We consider adversarial machine learning based attacks on power allocation where the base station (BS) allocates its transmit power to multiple orthogonal subcarriers by using a deep neural network (DNN) to serve multiple user equipments (UEs). The DNN that corresponds to a regression model is trained with channel gains as the input and allocated transmit powers as the output. While the BS allocates the transmit power to the UEs to maximize rates for all UEs, there is an adversary that aims to minimize these rates. The adversary may be an external transmitter that aims to manipulate the inputs to the DNN by interfering with the pilot signals that are transmitted to measure the channel gain. Alternatively, the adversary may be a rogue UE that transmits fabricated channel estimates to the BS. In both cases, the adversary carefully crafts adversarial perturbations to manipulate the inputs to the DNN of the BS subject to an upper bound on the strengths of these perturbations. We consider the attacks targeted on a single UE or all UEs. We compare these attacks with a benchmark, where the adversary scales down the input to the DNN. We show that adversarial attacks are much more effective than the benchmark attack in terms of reducing the rate of communications. We also show that adversarial attacks are robust to the uncertainty at the adversary including the erroneous knowledge of channel gains and the potential errors in exercising the attacks exactly as specified.
翻译:我们认为,在基站(BS)通过使用深神经网络(DNN)为多个用户设备(UES)向多个正方位子载体输送能量的情况下,对基于权力分配的对抗性机器学习攻击,而基地站(BS)通过使用深神经网络(DNN)为多个正方位子载体配置能量,为多个用户设备(UES)提供服务。与回归模型相对的DNNN培训以频道增益作为输入和分配传输输出力。虽然BS将输电的权力分配给Ues,以最大限度地提高所有Ues的电速率,但有一个对手旨在最大限度地降低这些速率。对手可能是外部发射者,目的是通过干扰为测量频道收益而传送的试点信号来操纵对DNNN的输入。或者,对手可能是将编造频道估计数传送给BS的流氓UE。在这两起案件中,对手精心编造型的对调,操纵向BSDNP的输入量,但以这些冲击的强度为上限。我们认为,攻击针对单一UE或所有UIS。我们将这些攻击与基准比较这些攻击与基准,在攻击中的具体攻击规模上,将攻击的反向DNNNNC攻击的进度中输入率率也显示,我们展示了对战力攻击的精确度攻击率攻击率。
相关内容
微信扫码咨询专知VIP会员