We consider adversarial machine learning based attacks on power allocation where the base station (BS) allocates its transmit power to multiple orthogonal subcarriers by using a deep neural network (DNN) to serve multiple user equipments (UEs). The DNN that corresponds to a regression model is trained with channel gains as the input and returns transmit powers as the output. While the BS allocates the transmit powers to the UEs to maximize rates for all UEs, there is an adversary that aims to minimize these rates. The adversary may be an external transmitter that aims to manipulate the inputs to the DNN by interfering with the pilot signals that are transmitted to measure the channel gain. Alternatively, the adversary may be a rogue UE that transmits fabricated channel estimates to the BS. In both cases, the adversary carefully crafts adversarial perturbations to manipulate the inputs to the DNN of the BS subject to an upper bound on the strengths of these perturbations. We consider the attacks targeted on a single UE or all UEs. We compare these attacks with a benchmark, where the adversary scales down the input to the DNN. We show that the adversarial attacks are much more effective than the benchmark attack in terms of reducing the rate of communications. We also show that adversarial attacks are robust to the uncertainty at the adversary including the erroneous knowledge of channel gains and the potential errors in exercising the attacks exactly as specified.
翻译:我们认为,在基站(BS)通过使用深神经网络(DNN)为多个用户设备(UES)而向多个正方位子载体分配电源时,基于对立的机器学习对权力分配的攻击,而基站(BS)通过使用深神经网络(DNN)为多个正方位子载体配置电源,为多个用户设备(UES)提供服务。与回归模型相对的DNNN可能是经过频道增益的训练,作为输入和返回输出的动力。虽然BS将传输权力分配给Ues,以最大限度地提高所有Ues的电速率,但有一个对手旨在最大限度地降低这些速率。对手可能是外部发射者,目的是通过干扰为测量频道收益而传送的试点信号来操纵对DNNN的输入。 或者,对手可能是将编造频道估计数传送给BS。在这两种情况下,对手小心地编造反,操纵向BSDNU公司D的电路输入,但以这些扰动的强势为最高约束。我们认为,针对单一UE或所有UE的攻击目标的攻击目标是一个目标的攻击。我们将这些攻击与基准比较这些攻击和基准,我们将这些攻击比攻击中攻击的反向DNNNNNP攻击的准标标标标标的进率的进率在攻击率上显示了对准率攻击率攻击率的进攻中,我们方攻击的进攻率是更精确攻击率。
相关内容
微信扫码咨询专知VIP会员