Defending Adversarial Attacks on Deep Learning-Based Power Allocation in Massive MIMO Using Denoising Autoencoders

Rajeev Sahay, Minjun Zhang, David J. Love, Christopher G. Brinton

Research output: Contribution to journalArticlepeer-review

3 Scopus citations

Abstract

Recent work has advocated for the use of deep learning to perform power allocation in the downlink of massive MIMO (maMIMO) networks. Yet, such deep learning models are vulnerable to adversarial attacks. In the context of maMIMO power allocation, adversarial attacks refer to the injection of subtle perturbations into the deep learning model's input, during inference (i.e., the adversarial perturbation is injected into inputs during deployment after the model has been trained) that are specifically crafted to force the trained regression model to output an infeasible power allocation solution. In this work, we develop an autoencoder-based mitigation technique, which allows deep learning-based power allocation models to operate in the presence of adversaries without requiring retraining. Specifically, we develop a denoising autoencoder (DAE), which learns a mapping between potentially perturbed data and its corresponding unperturbed input. We test our defense across multiple attacks and in multiple threat models and demonstrate its ability to (i) mitigate the effects of adversarial attacks on power allocation networks using two common precoding schemes, (ii) outperform previously proposed benchmarks for mitigating regression-based adversarial attacks on maMIMO networks, (iii) retain accurate performance in the absence of an attack, and (iv) operate with low computational overhead. Code is publicly available at https://github.com/Jess-jpg-txt/DAE_for_adv_attacks_in_MIMO.

Original languageEnglish (US)
Pages (from-to)913-926
Number of pages14
JournalIEEE Transactions on Cognitive Communications and Networking
Volume9
Issue number4
DOIs
StatePublished - Aug 1 2023
Externally publishedYes

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Hardware and Architecture
  • Computer Networks and Communications

Keywords

  • Adversarial attacks
  • deep learning
  • denoising autoencoder
  • massive MIMO
  • wireless security

Fingerprint

Dive into the research topics of 'Defending Adversarial Attacks on Deep Learning-Based Power Allocation in Massive MIMO Using Denoising Autoencoders'. Together they form a unique fingerprint.

Cite this