Table of Contents
Fetching ...

Protocol-agnostic and Data-free Backdoor Attacks on Pre-trained Models in RF Fingerprinting

Tianya Zhao, Ningning Wang, Junqing Zhang, Xuyu Wang

TL;DR

The paper tackles data scarcity and domain shift in RF fingerprinting by leveraging self-supervised PTMs and reveals a practical data-free backdoor attack that preserves benign performance on clean inputs while causing targeted misclassifications when triggers are present. The method uses a substitute unlabeled dataset, predefined time-domain triggers, and designed output representations (PORs) to map poisoned inputs to malicious representations, without access to downstream data or labels. It introduces a three-phase attack pipeline, formalizes objectives with a data-free threat model, and demonstrates effectiveness across Wi-Fi and LoRa protocols, in both time and time-frequency domains. The work shows robustness against simple defenses like fine-tuning and highlights the need for security measures and defense strategies for RF fingerprinting systems deploying SSL-based PTMs.

Abstract

While supervised deep neural networks (DNNs) have proven effective for device authentication via radio frequency (RF) fingerprinting, they are hindered by domain shift issues and the scarcity of labeled data. The success of large language models has led to increased interest in unsupervised pre-trained models (PTMs), which offer better generalization and do not require labeled datasets, potentially addressing the issues mentioned above. However, the inherent vulnerabilities of PTMs in RF fingerprinting remain insufficiently explored. In this paper, we thoroughly investigate data-free backdoor attacks on such PTMs in RF fingerprinting, focusing on a practical scenario where attackers lack access to downstream data, label information, and training processes. To realize the backdoor attack, we carefully design a set of triggers and predefined output representations (PORs) for the PTMs. By mapping triggers and PORs through backdoor training, we can implant backdoor behaviors into the PTMs, thereby introducing vulnerabilities across different downstream RF fingerprinting tasks without requiring prior knowledge. Extensive experiments demonstrate the wide applicability of our proposed attack to various input domains, protocols, and PTMs. Furthermore, we explore potential detection and defense methods, demonstrating the difficulty of fully safeguarding against our proposed backdoor attack.

Protocol-agnostic and Data-free Backdoor Attacks on Pre-trained Models in RF Fingerprinting

TL;DR

The paper tackles data scarcity and domain shift in RF fingerprinting by leveraging self-supervised PTMs and reveals a practical data-free backdoor attack that preserves benign performance on clean inputs while causing targeted misclassifications when triggers are present. The method uses a substitute unlabeled dataset, predefined time-domain triggers, and designed output representations (PORs) to map poisoned inputs to malicious representations, without access to downstream data or labels. It introduces a three-phase attack pipeline, formalizes objectives with a data-free threat model, and demonstrates effectiveness across Wi-Fi and LoRa protocols, in both time and time-frequency domains. The work shows robustness against simple defenses like fine-tuning and highlights the need for security measures and defense strategies for RF fingerprinting systems deploying SSL-based PTMs.

Abstract

While supervised deep neural networks (DNNs) have proven effective for device authentication via radio frequency (RF) fingerprinting, they are hindered by domain shift issues and the scarcity of labeled data. The success of large language models has led to increased interest in unsupervised pre-trained models (PTMs), which offer better generalization and do not require labeled datasets, potentially addressing the issues mentioned above. However, the inherent vulnerabilities of PTMs in RF fingerprinting remain insufficiently explored. In this paper, we thoroughly investigate data-free backdoor attacks on such PTMs in RF fingerprinting, focusing on a practical scenario where attackers lack access to downstream data, label information, and training processes. To realize the backdoor attack, we carefully design a set of triggers and predefined output representations (PORs) for the PTMs. By mapping triggers and PORs through backdoor training, we can implant backdoor behaviors into the PTMs, thereby introducing vulnerabilities across different downstream RF fingerprinting tasks without requiring prior knowledge. Extensive experiments demonstrate the wide applicability of our proposed attack to various input domains, protocols, and PTMs. Furthermore, we explore potential detection and defense methods, demonstrating the difficulty of fully safeguarding against our proposed backdoor attack.
Paper Structure (34 sections, 5 equations, 7 figures, 6 tables, 1 algorithm)

This paper contains 34 sections, 5 equations, 7 figures, 6 tables, 1 algorithm.

Figures (7)

  • Figure 1: Attack scenario: our attack is stealthy.
  • Figure 2: Backdoor attack pipeline.
  • Figure 3: The t-SNE visualization of data from six devices (D$0$-D$5$) across two distinct datasets.
  • Figure 4: Two cases when designing PORs.
  • Figure 5: LoRa transmitters and a USRP receiver.
  • ...and 2 more figures