Physical layer security: Detection of active eavesdropping attacks by support vector machines

This paper presents a framework for converting wireless signals into structured datasets, which can be fed into machine learning algorithms for the detection of active eavesdropping attacks at the physical layer. More specifically, a wireless communication system, which consists of an access point (AP), K legitimate users and an active eavesdropper, is considered. To detect the eavesdropper who breaks into the system during the authentication phase, we first build structured datasets based on different features and then apply sophisticated support vector machine (SVM) classifiers to those structured datasets. To be more specific, we first process the signals received by the AP and then define a pair of statistical features based on the post-processing of the signals. By arranging for the AP to simulate the entire process of transmission and the process of constructing features, we form the so-called artificial training data (ATD). By training SVM classifiers on the ATD, we classify the received signals associated with eavesdropping attacks and nonattacks, thereby detecting the presence of the eavesdropper. Two SVM classifiers are considered, including a classic twin-class SVM (TC-SVM) and a single-class SVM (SC-SVM). While the TC-SVM is preferred in the case of having perfect channel state information (CSI) of all channels, the SC-SVM is preferred in the realistic scenario when we have only the CSI of legitimate users. We also evaluate the accuracy of the trained models depending on the choice of kernel functions, the choice of features and on the eavesdropper’s power. Our numerical results show that careful parameter-tuning is required for exceeding an eavesdropper detection probability of 95%.