TY - GEN
T1 - W-MIA
T2 - 2024 IEEE Conference on Communications and Network Security, CNS 2024
AU - Zhang, Yan
AU - Li, Jiawei
AU - Han, Dianqi
AU - Zhang, Yanchao
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Deep learning-based RF fingerprinting (DRFF) systems have gained prominence for their effectiveness in wireless device authentication based on unique RF hardware features in wireless signals. However, the inherent vulnerabilities of deep learning (DL) models make DRFF systems susceptible to DL attacks tailored for RF fingerprinting. In this paper, we present W-MIA, the first practical label-only membership inference attack (MIA) against DRFF systems. W-MIA can passively eavesdrop on RF signals to construct a shadow model and perform MIA covertly. Additionally, it can enhance attack efficacy through low-rate tailored active interactions with DRFF systems. We also propose a simple yet effective countermeasure against W-MIA. Extensive experiments confirm W-MIA's high attack efficacy in a label-only setting, achieving a maximum AUC of 0.81, comparable to the latest MIA against DRFF, which assumes a more knowledgeable adversary. Furthermore, our proposed defense matches the performance of existing defenses while minimizing usability loss in DRFF systems.
AB - Deep learning-based RF fingerprinting (DRFF) systems have gained prominence for their effectiveness in wireless device authentication based on unique RF hardware features in wireless signals. However, the inherent vulnerabilities of deep learning (DL) models make DRFF systems susceptible to DL attacks tailored for RF fingerprinting. In this paper, we present W-MIA, the first practical label-only membership inference attack (MIA) against DRFF systems. W-MIA can passively eavesdrop on RF signals to construct a shadow model and perform MIA covertly. Additionally, it can enhance attack efficacy through low-rate tailored active interactions with DRFF systems. We also propose a simple yet effective countermeasure against W-MIA. Extensive experiments confirm W-MIA's high attack efficacy in a label-only setting, achieving a maximum AUC of 0.81, comparable to the latest MIA against DRFF, which assumes a more knowledgeable adversary. Furthermore, our proposed defense matches the performance of existing defenses while minimizing usability loss in DRFF systems.
KW - RF fingerprinting
KW - deep learning
KW - membership inference attack
KW - wireless security
UR - http://www.scopus.com/inward/record.url?scp=85210563288&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85210563288&partnerID=8YFLogxK
U2 - 10.1109/CNS62487.2024.10735522
DO - 10.1109/CNS62487.2024.10735522
M3 - Conference contribution
AN - SCOPUS:85210563288
T3 - 2024 IEEE Conference on Communications and Network Security, CNS 2024
BT - 2024 IEEE Conference on Communications and Network Security, CNS 2024
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 30 September 2024 through 3 October 2024
ER -