Harnessing the Adversarial Perturbation to Enhance Security in the Autoencoder-Based Communication System
Abstract
:1. Introduction
- (1)
- Two communication scenarios: An anti-attacking communication system and an anti-eavesdropping communication system are considered to study the security performance of the autoencoder based wireless communication.
- (2)
- For the anti-attacking communication system, where a malicious jammer transmits adversarial perturbation signal to attack the legitimate receiver, the adversarial training method [11] is used to defend the adversarial attacks from the sneaky jammer. The simulation results show that active adversarial attack from the jammer increase the BLER of the legitimate receiver very slightly, no matter if the autoencoder structure of the jammer is the same as that of the legitimate receiver.
- (3)
- In the anti-eavesdropping end-to-end autoencoder communication system with a FD receiver and a passive eavesdropper, adversarial training method is also adopted to defend the self-perturbation from the loop-back channel at the legitimate receiver. Simulation results show that the BLER of the eavesdropper is increased by orders of magnitude, while the BLER of the legitimate receiver is almost unchanged.
2. Related Work
3. System Model
4. Adversarial Attack and Adversarial Training
4.1. Adversarial Attack
Algorithm 1 Design Shift-Invariant Perturbations [10] | |
1: | Using the substitute network, generate adversarial perturbations using FGSM. |
2: | Calculate the BLER of a randomly shifted version of each of the perturbations on the substitute network. |
3: | Select the first t perturbations associated with the least BLERs. Denote them as . |
4: | Set . |
5: | Calculate the SVD of P norm as . |
6: | Select the first column of as the candidate shift-invariant perturbation, i.e., . |
4.2. Adversarial Training
Algorithm 2 The process of adversarial training |
The training set is |
The size of the clean examples is , the size of the adversarial examples is , and the size of the training mini-batch is |
1: Use the parameters of the trained model to initialize the network to be trained. |
2: Shuffle the training set. |
3: repeat: |
4: Read mini-batch from the training set. |
5: Do one-step training to update weights and bias parameters with Adam optimizer. |
6: until the trained-model is converged. |
5. Numerical Results
6. Conclusions
Author Contributions
Funding
Conflicts of Interest
References
- Qin, Z.; Ye, H.; Li, G.Y.; Juang, B.F. Deep learning in physical layer communications. IEEE Wirel. Commun. 2019, 26, 93–99. [Google Scholar] [CrossRef] [Green Version]
- O’Shea, T.; Hoydis, J. An introduction to deep learning for the physical layer. IEEE Trans. Cogn. Commun. Netw. 2017, 3, 563–575. [Google Scholar] [CrossRef] [Green Version]
- Mukherjee, A.; Fakoorian, S.A.; Huang, J.; Swindlehurst, A.L. Principles of physical layer security in multiuser wireless networks: A survey. IEEE Commun. Surv. Tuts. 2014, 16, 1550–1573. [Google Scholar] [CrossRef] [Green Version]
- Wyner, A.D. The wire-tap channel. Bell Syst. Tech. J. 1975, 54, 1355–1387. [Google Scholar] [CrossRef]
- Akhtar, N.; Mian, A. Threat of adversarial attacks on deep learning in computer vision: A survey. IEEE Access 2018, 6, 14410–14430. [Google Scholar] [CrossRef]
- Goodfellow, I.J.; Shlens, J.; Szegedy, C. Explaining and harnessing adversarial examples. Available online: https://arxiv.org/abs/1412.6572 (accessed on 20 February 2019).
- Moosavi-Dezfooli, S.M.; Fawzi, A.; Frossard, P. DeepFool: A simple and accurate method to fool deep neural networks. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, NV, USA, 26 June–1 July 2016; pp. 2574–2582. [Google Scholar]
- Moosavi-Dezfooli, S.M.; Fawzi, A.; Frossard, P. Universal adversarial perturbations. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Honolulu, HI, USA, 21–26 July 2017; pp. 86–94. [Google Scholar]
- Sadeghi, M.; Larsson, E.G. Adversarial attacks on deep-learning based radio signal classification. IEEE Trans. Wirel. Commun. 2019, 8, 213–216. [Google Scholar] [CrossRef] [Green Version]
- Sadeghi, M.; Larsson, E.G. Physical adversarial attacks against end-to-end autoencoder communication systems. IEEE Commun. Lett. 2019, 23, 847–850. [Google Scholar] [CrossRef] [Green Version]
- Kurakin, A.; Goodfellow, I.; Bengio, S. Adversarial machine learning at scale. In Proceedings of the ICLR, Toulon, France, 24–26 April 2017. [Google Scholar]
- He, H.; Jin, S.; Wen, C.; Gao, F.; Li, G.Y.; Xu, Z. Model-driven deep learning for physical layer communications. IEEE Wirel. Commun. 2019, 26, 77–83. [Google Scholar] [CrossRef] [Green Version]
- West, N.E.; O’Shea, T. Deep architectures for modulation recognition. In Proceedings of the DySPAN, Piscataway, NJ, USA, 6–9 March 2017; pp. 1–6. [Google Scholar]
- Ye, H.G.; Li, Y.; Juang, B. Power of deep learning for channel estimation and signal detection in OFDM systems. IEEE Trans. Wirel. Commun. 2018, 7, 114–117. [Google Scholar] [CrossRef]
- Soltani, M.; Pourahmadi, V.; Mirzaei, A.; Sheikhzadeh, H. Deep learning-based channel estimation. IEEE Commun. Lett. 2019, 23, 652–655. [Google Scholar] [CrossRef] [Green Version]
- He, H.; Wen, C.-K.; Jin, S.; Li, G.Y. Deep learning-based channel estimation for beamspace mmWave massive MIMO systems. IEEE Wireless Commun. Lett. 2018, 7, 852–855. [Google Scholar] [CrossRef] [Green Version]
- Gruber, T.; Cammerer, S.; Hoydis, J.; Brink, S.T. On deep learning-based channel decoding. In Proceedings of the 51st Annual Conference on Information Sciences and Systems (CISS), Baltimore, MD, USA, 22–24 March 2017; pp. 1–6. [Google Scholar]
- Nachmani, E.; Marciano, E.; Lugosch, L.; Gross, W.J.; Burshtein, D. Deep learning methods for improved decoding of linear codes. IEEE J. Sel. Top. Signal Process. 2018, 12, 119–131. [Google Scholar] [CrossRef] [Green Version]
- Ye, H.; Liang, L.; Li, G.Y. Deep learning based end-to-end wireless communication systems with conditional GAN as unknown channel. arXiv 2019, arXiv:1903.02551. Available online: https://arxiv.org/abs/1903.02551v1 (accessed on 10 April 2019). [CrossRef] [Green Version]
- Dörner, S.; Cammerer, S.; Hoydis, J.; Brink, S.T. Deep learning based communication over the air. IEEE J. Sel. Top. Signal Process. 2018, 12, 132–143. [Google Scholar] [CrossRef] [Green Version]
- Shiu, Y.S.; Chang, S.Y.; Wu, H.C.; Huang, C.H.; Chen, H.H. Physical layer security in wireless networks: A tutorial. IEEE Wirel. Commun. 2011, 18, 66–74. [Google Scholar] [CrossRef]
- Fang, S.; Liu, Y.; Ning, P. Wireless communications under broadband reactive jamming attacks. IEEE Trans. Dependable Secur. Comput. 2015, 13, 394–408. [Google Scholar] [CrossRef]
- Ng, D.W.K.; Lo, E.S.; Schober, R. Robust beamforming for secure communication in systems with wireless information and power transfer. IEEE Trans. Wirel. Commun. 2014, 13, 4599–4615. [Google Scholar] [CrossRef] [Green Version]
- Chen, G.; Gong, Y.; Xiao, P.; Chambers, J.A. Physical layer network security in the full-duplex relay system. IEEE Trans. Inf. Forensics Secur. 2015, 10, 574–583. [Google Scholar] [CrossRef] [Green Version]
- Ouyang, N.; Jiang, X.Q.; Bai, E.; Wang, H.M. Destination assisted jamming and beamforming for improving the security of AF relay systems. IEEE Access 2017, 5, 4125–4131. [Google Scholar] [CrossRef]
- Zheng, G.; Krikidis, I.; Li, J.; Petropulu, A.P.; Ottersten, B. Improving physical layer secrecy using full-duplex jamming receivers. IEEE Trans. Signal Process. 2013, 61, 4962–4974. [Google Scholar] [CrossRef] [Green Version]
- Fritschek, R.; Schaefer, R.F.; Wunder, G. Deep learning for the Gaussian wiretap channel. In Proceedings of the IEEE International Conference on Communications (ICC), Shanghai, China, 20–24 May 2019; pp. 1–6. [Google Scholar]
DNN Autoencoder | CNN Autoencoder | |||
---|---|---|---|---|
Block Name | Layer Name | Output Dim. | Layer Name | Output Dim. |
Encoder | Input | M | Input | M |
Dense + eLU | M | Dense + eLU | M | |
Dense + Linear | 2N | Conv1d + Flattening | ||
Normalization | 2N | Dense + Linear | 2N | |
Normalization | 2N | |||
Channel | Noise (+Perturbaton) | 2N | Noise (+Perturbaton) | 2N |
Decoder | Dense + ReLU | M | Conv2d | |
Dense + Softmax | M | Conv2d + Flattening | ||
Dense + Softmax | 2M | |||
Dense + ReLU | M |
Variables | Name |
---|---|
the transmit signal | |
the received signal at the legitimate receiver or eavesdropper | |
the perturbation signal | |
the AWGN of the channel | |
the message set | |
the message to be transmitted | |
() | the estimated message at Bob (Eve) |
adversarial example | |
clean example |
© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Deng, Z.; Sang, Q. Harnessing the Adversarial Perturbation to Enhance Security in the Autoencoder-Based Communication System. Electronics 2020, 9, 294. https://doi.org/10.3390/electronics9020294
Deng Z, Sang Q. Harnessing the Adversarial Perturbation to Enhance Security in the Autoencoder-Based Communication System. Electronics. 2020; 9(2):294. https://doi.org/10.3390/electronics9020294
Chicago/Turabian StyleDeng, Zhixiang, and Qian Sang. 2020. "Harnessing the Adversarial Perturbation to Enhance Security in the Autoencoder-Based Communication System" Electronics 9, no. 2: 294. https://doi.org/10.3390/electronics9020294
APA StyleDeng, Z., & Sang, Q. (2020). Harnessing the Adversarial Perturbation to Enhance Security in the Autoencoder-Based Communication System. Electronics, 9(2), 294. https://doi.org/10.3390/electronics9020294