How Potent are Evasion Attacks for Poisoning Federated Learning-Based Signal Classifiers?

Su Wang, Rajeev Sahay, Christopher G. Brinton

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

There has been recent interest in leveraging federated learning (FL) for radio signal classification tasks. In FL, model parameters are periodically communicated from participating devices, training on their own local datasets, to a central server which aggregates them into a global model. While FL has privacy/security advantages due to raw data not leaving the devices, it is still susceptible to several adversarial attacks. In this work, we reveal the susceptibility of FL-based signal classifiers to model poisoning attacks, which compromise the training process despite not observing data transmissions. In this capacity, we develop an attack framework in which compromised FL devices perturb their local datasets using adversarial evasion attacks. As a result, the training process of the global model significantly degrades on in-distribution signals (i.e., signals received over channels with identical distributions at each edge device). We compare our work to previously proposed FL attacks and reveal that as few as one adversarial device operating with a low-powered perturbation under our attack framework can induce the potent model poisoning attack to the global classifier. Moreover, we find that more devices partaking in adversarial poisoning will proportionally degrade the classification performance.

Original languageEnglish (US)
Title of host publicationICC 2023 - IEEE International Conference on Communications
Subtitle of host publicationSustainable Communications for Renaissance
EditorsMichele Zorzi, Meixia Tao, Walid Saad
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages2376-2381
Number of pages6
ISBN (Electronic)9781538674628
DOIs
StatePublished - 2023
Externally publishedYes
Event2023 IEEE International Conference on Communications, ICC 2023 - Rome, Italy
Duration: May 28 2023Jun 1 2023

Publication series

NameIEEE International Conference on Communications
Volume2023-May
ISSN (Print)1550-3607

Conference

Conference2023 IEEE International Conference on Communications, ICC 2023
Country/TerritoryItaly
CityRome
Period5/28/236/1/23

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Keywords

  • Adversarial attacks
  • automatic modulation classification
  • deep learning
  • federated learning
  • privacy
  • security

Fingerprint

Dive into the research topics of 'How Potent are Evasion Attacks for Poisoning Federated Learning-Based Signal Classifiers?'. Together they form a unique fingerprint.

Cite this