Abstract
A rapid growth in deep learning-based technology of neural networks like CNN (Convolution Neural Network) is good at learning patterns in data and then utilizing that gained knowledge to solve real-life problems in real-time like face detection, object identification, etc. Still, the CNN model fails to protect itself from the threat of data poisoning. Data poisoning is a technique with which it is possible to develop a corrupt input to deceive models by feeding them false data. Such malicious attacks are becoming a significant concern in the modern world. Backdoor attacks are the type of data poisoning attacks that are well known to corrupt clean data that human users can not identify the difference between clean and corrupted data.
We will study the effect of backdoor attacks on massive MIMO (Multiple Input Multiple Output) localization datasets using the DCNN (Deep Convolution Neural Network) model and neural ODE (Ordinary Differential Equation) model. We will also study the performance of these models on the massive MIMO datasets indoor and outdoor environments.
The research starts with the introduction to what is data poisoning and why it is an uprising threat. We will discuss the backdoor data poisoning attacks and various ways we can implement them. Then, we discuss the model architectures of the DCNN model and the neural ODE model. We will also learn about the massive MIMO datasets indoor and outdoor scenarios. In addition, we will see how to create a variety of poisons by the three data poisoning attacks which are 1) Data Injection, 2) Data Modification, and 3) Data Injection and Modification. For experimentation, we made two different batches of poison partial poisoning and full poisoning. We will also see how to make a variety of batches of data poisoning and how to conduct training with the poison dataset.
Finally, we will compare the experimental results of all data poisoning attacks on the DCNN and the neural ODE model. The experimental results show us every poison works differently in different indoor and outdoor scenarios. As we increase the poison sample size, we see an increase in the localization error of the model. We can conclude from our experimentation that the neural ODE model is more resistant to the poisoning attacks in comparison to the DCNN model.
For this experimentation, the Google Colab was used to conduct the training of the models. TensorFlow and panda libraries were used. The python framework of version 3.7 was used to design, test, and validate the experimentation and its results.