Abstract
Adversarial machine learning, focused on studying various attacks and defenses on machine learning (ML) models, is rapidly gaining importance as ML is increasingly being adopted for optimizing wireless systems such as Open Radio Access Networks (O-RAN). A comprehensive modeling of the security threats and the demonstration of adversarial attacks and defenses on practical AI based O-RAN systems is still in its nascent stages. We begin by conducting threat modeling to pinpoint attack surfaces in O-RAN using an ML-based Connection management application (xApp) as an example. The xApp uses a Graph Neural Network trained using Deep Reinforcement Learning and achieves on average 54% improvement in the coverage rate measured as the 5th percentile user data rates. We then formulate and demonstrate evasion attacks that degrade the coverage rates by as much as 50% through injecting bounded noise at different threat surfaces including the open wireless medium itself. Crucially, we also compare and contrast the effectiveness of such attacks on the ML-based xApp and a non-ML based heuristic. We finally develop and demonstrate robust training-based defenses against the challenging physical/jamming-based attacks and show a 15% improvement in the coverage rates when compared to employing no defense over a range of noise budgets
Abstract (translated)
对抗性机器学习(Adversarial machine learning)专注于研究各种针对机器学习(ML)模型的攻击和防御方法,随着越来越多的无线系统采用ML进行优化,对抗性机器学习在无线系统(如开放式无线接入网络O-RAN)中的应用正日益具有重要意义。全面建模安全威胁以及实际基于AI的O-RAN系统上的对抗性攻击和防御仍然是萌芽阶段。我们首先使用基于ML的连接管理应用程序(xApp)进行威胁建模,以确定O-RAN中的攻击面。xApp使用使用深度强化学习训练的图神经网络,实现了平均54%的用户数据速率覆盖率的增长。接着,我们formulate和demonstrate通过在不同的威胁面包括无线通信介质本身中注入有界噪声来降低覆盖率的攻击。关键是,我们还比较和对比了这种攻击在基于ML的xApp和非基于ML的启发式方法上的效果。最后,我们开发和展示了对抗性防御,用于应对具有挑战性的物理/干扰 based攻击,并展示了与不采取任何防御措施时的覆盖率相比,覆盖率提高了15%。
URL
https://arxiv.org/abs/2405.03891