Mitigation of poisoning attacks in Radio Frequency Fingerprinting (RFF) with outlier detection algorithms

Radio frequency fingerprinting (RFF) is a promising physical layer identification technique based on the intrinsic hardware characteristics of electronic devices. It can be used to support the security of wireless communication systems and to identify the source of interferences in spectrum sharing scenarios. Machine learning (ML) algorithms implement RFF by creating training models of signals from wireless devices on which the classification is performed. The RFF research literature has provided abundant examples of ML-based RFF solutions, but the vulnerability of the ML algorithms themselves to poisoning attacks has received scarce attention by the RFF research community, even if it is a growing area of interest by the ML research community. This paper addresses this gap by analyzing four different poisoning attacks, which are tailored to the RFF context. In particular, a novel attack is presented, grounded in the multi-domain aspects of RFF. The paper proposes a mitigation approach based on the use of unsupervised outlier detection (OD) algorithms as they can be used to distinguish poisoned samples from legitimate ones. The approach is applied to a recently public data set of 10 ZigBee devices, with four different OD algorithms and different attack severity (percentage of the poisoned samples). The results show that the OD algorithms are able to detect a significant percentage of the poisoned samples and sanitize the poisoned trained model to improve by a large margin (between 10% and 25%) the overall identification accuracy and F1 score.

BALDINI Gianmarco; 

2025-11-25

IEEE

JRC140853

979-8-3315-2965-9 (online),   

https://ieeexplore.ieee.org/document/11104347,    https://publications.jrc.ec.europa.eu/repository/handle/JRC140853,   

10.1109/MeditCom64437.2025.11104347 (online),