An official website of the United States government
In the rapidly evolving landscape of 5G technology, safeguarding Radio Frequency (RF) environments against sophisticated intrusions is paramount, especially in dynamic spectrum access and management. This paper presents an enhanced experimental model that integrates a self-attention mechanism with a Recurrent Neural Network (RNN)-based autoencoder for the detection of anomalous spectral activities in 5G networks at the waveform level. Our approach, grounded in time-series analysis, processes in-phase and quadrature (I/Q) samples to identify irregularities that could indicate potential jamming attacks. The model's architecture, augmented with a self-attention layer, extends the capabilities of RNN autoen-coders, enabling a more nuanced understanding of temporal dependencies and contextual relationships within the RF spectrum. Utilizing a simulated 5G Radio Access Network (RAN) test-bed constructed with srsRAN 5G and Software Defined Radios (SDRs), we generated a comprehensive stream of data that reflects real-world RF spectrum conditions and attack scenarios. The model is trained to reconstruct standard signal behavior, establishing a normative baseline against which deviations, indicative of security threats, are identified. The proposed architecture is designed to balance between detection precision and computational efficiency, so the LSTM network, enriched with self-attention, continues to optimize for minimal execution latency and power consumption. Conducted on a real-world SDR-based testbed, our results demonstrate the model's improved performance and accuracy in threat detection.
more »
« less
Algorithms to Identify Copied and Manipulated Spectrum Occupancy Data in Cognitive Radio Networks
Spectrum Access Systems (SASs) and similar systems coordinate access to shared radio frequency bands to efficiently allocate the use of spectrum between users in a locality. To fill the need for dense spectrum occupancy information, SASs will utilize crowdsourced data from nodes outside the SAS’s control. This crowdsourcing of data, however, makes the SAS vulnerable to many types of attacks. The attacks covered in this paper include copying and manipulating existing data to create a Spectrum Sensing Data Falsification (SSDF) attack. We propose methods to identify two categories of easily implemented SSDF attacks and show the proposed methods to be both effective and efficient. Further, we recommend that the proposed techniques be used in conjunction with other SSDF thwarting methods that use statistics, probability, or machine learning, and can identify a wider range of SSDF attacks, albeit more slowly and less reliably than the proposed methods can identify the specific types of SSDF attacks for which they are effective. Our findings demonstrate the feasibility of discerning diverse forms of manipulated data while maintaining pace with the influx of incoming data. The ability to identify manipulated data rapidly without imposing undue strain on a centrally aggregated system helps reduce the number of ways to create a potentially successful SSDF attack and increases the accuracy of determining the radio transmission activity of a Primary User (PU). Several methods are explored and evaluated for identifying copied or manipulated spectrum data. We recommend utilizing an exact match identification algorithm with Elasticsearch to search for exact copies of spectrum data. Additionally, we recommend utilizing a cosine similarity function with Elasticsearch to search for manipulated spectrum data and exact copies when sufficient computational resources are available.
more »
« less
- Award ID(s):
- 2128584
- PAR ID:
- 10659928
- Publisher / Repository:
- IEEE, IEEExplore
- Date Published:
- Journal Name:
- IEEE Open Journal of the Communications Society
- Volume:
- 6
- ISSN:
- 2644-125X
- Page Range / eLocation ID:
- 5135 to 5154
- Subject(s) / Keyword(s):
- Cognitive Networks Spectrum Occupancy Machine Learning Exact Match Spectra Data Income Data Types Of Attacks Identification Algorithm False Data Exact Copy Crowdsourced Data Spectrum Access Use Of Data False Negative Support Vector Machine Random Number K-means False Alarm Unsupervised Methods False Alarm Rate Secondary Users Subtle Manipulation Malicious Data Decimal Places Anomaly Detection Adversarial Attacks Siamese Network Current Detection Methods Isolation Forest Query Vector
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
With machine learning techniques widely used to automate Android malware detection, it is important to investigate the robustness of these methods against evasion attacks. A recent work has proposed a novel problem-space attack on Android malware classifiers, where adversarial examples are generated by transforming Android malware samples while satisfying practical constraints. Aimed to address its limitations, we propose a new attack called EAGLE (Evasion Attacks Guided by Local Explanations), whose key idea is to leverage local explanations to guide the search for adversarial examples. We present a generic algorithmic framework for EAGLE attacks, which can be customized with specific feature increase and decrease operations to evade Android malware classifiers trained on different types of count features. We overcome practical challenges in implementing these operations for four different types of Android malware classifiers. Using two Android malware datasets, our results show that EAGLE attacks can be highly effective at finding functionable adversarial examples. We study the attack transferrability of malware variants created by EAGLE attacks across classifiers built with different classification models or trained on different types of count features. Our research further demonstrates that ensemble classifiers trained from multiple types of count features are not immune to EAGLE attacks. We also discuss possible defense mechanisms against EAGLE attacks.more » « less
-
To enforce incumbent protection through a spectrum access system (SAS) or future centralized shared spectrum system, dynamic protection area (DPA) neighborhood distances are employed. These distances are distance radii, in which citizen broadband radio service devices (CBSDs) are considered as potential interferers for the incumbent spectrum users. The goal of this paper is to create an algorithm to define DPA neighborhood distances for radio astronomy (RA) facilities with the intent to incorporate those distances into existing SASs and to adopt for future frameworks to increase national spectrum sharing. This paper first describes an algorithm to calculate sufficient neighborhood distances. Verifying this algorithm by recalculating previously calculated and currently used neighborhood distances for existing DPAs then proves its viability for extension to radio astronomy facilities. Applying the algorithm to the Hat Creek Radio Observatory (HCRO) with customized parameters results in distance recommendations, 112 kilometers for category A (devices with 30 dBm/10 MHz max EIRP) and 144 kilometers for category B (devices with 47 dBm/10MHz max EIRP), for HCRO’s inclusion into a SAS and shows that the algorithm can be applied to RA facilities in general. Calculating these distances identifies currently used but likely out-of-date metrics and assumptions that should be revisited for the benefit of spectrum sharing.more » « less
-
Face recognition systems are susceptible to presentation attacks such as printed photo attacks, replay attacks, and 3D mask attacks. These attacks, primarily studied in visible spectrum, aim to obfuscate or impersonate a person’s identity. This paper presents a unique multispectral video face database for face presentation attack using latex and paper masks. The proposed Multispectral Latex Mask based Video Face Presentation Attack (MLFP) database contains 1350 videos in visible, near infrared, and thermal spectrums. Since the database consists of videos of subjects without any mask as well as wearing ten different masks, the effect of identity concealment is analyzed in each spectrum using face recognition algorithms. We also present the performance of existing presentation attack detection algorithms on the proposed MLFP database. It is observed that the thermal imaging spectrum is most effective in detecting face presentation attacks.more » « less
-
A machine learning-based detection framework is proposed to detect a class of cyber-attacks that redistribute loads by modifying measurements. The detection framework consists of a multi-output support vector regression (SVR) load predictor and a subsequent support vector machine (SVM) attack detector to determine the existence of load redistribution (LR) attacks utilizing loads predicted by the SVR predictor. Historical load data for training the SVR are obtained from the publicly available PJM zonal loads and are mapped to the IEEE 30-bus system. The features to predict loads are carefully extracted from the historical load data capturing both temporal and spatial correlations. The SVM attack detector is trained using normal data and randomly created LR attacks, so that it can maximally explore the attack space. An algorithm to create random LR attacks is introduced. The results show that the SVM detector trained merely using random attacks can effectively detect not only random attacks, but also intelligently designed attacks. Moreover, using the SVR predicted loads to re-dispatch generation when attacks are detected can significantly mitigate the attack consequences.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.1109/OJCOMS.2025.3576749
