Pilot Backdoor Attack Against Deep Reinforcement Learning Empowered Intelligent Reflection Surface for Smart Radio

Intelligent reflection surface (IRS) has been used to assist communication by reflection and beamforming where a direct path is not available. Thus, IRS adjusts the wireless channel to enhance the data transmission efficiency with low power consumption. Recently, deep reinforcement learning (DRL) ha...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on wireless communications Vol. 24; no. 6; pp. 4891 - 4903
Main Authors Huang, Yunsong, Wang, Hui-Ming, Wang, Zhaowei, Liu, Weicheng
Format Journal Article
LanguageEnglish
Published New York IEEE 01.06.2025
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Array signal processing
Artificial intelligence
backdoor attack
Beamforming
Communication system security
Data transmission
Deep learning
Deep reinforcement learning
intelligent reflection surface
Optimization
Partial transmit sequences
pilot contamination attack
Principal component analysis
Reflection
Training
Transmission efficiency
Vectors
Wireless communication
Online AccessGet full text
ISSN1536-1276
1558-2248
DOI10.1109/TWC.2025.3545066

Cover

More Information
Summary:Intelligent reflection surface (IRS) has been used to assist communication by reflection and beamforming where a direct path is not available. Thus, IRS adjusts the wireless channel to enhance the data transmission efficiency with low power consumption. Recently, deep reinforcement learning (DRL) has been exploited in IRS coefficients optimization. IRS can be controlled by DRL to adapt their phase shift to the propagation environment and an expected reflection pattern can be obtained. However, due to the openness of wireless channel and the unexplainability of DRL, it is vulnerable to adversary attacks lauched through wireless channels. In this paper, we investigate a pilot contamination based backdoor attack against DRL based IRS beamforming, where an IRS controlled by an adversary attacker is used to contaminate the channel state information (CSI) during the training phase. The backdoor attack is covert because the adversary need not to know the legitimate pilot sequence and DRL performs well when the adversary IRS keeps inactive. We show that the backdoor attack can reduce the data rate significantly with the adversary IRS. At last, we propose a retraining method agaist the attack to recover the data rate.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1536-1276
1558-2248
DOI:10.1109/TWC.2025.3545066