Defending Adversarial Attacks on Deep Learning-Based Power Allocation in Massive MIMO Using Denoising Autoencoders

Rajeev Sahay; Minjun Zhang; David J. Love; Christopher G. Brinton

doi:10.1109/TCCN.2023.3261307

Defending Adversarial Attacks on Deep Learning-Based Power Allocation in Massive MIMO Using Denoising Autoencoders

Rajeev Sahay, Minjun Zhang, David J. Love, Christopher G. Brinton

Research output: Contribution to journal › Article › peer-review

Abstract

Recent work has advocated for the use of deep learning to perform power allocation in the downlink of massive MIMO (maMIMO) networks. Yet, such deep learning models are vulnerable to adversarial attacks. In the context of maMIMO power allocation, adversarial attacks refer to the injection of subtle perturbations into the deep learning model's input, during inference (i.e., the adversarial perturbation is injected into inputs during deployment after the model has been trained) that are specifically crafted to force the trained regression model to output an infeasible power allocation solution. In this work, we develop an autoencoder-based mitigation technique, which allows deep learning-based power allocation models to operate in the presence of adversaries without requiring retraining. Specifically, we develop a denoising autoencoder (DAE), which learns a mapping between potentially perturbed data and its corresponding unperturbed input. We test our defense across multiple attacks and in multiple threat models and demonstrate its ability to (i) mitigate the effects of adversarial attacks on power allocation networks using two common precoding schemes, (ii) outperform previously proposed benchmarks for mitigating regression-based adversarial attacks on maMIMO networks, (iii) retain accurate performance in the absence of an attack, and (iv) operate with low computational overhead. Code is publicly available at https://github.com/Jess-jpg-txt/DAE_for_adv_attacks_in_MIMO.

Original language	English (US)
Pages (from-to)	913-926
Number of pages	14
Journal	IEEE Transactions on Cognitive Communications and Networking
Volume	9
Issue number	4
DOIs	https://doi.org/10.1109/TCCN.2023.3261307
State	Published - Aug 1 2023
Externally published	Yes

All Science Journal Classification (ASJC) codes

Artificial Intelligence
Hardware and Architecture
Computer Networks and Communications

Keywords

Adversarial attacks
deep learning
denoising autoencoder
massive MIMO
wireless security

Access to Document

10.1109/TCCN.2023.3261307

Cite this

@article{3f6f3abe622f46bea989b47ebeb8c539,

title = "Defending Adversarial Attacks on Deep Learning-Based Power Allocation in Massive MIMO Using Denoising Autoencoders",

abstract = "Recent work has advocated for the use of deep learning to perform power allocation in the downlink of massive MIMO (maMIMO) networks. Yet, such deep learning models are vulnerable to adversarial attacks. In the context of maMIMO power allocation, adversarial attacks refer to the injection of subtle perturbations into the deep learning model's input, during inference (i.e., the adversarial perturbation is injected into inputs during deployment after the model has been trained) that are specifically crafted to force the trained regression model to output an infeasible power allocation solution. In this work, we develop an autoencoder-based mitigation technique, which allows deep learning-based power allocation models to operate in the presence of adversaries without requiring retraining. Specifically, we develop a denoising autoencoder (DAE), which learns a mapping between potentially perturbed data and its corresponding unperturbed input. We test our defense across multiple attacks and in multiple threat models and demonstrate its ability to (i) mitigate the effects of adversarial attacks on power allocation networks using two common precoding schemes, (ii) outperform previously proposed benchmarks for mitigating regression-based adversarial attacks on maMIMO networks, (iii) retain accurate performance in the absence of an attack, and (iv) operate with low computational overhead. Code is publicly available at https://github.com/Jess-jpg-txt/DAE_for_adv_attacks_in_MIMO.",

keywords = "Adversarial attacks, deep learning, denoising autoencoder, massive MIMO, wireless security",

author = "Rajeev Sahay and Minjun Zhang and Love, {David J.} and Brinton, {Christopher G.}",

note = "Funding Information: This work was supported in part by the Office of Naval Research (ONR) under grants N00014-21-1-2472 and N00014-22-1-2305, in part by the National Science Foundation (NSF) under grants CNS-2146171, EEC-1941529, CNS-2225577, and CNS-2212565, and in part by the Defense Advanced Research Projects Agency (DARPA) under grant D22AP00168-00. The associate editor coordinating the review of this article and approving it for publication was Z. Xiao. Publisher Copyright: {\textcopyright} 2015 IEEE.",

year = "2023",

month = aug,

day = "1",

doi = "10.1109/TCCN.2023.3261307",

language = "English (US)",

volume = "9",

pages = "913--926",

journal = "IEEE Transactions on Cognitive Communications and Networking",

issn = "2332-7731",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "4",

}

TY - JOUR

T1 - Defending Adversarial Attacks on Deep Learning-Based Power Allocation in Massive MIMO Using Denoising Autoencoders

AU - Sahay, Rajeev

AU - Zhang, Minjun

AU - Love, David J.

AU - Brinton, Christopher G.

N1 - Funding Information: This work was supported in part by the Office of Naval Research (ONR) under grants N00014-21-1-2472 and N00014-22-1-2305, in part by the National Science Foundation (NSF) under grants CNS-2146171, EEC-1941529, CNS-2225577, and CNS-2212565, and in part by the Defense Advanced Research Projects Agency (DARPA) under grant D22AP00168-00. The associate editor coordinating the review of this article and approving it for publication was Z. Xiao. Publisher Copyright: © 2015 IEEE.

PY - 2023/8/1

Y1 - 2023/8/1

N2 - Recent work has advocated for the use of deep learning to perform power allocation in the downlink of massive MIMO (maMIMO) networks. Yet, such deep learning models are vulnerable to adversarial attacks. In the context of maMIMO power allocation, adversarial attacks refer to the injection of subtle perturbations into the deep learning model's input, during inference (i.e., the adversarial perturbation is injected into inputs during deployment after the model has been trained) that are specifically crafted to force the trained regression model to output an infeasible power allocation solution. In this work, we develop an autoencoder-based mitigation technique, which allows deep learning-based power allocation models to operate in the presence of adversaries without requiring retraining. Specifically, we develop a denoising autoencoder (DAE), which learns a mapping between potentially perturbed data and its corresponding unperturbed input. We test our defense across multiple attacks and in multiple threat models and demonstrate its ability to (i) mitigate the effects of adversarial attacks on power allocation networks using two common precoding schemes, (ii) outperform previously proposed benchmarks for mitigating regression-based adversarial attacks on maMIMO networks, (iii) retain accurate performance in the absence of an attack, and (iv) operate with low computational overhead. Code is publicly available at https://github.com/Jess-jpg-txt/DAE_for_adv_attacks_in_MIMO.

AB - Recent work has advocated for the use of deep learning to perform power allocation in the downlink of massive MIMO (maMIMO) networks. Yet, such deep learning models are vulnerable to adversarial attacks. In the context of maMIMO power allocation, adversarial attacks refer to the injection of subtle perturbations into the deep learning model's input, during inference (i.e., the adversarial perturbation is injected into inputs during deployment after the model has been trained) that are specifically crafted to force the trained regression model to output an infeasible power allocation solution. In this work, we develop an autoencoder-based mitigation technique, which allows deep learning-based power allocation models to operate in the presence of adversaries without requiring retraining. Specifically, we develop a denoising autoencoder (DAE), which learns a mapping between potentially perturbed data and its corresponding unperturbed input. We test our defense across multiple attacks and in multiple threat models and demonstrate its ability to (i) mitigate the effects of adversarial attacks on power allocation networks using two common precoding schemes, (ii) outperform previously proposed benchmarks for mitigating regression-based adversarial attacks on maMIMO networks, (iii) retain accurate performance in the absence of an attack, and (iv) operate with low computational overhead. Code is publicly available at https://github.com/Jess-jpg-txt/DAE_for_adv_attacks_in_MIMO.

KW - Adversarial attacks

KW - deep learning

KW - denoising autoencoder

KW - massive MIMO

KW - wireless security

UR - http://www.scopus.com/inward/record.url?scp=85151551214&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85151551214&partnerID=8YFLogxK

U2 - 10.1109/TCCN.2023.3261307

DO - 10.1109/TCCN.2023.3261307

M3 - Article

AN - SCOPUS:85151551214

SN - 2332-7731

VL - 9

SP - 913

EP - 926

JO - IEEE Transactions on Cognitive Communications and Networking

JF - IEEE Transactions on Cognitive Communications and Networking

IS - 4

ER -

Defending Adversarial Attacks on Deep Learning-Based Power Allocation in Massive MIMO Using Denoising Autoencoders

Abstract

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this