This paper presents a game-theoretic framework to study the interactions of attack and defense for deep learning-based NextG signal classification. NextG systems such as the one envisioned for a massive number of IoT devices can employ deep neural networks (DNNs) for various tasks such as user equipment identification, physical layer authentication, and detection of incumbent users (such as in the Citizens Broadband Radio Service (CBRS) band). By training another DNN as the surrogate model, an adversary can launch an inference (exploratory) attack to learn the behavior of the victim model, predict successful operation modes (e.g., channel access), and jam them. A defense mechanism can increase the adversary's uncertainty by introducing controlled errors in the victim model's decisions (i.e., poisoning the adversary's training data). This defense is effective against an attack but reduces the performance when there is no attack. The interactions between the defender and the adversary are formulated as a non-cooperative game, where the defender selects the probability of defending or the defense level itself (i.e., the ratio of falsified decisions) and the adversary selects the probability of attacking. The defender's objective is to maximize its reward (e.g., throughput or transmission success ratio), whereas the adversary's objective is to minimize this reward and its attack cost. The Nash equilibrium strategies are determined as operation modes such that no player can unilaterally improve its utility given the other's strategy is fixed. A fictitious play is formulated for each player to play the game repeatedly in response to the empirical frequency of the opponent's actions. The performance in Nash equilibrium is compared to the fixed attack and defense cases, and the resilience of NextG signal classification against attacks is quantified.
翻译:本文提供了一个游戏理论框架, 用于研究攻击和防御的相互作用, 用于深层次学习基于 NextG 的 NextG 信号分类 。 下一个G 系统, 例如为大量 IoT 设备设想的系统, 可以使用深心神经网络( DNNS ) 来完成各种任务, 比如用户设备识别、 物理层认证和检测当前用户( 如公民宽带无线电服务( CBRS ) 频段 ) 。 通过将另一个 DNN 培训为代理模型, 对手可以启动一种推论( 试探) 攻击来学习受害者模式的行为, 预测成功的操作模式( 例如, 频道访问) 并干扰它们。 一个防御机制可以引入控制性错误来增加对手的不确定性, 用于受害者模式决定( 毒害对手培训数据 数据) 。 这种防御是针对攻击的, 但是在没有攻击时降低性。 辩护人和对手之间的相互作用被发展成为非协作游戏, 由辩护人选择捍卫人自身或防御等级的概率 。 ( 例如, 校正决定 游戏中的游戏的比 ) 其游戏的游戏的游戏比 。 和战斗的概率比 。