Kim Brian, Sagduyu Yalin, Davaslioglu Kemal, Erpek Tugba, Ulukus Sennur
Department of Electrical and Computer Engineering, University of Maryland, College Park, MD 20742, USA.
Virginia Tech, National Security Institute, Arlington, VA 24061, USA.
Entropy (Basel). 2022 Jul 29;24(8):1047. doi: 10.3390/e24081047.
This paper studies the privacy of wireless communications from an eavesdropper that employs a deep learning (DL) classifier to detect transmissions of interest. There exists one transmitter that transmits to its receiver in the presence of an eavesdropper. In the meantime, a cooperative jammer (CJ) with multiple antennas transmits carefully crafted adversarial perturbations over the air to fool the eavesdropper into classifying the received superposition of signals as noise. While generating the adversarial perturbation at the CJ, multiple antennas are utilized to improve the attack performance in terms of fooling the eavesdropper. Two main points are considered while exploiting the multiple antennas at the adversary, namely the power allocation among antennas and the utilization of channel diversity. To limit the impact on the bit error rate (BER) at the receiver, the CJ puts an upper bound on the strength of the perturbation signal. Performance results show that this adversarial perturbation causes the eavesdropper to misclassify the received signals as noise with a high probability while increasing the BER at the legitimate receiver only slightly. Furthermore, the adversarial perturbation is shown to become more effective when multiple antennas are utilized.
本文研究了无线通信的隐私问题,针对的是一个窃听者,该窃听者采用深度学习(DL)分类器来检测感兴趣的传输。存在一个发射机在有窃听者的情况下向其接收机进行传输。与此同时,一个具有多个天线的协作干扰器(CJ)在空中传输精心设计的对抗性扰动,以使窃听者将接收到的信号叠加误分类为噪声。在CJ处生成对抗性扰动时,利用多个天线来提高在欺骗窃听者方面的攻击性能。在敌手利用多个天线时考虑了两个要点,即天线之间的功率分配和信道分集的利用。为了限制对接收机处误码率(BER)的影响,CJ对扰动信号的强度设置了上限。性能结果表明,这种对抗性扰动会使窃听者以高概率将接收到的信号误分类为噪声,同时仅略微增加合法接收机处的BER。此外,当使用多个天线时,对抗性扰动会变得更有效。
