2025-11-20T20:04:15.567359

Adversarial-Resilient RF Fingerprinting: A CNN-GAN Framework for Rogue Transmitter Detection

Dhakal, Shekhar, Kandel
Radio Frequency Fingerprinting (RFF) has evolved as an effective solution for authenticating devices by leveraging the unique imperfections in hardware components involved in the signal generation process. In this work, we propose a Convolutional Neural Network (CNN) based framework for detecting rogue devices and identifying genuine ones using softmax probability thresholding. We emulate an attack scenario in which adversaries attempt to mimic the RF characteristics of genuine devices by training a Generative Adversarial Network (GAN) using In-phase and Quadrature (IQ) samples from genuine devices. The proposed approach is verified using IQ samples collected from ten different ADALM-PLUTO Software Defined Radios (SDRs), with seven devices considered genuine, two as rogue, and one used for validation to determine the threshold.
academic

Adversarial-Resilient RF Fingerprinting: A CNN-GAN Framework for Rogue Transmitter Detection

Basic Information

  • Paper ID: 2510.09663
  • Title: Adversarial-Resilient RF Fingerprinting: A CNN-GAN Framework for Rogue Transmitter Detection
  • Authors: Raju Dhakal, Prashant Shekhar, Laxima Niure Kandel (Embry-Riddle Aeronautical University)
  • Classification: cs.CR (Cryptography and Security), cs.AI (Artificial Intelligence)
  • Publication Date: October 7, 2025
  • Paper Link: https://arxiv.org/abs/2510.09663

Abstract

Radio frequency fingerprinting (RFF) has evolved into an effective solution for device authentication by exploiting unique imperfections in hardware components during signal generation. This paper proposes a framework based on convolutional neural networks (CNN) that employs softmax probability thresholding to detect malicious devices and identify legitimate devices. The study simulates adversarial scenarios where attackers attempt to mimic legitimate device RF characteristics by training in-phase and quadrature (I/Q) samples using generative adversarial networks (GANs). The methodology is validated using I/Q samples collected from 10 different ADALM-PLUTO software-defined radios (SDRs), where 7 devices are considered legitimate, 2 are malicious, and 1 is reserved for validation to determine the threshold.

Research Background and Motivation

Problem Definition

With the rapid advancement of wireless communication technology, the proliferation of devices in IoT, sensor networks, unmanned aerial vehicles (UAVs), and other application domains has introduced severe cybersecurity threats, particularly in device authentication and network access management. Traditional cryptographic techniques often incur excessive computational overhead in resource-constrained environments.

Research Significance

  1. Lightweight Authentication Requirements: Resource-constrained environments such as IoT, sensor networks, and UAV networks require lightweight authentication methods
  2. Hardware Fingerprint Uniqueness: Each wireless device possesses a unique identifier in its transmission signals generated by hardware component imperfections
  3. Adversarial Attack Threats: Attackers may not directly employ malicious devices but instead attempt to mimic legitimate device characteristics to gain network access

Limitations of Existing Methods

  1. Single Attack Model: Existing research either considers only genuine malicious devices or focuses solely on synthetically generated samples as malicious devices
  2. Lack of Adversarial Robustness: Most methods do not account for attackers using GAN and similar technologies to mimic legitimate device RF characteristics
  3. Experimental Limitations: Many studies validate only in ideal environments, lacking consideration of real adversarial scenarios

Core Contributions

  1. Novel Framework: To the authors' knowledge, this is the first work validating out-of-distribution device detection performance using both real device I/Q samples and GAN-synthesized samples
  2. Dual Attack Model: Simultaneously addresses genuine malicious devices and attack scenarios using GANs to mimic legitimate device characteristics
  3. CNN-GAN Joint Framework: Proposes a comprehensive solution combining CNN classifiers and GAN generators
  4. Practical Threshold Method: Develops a unified approach for open-set detection and closed-set classification based on softmax probability thresholding

Methodology Details

Task Definition

Input: I/Q signal samples from wireless devices Output:

  • Binary Classification: Distinguishing legitimate devices from malicious devices
  • Multi-class Classification: Classifying detected legitimate devices to specific device categories Constraints: Must handle unseen malicious devices and GAN-generated mimicry samples

Model Architecture

Overall System Pipeline

The system comprises two main stages:

  1. Training Stage: Joint CNN and GAN training
  2. Inference Stage: Threshold-based detection and classification

CNN Architecture Design

  • Input Layer: I/Q samples with shape (720, 2, 1)
  • Convolutional Layers: 32 filters, kernel size (5,1), ReLU activation, L2 regularization, batch normalization, max pooling (2,1)
  • Fully Connected Layers: 352 neurons, ReLU activation, L2 regularization, 0.3 dropout
  • Output Layer: 7 neurons corresponding to 7 legitimate device categories

GAN Architecture Design

Generator (G):

  • Input: Random noise vector
  • Three fully connected layers: 2048, 4096, 1440 neurons
  • First two layers employ batch normalization and ReLU activation
  • Output reshaped to (720, 2) I/Q samples

Discriminator (D):

  • Input: (720, 2) I/Q samples
  • Two 1D convolutional layers: 64 and 128 filters, kernel sizes 7 and 5
  • LeakyReLU activation (α=0.2), 0.3 dropout
  • Fully connected layer: 128 neurons, final output single logit

Technical Innovations

Temperature-Scaled Softmax

Uses temperature parameter T to control confidence of probability distribution:

p = softmax(z/T)

where z is the logits vector, optimal temperature T=2.5

Threshold Decision Rule

ŷ = {
  -1 if p_max < threshold (classified as malicious)
  argmax_i p_i otherwise (classified as legitimate device i)
}

Feature Matching Loss

The generator is trained using feature matching loss, based on the distance between average discriminator features of real and generated samples.

Experimental Setup

Dataset

  • Devices: 11 ADALM-PLUTO SDRs, with 1 serving as receiver
  • Signals: Real-time OFDM wireless communication signals
  • Data Volume: 19,920 frames per device, with 72 I/Q samples per frame header
  • Preprocessing: 10 consecutive frames merged into single frame (720 I/Q samples), normalization

Data Partitioning

  • Legitimate Devices: Devices 1-2 and 5-9 (7 devices)
  • Malicious Devices: Devices 3 and 4 (2 devices)
  • Validation Device: Device 10 (used solely for threshold determination)
  • Training Set: 70% of legitimate device data (9,760 frames)
  • Validation Set: 10% of legitimate device data + all validation device data (3,386 samples)
  • Test Set: 20% of legitimate device data + all malicious device data + 1000 GAN-generated samples (7,774 frames)

Evaluation Metrics

  • F1 Score: Primary metric for malicious device detection
  • Classification Accuracy: Legitimate device identification accuracy
  • Fréchet Distance (FD): Evaluates GAN-generated sample quality, FD=0.0545

Implementation Details

  • CNN Optimizer: Adam, learning rate 0.00036, 10 epochs
  • GAN Optimizer: Adam, learning rate 0.001, 3000 epochs
  • Hyperparameter Tuning: KerasTuner random search, 20 trials
  • Optimal Threshold: θ*=0.1987

Experimental Results

Primary Results

Binary Classification Performance:

  • Legitimate device detection accuracy: 97.6%
  • Malicious device detection accuracy: 96.7%
  • Malicious device F1 score: 0.9871

Multi-class Classification Performance:

  • All devices detected as legitimate are correctly classified to corresponding categories
  • Most devices achieve classification accuracy exceeding 97%
  • Devices 1 and 9 achieve near-perfect classification

GAN Generation Quality Verification

  • I/Q Constellation Comparison: Generated samples (red) and real samples (blue) form similar clustering distributions in the I/Q plane
  • Fréchet Distance: FD=0.0545, indicating generated samples closely match real sample distribution
  • Visual Verification: Generated samples successfully mimic RF signal characteristics of real legitimate devices

Threshold Analysis

The threshold θ*=0.1987 determined from the validation set effectively separates legitimate and malicious devices:

  • Maximum softmax probabilities of legitimate devices cluster tightly in high-probability regions
  • Probability distributions of malicious devices span lower and broader ranges

Related Work

RF Fingerprinting Research

  1. Traditional Methods: Huang et al. employed density trajectory graphs and deep learning methods but did not address malicious device detection
  2. Large-Scale Studies: Tong et al. utilized data from over 10,000 devices but could not detect malicious devices
  3. Siamese Networks: Sun et al. and Birnbach et al. employed Siamese networks to distinguish similar and dissimilar pairs

Adversarial Learning Frameworks

Roy et al. proposed the RFAL framework using GANs to generate synthetic malicious samples but did not consider real malicious device data.

Research Gaps

Existing work either considers only genuine malicious devices or focuses solely on synthetic samples, lacking comprehensive treatment of both attack types.

Conclusions and Discussion

Main Conclusions

  1. Effectiveness Validation: The CNN-GAN framework successfully detects both real and synthetic malicious devices with accuracy exceeding 96%
  2. Adversarial Robustness: The system resists attacks using GANs to mimic legitimate device RF characteristics
  3. Practicality: The softmax threshold-based method achieves unified open-set detection and closed-set classification

Limitations

  1. Device Scale Constraints: Validation uses only 10 devices; practical networks may involve hundreds of devices
  2. Static Environment: All data originates from stationary devices; mobile node impacts are not considered
  3. Indoor Environment: Data collection occurred solely in indoor laboratory settings

Future Directions

  1. Extended Device Scale: Validate method scalability across larger device networks
  2. Mobile Scenarios: Incorporate mobile nodes into data collection processes
  3. Multi-Environment Validation: Test method robustness across diverse wireless environments

In-Depth Evaluation

Strengths

  1. Strong Innovation: First RF fingerprinting framework simultaneously addressing genuine and synthetic malicious devices
  2. Comprehensive Experiments: Real SDR device data collection with quantitative and qualitative GAN generation quality verification
  3. Practical Methodology: Temperature scaling and threshold methods are simple, effective, and readily deployable
  4. Credible Results: Multiple metrics validation with clear confusion matrices demonstrating performance

Weaknesses

  1. Limited Experimental Scale: 10-device experiment scale is relatively small; scalability requires further verification
  2. Homogeneous Environment: Testing only in indoor static settings lacks diverse scenario validation
  3. Insufficient Comparison: Lacks direct performance comparison with other advanced methods
  4. Limited Theoretical Analysis: Insufficient theoretical explanation for method effectiveness

Impact

  1. Academic Value: Provides novel adversarial attack defense perspectives for RF fingerprinting research
  2. Practical Value: Applicable to device authentication in resource-constrained environments such as IoT and UAVs
  3. Reproducibility: Detailed method descriptions and clear experimental setup ensure good reproducibility

Applicable Scenarios

  1. IoT Networks: Lightweight device authentication
  2. Unmanned Aerial Vehicle Communication: UAV network security authentication
  3. Sensor Networks: Distributed sensor device management
  4. Industry 4.0: Industrial wireless device secure access

References

The paper cites 13 relevant references covering critical works in RF fingerprinting, deep learning, GANs, and wireless security, providing solid theoretical foundations for the research.

Overall Assessment: This is an innovative work in the RF fingerprinting domain that systematically addresses device authentication under adversarial attack scenarios for the first time. Despite relatively limited experimental scale, the novel methodology and credible results provide valuable contributions to the field's development.