetti, L., Zappone, A., Debbah, M.: Deep learning power allocation in massive MIMO. ar**v:1812.03640 (2019)
Schwarzmann, S., Marquezan, C.C., Trivisonno, R., Nakajima, S., Zinner, T.: Accuracy vs. cost trade-off for machine learning based QoE estimation in 5G networks. In: ICC 2020 - 2020 IEEE International Conference on Communications (ICC), pp. 1–6 (2020). https://doi.org/10.1109/ICC40277.2020.9148685
Shi, Y., Sagduyu, Y.E.: Adversarial machine learning for flooding attacks on 5G radio access network slicing. ar**v:2101.08724 (2021)
Shi, Y., Sagduyu, Y.E., Erpek, T.: Reinforcement learning for dynamic resource optimization in 5G radio access network slicing. In: 2020 IEEE 25th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), pp. 1–6 (2020). https://doi.org/10.1109/CAMAD50429.2020.9209299
Shi, Y., Sagduyu, Y.E., Erpek, T., Gursoy, M.C.: How to attack and defend 5G radio access network slicing with reinforcement learning. ar**v:2101.05768 (2021)
Snoek, J., Larochelle, H., Adams, R.P.: Practical bayesian optimization of machine learning algorithms. In: Advances in Neural Information Processing Systems, vol. 25 (2012)
Sotgiu, A., Demontis, A., Melis, M., Biggio, B., Fumera, G., Feng, X., Roli, F.: Deep neural rejection against adversarial examples. ar**v:1910.00470 (2020)
Steinhardt, J., Koh, P.W., Liang, P.: Certified defenses for data poisoning attacks. ar**v:1706.03691 (2017)
Sun, H., Chen, X., Shi, Q., Hong, M., Fu, X., Sidiropoulos, n.d.: Learning to optimize: training deep neural networks for interference management. IEEE Trans. Signal Process. 66(20), 5438–5453 (2018). https://doi.org/10.1109/TSP.2018.2866382
Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., Fergus, R.: Intriguing properties of neural networks. ar**v:1312.6199 (2014)
Szegedy, C., Vanhoucke, V., Ioffe, S., Shlens, J., Wojna, Z.: Rethinking the inception architecture for computer vision. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2818–2826 (2016)
Uesato, J., O’Donoghue, B., van den Oord, A., Kohli, P.: Adversarial risk and the dangers of evaluating against weak attacks. ar**v:1802.05666 (2018)
Usama, M., Mitra, R.N., Ilahi, I., Qadir, J., Marina, M.K.: Examining machine learning for 5G and beyond through an adversarial lens. ar**v:2009.02473 (2020)
Wang, F., Gursoy, M.C., Velipasalar, S.: Adversarial reinforcement learning in dynamic channel access and power control. ar**v:2105.05817 (2021)
Wang, H., Miller, D.J., Kesidis, G.: Anomaly detection of adversarial examples using class-conditional generative adversarial networks. Comput. Secur. 124, 102956 (2023)
Wen, C.K., Shih, W.T., **, S.: Deep learning for massive MIMO CSI feedback. IEEE Wirel. Commun. Lett. 7(5), 748–751 (2018). https://doi.org/10.1109/LWC.2018.2818160
Xu, W., Evans, D., Qi, Y.: Feature squeezing: Detecting adversarial examples in deep neural networks. In: Proceedings 2018 Network and Distributed System Security Symposium (2018). https://doi.org/10.14722/ndss.2018.23198.
Zantedeschi, V., Nicolae, M.I., Rawat, A.: Efficient Defenses Against Adversarial Attacks, pp. 39–49. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3128572.3140449
Zolotukhin, M., Miraghaei, P., Zhang, D., Hämäläinen, T.: On assessing vulnerabilities of the 5G networks to adversarial examples. IEEE Access 10, 126285–126303 (2022)
Zolotukhin, M., Miraghaie, P., Zhang, D., Hämäläinen, T., Ke, W., Dunderfelt, M.: Black-box adversarial examples against intelligent beamforming in 5G networks. In: 2022 IEEE Conference on Standards for Communications and Networking (CSCN), pp. 64–70. IEEE, Piscataway (2022)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Zolotukhin, M., Zhang, D., Hämäläinen, T. (2024). On Protection of the Next-Generation Mobile Networks Against Adversarial Examples. In: Sipola, T., Alatalo, J., Wolfmayr, M., Kokkonen, T. (eds) Artificial Intelligence for Security. Springer, Cham. https://doi.org/10.1007/978-3-031-57452-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-57452-8_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57451-1
Online ISBN: 978-3-031-57452-8
eBook Packages: Computer ScienceComputer Science (R0)