A method for detecting spoofing attacks with the assistance of perception functions
The spoofing attack detection method assisted by sensing function utilizes sensing signals and communication channel information from the base station side to accurately detect multiple types of spoofing attacks, solving the compatibility and misjudgment problems of existing methods and improving network security and reliability.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- BEIJING UNIV OF POSTS & TELECOMM
- Filing Date
- 2026-02-09
- Publication Date
- 2026-06-19
AI Technical Summary
Existing methods for detecting spoofing attacks are ineffective in dealing with various types of spoofing attacks, and are prone to false positives or false negatives in complex network environments. Furthermore, they require modifications to communication protocols or architectures, which can affect system stability and compatibility.
By using a sensing function-assisted method, environmental detection and physical parameter extraction are performed using sensing signals from the base station side. This reconstructs sensing reference information that is not affected by spoofing attacks. Combined with communication channel state estimation, a communication-sensing channel feature analysis is constructed. Quantization sequences and detectors are then used to determine whether a spoofing attack exists.
It achieves accurate detection of various types of spoofing attacks, ensuring system compatibility and security, and can adjust data transmission strategies in real time to improve network resistance to attacks. It is suitable for existing 5G and 6G networks.
Smart Images

Figure CN122248415A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of wireless communication technology, and more specifically to a method for detecting deception attacks assisted by sensing functions. Background Technology
[0002] With the rapid development of 5G and future 6G wireless communication technologies, the demand for high data transmission rates, low latency, and high reliability in communication systems is constantly increasing. However, at the same time, attack methods targeting wireless communication networks are becoming increasingly sophisticated. In particular, spoofing attacks, where attackers forge false information or tamper with control signals, deceive legitimate communication systems into transmitting incorrect data, seriously threatening the reliability and security of communication networks.
[0003] Existing deception attack detection methods mostly focus on single types of attacks and cannot effectively deal with multiple types of deception attacks. They are also prone to false positives or false negatives in complex network environments. In addition, many existing solutions require modification of communication protocols or architectures, which increases the difficulty of implementation and may affect the stability and compatibility of existing systems.
[0004] Therefore, a new technical solution is urgently needed that can not only cope with various types of deception attacks, but also be compatible with existing communication protocols and ensure the security and feasibility of the system. To solve the above problems, this application proposes a deception attack detection method assisted by perception function. Summary of the Invention
[0005] To address the shortcomings of existing technologies, this invention provides a perception-assisted deception attack detection method, solving the problems mentioned in the background art.
[0006] The above-mentioned technical objective of the present invention is achieved through the following technical solution:
[0007] A method for detecting deception attacks assisted by perception function includes the following steps:
[0008] S1. Environmental Detection and Physical Parameter Extraction: The base station transmits sensing signals to the target environment through its sensing capabilities. and receive echo signals. The spatial spectrum estimation method is used to extract the angle of arrival of legitimate users. and sensing channel gain coefficient ;
[0009] S2. Reference Information Reconstruction: The base station side utilizes the aforementioned angle of arrival. Establish the antenna steering vector, combined with the sensing channel gain coefficient. The line-of-sight (LoS) portion of the actual channel is reconstructed as sensing reference information unaffected by spoofing attacks. ;
[0010] S3. Communication Channel State Estimation: The base station receives the user's uplink pilot signal and estimates the theoretical transmission power issued by the base station. Obtain the channel estimation results currently affected by the spoofing attack. And construct detection information pairs ;
[0011] S4. Sensor Channel Feature Analysis: A preset quantization sequence and quantization boundary are used to analyze the detected information. Quantization is performed, and the empirical cumulative conditional distribution of the communication-sensing channel is constructed based on the quantized symbol results. ;
[0012] S5. Deception Attack Decision: Construct a detection sub-distribution to characterize the difference between the empirically accumulated conditional distribution and the prior theoretical probability distribution. By detecting sub With preset detection threshold A comparison is made to determine whether a data surface deception attack exists.
[0013] Preferably, the angle of arrival is extracted in step S1. The process includes:
[0014] For the received echo signal covariance matrix Eigenvalue decomposition is performed to obtain the eigenvectors of the noise subspace. Construct the spatial spectral function:
[0015]
[0016] By searching for the peak value of the spatial spectral function in the angle domain, the corresponding estimated angle of arrival is extracted. .
[0017] Preferably, in step S2, the perceptual reference information is reconstructed. The expression is:
[0018]
[0019] in, The steering vector generated based on the ULA antenna array:
[0020]
[0021] in, For antenna size, Antenna spacing, This is the operating wavelength.
[0022] Preferably, step S3 further includes:
[0023] The base station determines whether the received pilot signal is valid. If it is invalid, it is directly determined that there is a spoofing attack.
[0024] If the reception is successful, then the received signal is utilized. With pilot sequence The conjugate transpose of the given information is used for channel estimation using the least squares method. The estimation results are as follows: Characterized as:
[0025]
[0026] in, For actual user power, For attack channels, For attack power, To receive noise.
[0027] Preferably, the quantization process in step S4 includes:
[0028] Using sequences The real part of the complex channel element and the virtual part Mapping to quantization range ;
[0029] The quantization range Defined as:
[0030] when hour, ;
[0031] when hour, ;
[0032] when hour, .
[0033] Preferably, the empirical accumulation condition distribution The construction logic is as follows:
[0034] Based on indicator function The joint probability distribution of the quantized communication channel symbols and the sensing channel symbols is statistically analyzed, and the frequency of occurrence of the sensing channel symbols is normalized to obtain the quantized symbol table. and Empirical probability mapping on.
[0035] Preferably, in step S5, the detection sub- The expression is:
[0036]
[0037] in, The theoretical condition distribution pre-stored for the base station.
[0038] Preferably, in the deception attack judgment step, by detecting the sub- With preset detection threshold To make a comparison, if If so, it is determined that a deception attack exists; if If the condition is met, then it is determined that the deception attack does not exist.
[0039] In summary, the present invention has the following main beneficial effects:
[0040] 1. This invention can accurately detect multiple types of spoofing attacks by combining sensing signals and communication channel information, including resource allocation spoofing attacks, pilot spoofing attacks and their combinations. This solves the problem that existing methods cannot handle multiple types of spoofing attacks. At the same time, this method provides reference channel information that is not affected by the attack through sensing signals and compares it with the communication channel estimation results to detect whether a spoofing attack exists.
[0041] 2. It does not require changes to existing communication protocols and architectures, ensuring system compatibility and allowing direct application in existing 5G and 6G networks. Furthermore, the base station can adjust data transmission strategies in real time, enhancing the network's resistance to attacks while ensuring the security, reliability, and feasibility of the communication system. It has broad application prospects and high practical value. Attached Figure Description
[0042] Figure 1 This is a scenario diagram of a wireless communication system under various types of spoofing attacks.
[0043] Figure 2 Flowchart of the implementation of a deception attack detection method to assist perception function.
[0044] Figure 3 This is a cumulative distribution diagram of the constructed deception attack detectors under multiple types of deception attacks.
[0045] Figure 4 The graph shows a comparison of the false detection probability performance of the constructed deception attack detector under different antenna sizes and deception attack types. Detailed Implementation
[0046] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are some embodiments of the present invention, but not all embodiments. Based on the described embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0047] The following embodiments are used to illustrate the present invention, but should not be used to limit the scope of protection of the present invention. The conditions in the embodiments can be further adjusted according to specific conditions, and simple improvements to the method of the present invention under the premise of the concept of the present invention are all within the scope of protection claimed by the present invention.
[0048] Example 1
[0049] like Figure 1 As shown in the figure, this embodiment constructs a 5G NR standard base station that integrates communication and sensing functions.
[0050] Hardware configuration: The diagram shows a 5G NR standard base station with integrated communication and sensing capabilities. The communication function is... The ULA array with one antenna is equipped with sensing capabilities. root transmitting antenna and Radar with a root receiving antenna.
[0051] Meanwhile, there is a single-antenna access user and an attacker in the environment. The attacker can launch arbitrary spoofing attacks on the legitimate system, disrupt user resource allocation and pilot training, and ultimately lead to a decrease in the demodulation quality of user-oriented data transmission or even service interruption.
[0052] Deception attacks that attackers can launch against the detection method designed in this invention include:
[0053] 1) Resource allocation spoofing attack: Tampering with the user's time and frequency resource allocation by overwriting downlink control information (DCI);
[0054] 2) Pilot spoofing attack: Sending the same demodulation reference signal (DMRS) sequence as the legitimate user;
[0055] 3) Combined deception attack: Simultaneously tamper with resource allocation and perform pilot overlay.
[0056] This embodiment constructs physical layer reference information by introducing a sensing function, and realizes attack detection by observing the statistical distortions generated by spoofing attacks on channel estimation.
[0057] Example 2
[0058] The real-time conditions of this invention are as follows (refer to the following references) Figure 2 As shown:
[0059] Step 1:
[0060] Base stations transmit detection signals via radar. It also receives radar echoes. The echo can be represented as:
[0061]
[0062] in To detect noise for radar, To sense channel gain, This is the actual turning vector at the transmitting end.
[0063] Step 2:
[0064] (2-1) The base station uses the MUSIC algorithm to estimate the angle of arrival. First, perform eigenvalue decomposition on the covariance matrix:
[0065]
[0066] in , Let be the eigenvector matrix, and let be the noise subspace. Constructing the MUSIC spatial spectrum:
[0067]
[0068] in Given a feature vector in the noise subspace, the angle of arrival estimate is extracted by searching for spectral peaks. .
[0069] (2-2) Base station estimates sensing channel gain :
[0070]
[0071] (2-3) Base station side utilization , To establish sensing information, the beam steering vector is first constructed:
[0072]
[0073] in, For the angle of arrival estimation results, For ULA antenna size, Antenna spacing, The wavelength is then used. Subsequently, sensing reference information (sensing reconstruction channel) is constructed:
[0074] .
[0075] Step 3:
[0076] Assume that the base station and the attacker simultaneously send DCI control information to the user on the PDCCH, and the attacker successfully overwrites the base station's downlink DCI transmission (causing the user to respond with an erroneous message). During the user transmission phase, the user sends a publicly available DMRS sequence to the base station. An attacker sends the same DMRS sequence on the same resource to interfere with / spoof the base station. The base station receiving the DMRS signal can be represented as (in the case of "valid reception"):
[0077]
[0078] in It is a DMRS sequence. Power transmitted to actual users, For attack channels, For attack transmission power, To receive noise.
[0079] If effective reception is not possible (e.g., due to strong coverage or synchronization failure), a spoofing attack can be directly identified; if effective reception is possible, channel estimation based on DMRS is performed.
[0080]
[0081] in The base station transmits the theoretical nominal power value to the user, and the noise term is estimated. .
[0082] Step 4:
[0083] Due to the presence of unknown deception attacks, the true conditional distribution... It cannot be obtained directly. Therefore, in practical implementation, it is necessary to utilize... and Constructing the cumulative conditional distribution of experience To approximate the ideal The present invention provides the following quantification scheme:
[0084] First, through the sequence , right and Quantification is performed, among which The quantization boundary is described by its quantization interval as follows:
[0085]
[0086] in Using quantification methods, we can obtain... any of the first The quantization result of each element is:
[0087]
[0088] in , These represent the real and imaginary parts of an element, respectively. For indicator functions, also any of the first The quantization result of each element is described as follows: , Indicates the quantization of the input elements.
[0089] Then build , symbol set Their symbolic elements are respectively , , , , , Therefore, the empirical cumulative conditional distribution of the communication-sensing channel can be constructed based on the quantization results of the channel elements, and is characterized as follows:
[0090]
[0091] Furthermore, based on the accumulated conditional distribution of experience, a deception attack detector can be constructed, characterized as follows:
[0092]
[0093] in This represents the reference condition distribution under attack-free (ideal) conditions (obtained from historical / training data or system priors).
[0094] Step 5:
[0095] Based on the detection sub-test obtained in step 4 Hypothesis testing is used to determine whether a deception attack exists. A detection threshold is set. :
[0096] like This indicates that the observed channel statistics differ significantly from the non-attack reference distribution, suggesting the presence of a spoofing attack.
[0097] like If the channel distortion is within a reasonable range, it is determined that there is no deception attack.
[0098] Example 3
[0099] Simulation verification and performance specification reference Figure 3 , Figure 4 As shown:
[0100] Figure 3 For the constructed deception attack detection sub Cumulative distribution of detectors under various types of spoofing attacks, with different attack types exhibiting varying signal-to-noise ratios (SNR) and antenna sizes around 5 dB. Through simulation, we can clearly observe that when any type of deception attack exists, the detection sub-attack... Compared to the no-attack scenario, the cumulative distributions all show significant differences, indicating that the proposed scheme can effectively detect spoofing attacks. For example, in the current scenario, a threshold value can be selected as... Perform arbitrary deception attack detection.
[0101] Figure 4 The graph compares the false detection probability performance of the constructed spoofing attack detector under different antenna sizes and spoofing attack types. The horizontal axis represents SNR, and the vertical axis represents the false detection probability (FDP). It shows that under any spoofing attack scenario, as SNR increases, the system's FDR decreases and gradually approaches 0. Furthermore, at the same SNR, a larger antenna size yields better detection performance.
[0102] Although embodiments of the invention have been shown and described, it will be understood by those skilled in the art that, unless otherwise defined, the technical or scientific terms used in this invention should be understood in the ordinary sense by those skilled in the art to which this invention pertains, and the terms "comprising" or "including" or similar terms used in this invention mean that the element or object preceding the word covers the element or object listed after the word and its equivalents.
[0103] Although embodiments of the invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made to these embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the appended claims and their equivalents.
Claims
1. A method for detecting spoofing attacks with the assistance of perception functions, characterized in that, Includes the following steps: S1. Environment detection and physical parameter extraction: the base station side transmits sensing signals to the target environment through the sensing function , and receives echo signals , extracts the arrival angle of the legitimate user and the sensing channel gain coefficient using the spatial spectrum estimation method and ; S2. Reference information reconstruction: the base station side exploits the angle of arrival establishes an antenna steering vector, combining the perceived channel gain coefficients reconstructs the line-of-sight, LoS, part of the actual channel as a perceived reference information not affected by the spoofing attack ; S3. Communication Channel State Estimation: The base station receives the user's uplink pilot signal and estimates the theoretical transmission power issued by the base station. Obtain the channel estimation results currently affected by the spoofing attack. And construct detection information pairs ; S4. Sensor Channel Feature Analysis: A preset quantization sequence and quantization boundary are used to analyze the detected information. Quantization is performed, and the empirical cumulative conditional distribution of the communication-sensing channel is constructed based on the quantized symbol results. ; S5. Deception Attack Decision: Construct a detection sub-distribution to characterize the difference between the empirically accumulated conditional distribution and the prior theoretical probability distribution. By detecting sub With preset detection threshold A comparison is made to determine whether a data surface deception attack exists.
2. The method for detecting deception attacks assisted by perception function according to claim 1, characterized in that, The arrival angle is extracted in step S1. The process includes: For the received echo signal covariance matrix Eigenvalue decomposition is performed to obtain the eigenvectors of the noise subspace. Construct the spatial spectral function: By searching for the peak value of the spatial spectral function in the angle domain, the corresponding estimated angle of arrival is extracted. .
3. The method for detecting deception attacks assisted by perception function according to claim 1, characterized in that, In step S2, the perceptual reference information is reconstructed. The expression is: in, The steering vector generated based on the ULA antenna array: in, For antenna size, Antenna spacing, This is the operating wavelength.
4. The method for detecting deception attacks assisted by perception function according to claim 1, characterized in that, Step S3 further includes: The base station determines whether the received pilot signal is valid. If it is invalid, it is directly determined that there is a spoofing attack. If the reception is successful, then the received signal is utilized. With pilot sequence The conjugate transpose of the given information is used for channel estimation using the least squares method. The estimation results are as follows: Characterized as: in, For actual user power, For attack channels, For attack power, To receive noise.
5. The method for detecting deception attacks assisted by perception function according to claim 1, characterized in that, The quantization process in step S4 includes: Using sequences The real part of the complex channel element and the virtual part Mapping to quantization range ; The quantization range Defined as: when hour, ; when hour, ; when hour, .
6. The method for detecting deception attacks assisted by perception function according to claim 5, characterized in that, The empirical accumulation condition distribution The construction logic is as follows: Based on indicator function The joint probability distribution of the quantized communication channel symbols and the sensing channel symbols is statistically analyzed, and the frequency of occurrence of the sensing channel symbols is normalized to obtain the quantized symbol table. and Empirical probability mapping on.
7. The method for detecting deception attacks assisted by perception function according to claim 1, characterized in that, The detection sub-step in step S5 The expression is: in, The theoretical condition distribution pre-stored for the base station.
8. The method for detecting deception attacks assisted by perception function according to claim 1, characterized in that, In the deception attack judgment step, by detecting the sub- With preset detection threshold To make a comparison, if If so, it is determined that a deception attack exists; if If the condition is met, then the deception attack is deemed not to exist.