Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Secure Distributed RIS-MIMO over Double Scattering Channels: Adversarial Attack, Defense, and SER Improvement

Bui Duc Son, Gaosheng Zhao, Trinh Van Chien, Dong In Kim

TL;DR

This paper addresses the vulnerability of distributed RIS-aided MIMO autoencoders operating in finite-scattering channels to adversarial perturbations and proposes a robust defense. It introduces a double-scattering channel model, analyzes SER as the key performance metric, and develops a gradient-based universal adversarial perturbation (MRMAEF) together with an adversarial training defense (ATMRM) that also improves SER in attack-free scenarios. The results show that increasing the number of RISs improves baseline SER but raises susceptibility to attacks, while ATMRM effectively mitigates attack impact and enhances robustness under Doppler-induced mobility. The findings support the practical deployment of multi-RIS systems in 6G, highlighting the value of adversarially trained end-to-end RIS-MIMO architectures for reliable, secure communications.

Abstract

There has been a growing trend toward leveraging machine learning (ML) and deep learning (DL) techniques to optimize and enhance the performance of wireless communication systems. However, limited attention has been given to the vulnerabilities of these techniques, particularly in the presence of adversarial attacks. This paper investigates the adversarial attack and defense in distributed multiple reconfigurable intelligent surfaces (RISs)-aided multiple-input multiple-output (MIMO) communication systems-based autoencoder in finite scattering environments. We present the channel propagation model for distributed multiple RIS, including statistical information driven in closed form for the aggregated channel. The symbol error rate (SER) is selected to evaluate the collaborative dynamics between the distributed RISs and MIMO communication in depth. The relationship between the number of RISs and the SER of the proposed system based on an autoencoder, as well as the impact of adversarial attacks on the system's SER, is analyzed in detail. We also propose a defense mechanism based on adversarial training against the considered attacks to enhance the model's robustness. Numerical results indicate that increasing the number of RISs effectively reduces the system's SER but leads to the adversarial attack-based algorithm becoming more destructive in the white-box attack scenario. The proposed defense method demonstrates strong effectiveness by significantly mitigating the attack's impact. It also substantially reduces the system's SER in the absence of an attack compared to the original model. Moreover, we extend the phenomenon to include decoder mobility, demonstrating that the proposed method maintains robustness under Doppler-induced channel variations.

Secure Distributed RIS-MIMO over Double Scattering Channels: Adversarial Attack, Defense, and SER Improvement

TL;DR

This paper addresses the vulnerability of distributed RIS-aided MIMO autoencoders operating in finite-scattering channels to adversarial perturbations and proposes a robust defense. It introduces a double-scattering channel model, analyzes SER as the key performance metric, and develops a gradient-based universal adversarial perturbation (MRMAEF) together with an adversarial training defense (ATMRM) that also improves SER in attack-free scenarios. The results show that increasing the number of RISs improves baseline SER but raises susceptibility to attacks, while ATMRM effectively mitigates attack impact and enhances robustness under Doppler-induced mobility. The findings support the practical deployment of multi-RIS systems in 6G, highlighting the value of adversarially trained end-to-end RIS-MIMO architectures for reliable, secure communications.

Abstract

There has been a growing trend toward leveraging machine learning (ML) and deep learning (DL) techniques to optimize and enhance the performance of wireless communication systems. However, limited attention has been given to the vulnerabilities of these techniques, particularly in the presence of adversarial attacks. This paper investigates the adversarial attack and defense in distributed multiple reconfigurable intelligent surfaces (RISs)-aided multiple-input multiple-output (MIMO) communication systems-based autoencoder in finite scattering environments. We present the channel propagation model for distributed multiple RIS, including statistical information driven in closed form for the aggregated channel. The symbol error rate (SER) is selected to evaluate the collaborative dynamics between the distributed RISs and MIMO communication in depth. The relationship between the number of RISs and the SER of the proposed system based on an autoencoder, as well as the impact of adversarial attacks on the system's SER, is analyzed in detail. We also propose a defense mechanism based on adversarial training against the considered attacks to enhance the model's robustness. Numerical results indicate that increasing the number of RISs effectively reduces the system's SER but leads to the adversarial attack-based algorithm becoming more destructive in the white-box attack scenario. The proposed defense method demonstrates strong effectiveness by significantly mitigating the attack's impact. It also substantially reduces the system's SER in the absence of an attack compared to the original model. Moreover, we extend the phenomenon to include decoder mobility, demonstrating that the proposed method maintains robustness under Doppler-induced channel variations.

Paper Structure

This paper contains 20 sections, 1 theorem, 41 equations, 7 figures, 7 tables, 2 algorithms.

Table of Contents

  1. INTRODUCTION
  2. Related Works
  3. Main Contributions
  4. SYSTEM MODEL
  5. Double-Scattering Channel Model
  6. Autoencoder Architecture
  7. Encoder-based CNN Architecture
  8. RISs-based CNN Architecture
  9. Decoder-based CNN Architecture
  10. Computational complexity of 1D-CNN
  11. Universal adversarial attack and defense
  12. Adversarial Attack
  13. Adversarial Defense
  14. Numerical results
  15. Simulation Configuration
  16. ...and 5 more sections

Key Result

Lemma 1

Gradient-based Adversarial Vulnerability of RIS-Aided MIMO Autoencoders: Let $\mathcal{D}(\cdot)$ denote the trained decoder of a distributed RIS-aided MIMO autoencoder. Let $\mathbf{s}_\mathrm{n} \in \mathbb{C}^{K_d \times L_B}$ be a clean received signal and $y$ the corresponding true label. For a for some $\delta > 0$, where $\mathcal{L}(\cdot, \cdot)$ is BCE loss function. The optimal perturba

Figures (7)

  • Figure 1: Adversarial attack on distributed RIS-aided MIMO autoencoder.
  • Figure 2: The proposed end-to-end learning framework employs a one-dimensional convolutional neural network (1D-CNN) architecture to model each component of the proposed system.
  • Figure 3: SER performance of RIS-assisted MIMO systems under double-scattering channels with varying numbers of scatterers: (a) $\mathbf{SC}_\mathbf{L}=5$, (b) $\mathbf{SC}_\mathbf{L}=5$ and $19$, and (c) $\mathbf{SC}_\mathbf{L}\to\infty$.
  • Figure 4: The SER performance of multiple RIS-assisted MIMO systems under the MRMAEF adversarial attack: (a) The SER of different RIS configurations at a fixed Rician factor of 0.8 and PSR of 0 dB, (b) The SER comparison of double and quadruple RISs at Rician factor 0.8 with varying PSR levels, and (c) The SER of the quadruple RIS configuration under varying Rician factors and PSR values.
  • Figure 5: The SER performance of RIS-assisted MIMO systems under adversarial attack (MRMAEF) and defense (ATMRM) over double-scattering channels with 5 scatterers: (a) Double RISs, (b) Triple RISs, and (c) Quadruple RISs.
  • ...and 2 more figures

Theorems & Definitions (2)

  • Lemma 1
  • proof