Robust Adversarial Attack Detection

Background

The transition to 5G and 6G networks has led to a widespread adoption of machine learning (ML) for critical functions like modulation classification, channel estimation, resource management, and spectrum sensing. While ML has enhanced operational efficiency, it has simultaneously expanded the attack surface for adversarial ML at the Physical Layer (PHY), for example, from Generative Adversarial Networks (GANs). While techniques like radio frequency (RF) fingerprinting have emerged as a PHY-level authentication method based on hardware-induced signal traits (such as in-phase/quadrature (I/Q) imbalance and error vector magnitude), GANs can synthesize RF signals to mimic legitimate hardware-induced features up to 95% similarity. This is close enough to evade most detection schemes. Existing defenses to GANs based on convolutional neural networks, deep neural networks, supervised retraining, and/or heuristics do not generalize well across different modulations, protocols, channel conditions, or unseen attack types. Autoencoder and reconstruction-based approaches are often limited to clean reference signals, which are not always available in dynamic wireless environments. While GANs are excellent at mimicking low-order statistics (mean/variance), they fail to replicate complex signal structures.

Technology Description

To help address these challenges in security against adversarial attacks (e.g., GANs), researchers at UC Santa Cruz (UCSC) have developed a new approach to detection using higher-order moments, especially third-order and fourth-order statistics. Recognizing that GANs are typically optimized to minimize divergence in low-order properties, the UCSC methods extract features of order three (skewness) or higher (kurtosis) from baseband I/Q signal samples, rather than relying primarily on raw I/Q samples or low-order statistics. In turn, this enables a broader statistical signature than conventional approaches, by pulling features from multiple domains, including time, frequency (via Short-Time Fourier Transform), and/or bispectrum. The UCSC technology leverages such multi-branch neural networks (or other lightweight threshold-based) to intelligently fuse these multi-domain features. This enables protocol-agnostic and model-agnostic detection without requiring prior knowledge of the specific attack type or modulation scheme.

Applications

• 5G/6G network infrastructure
• IoT device systems/software
• autonomous vehicle communication / V2X

Features/Benefits

• Improved fingerprint reliability by exploiting the inherent mathematical inability of GANs to preserve third and fourth-order moments.
• Computationally efficient for edge devices by employing lightweight statistical calculations and training-free detection.
• Potential for fast deployment through deviation-based (anomaly detection) approach; lowers data needs for zero-day attacks.

Related Materials