Spoofing Detection in the Physical Layer with Graph Neural Networks

In a spoofing attack, a malicious actor impersonates a legitimate user to access or manipulate data without authorization. The vulnerability of cryptographic security mechanisms to compromised user credentials motivates spoofing attack detection in the physical layer, which traditionally relied on channel features, such as the received signal strength (RSS) measured by spatially distributed receivers or access points. However, existing methods cannot effectively cope with the dynamic nature of channels, which change over time as a result of user mobility and other factors. To address this limitation, this work builds upon the intuition that the temporal pattern of changes in RSS features can be used to detect the presence of concurrent transmissions from multiple (possibly changing) locations, which in turn indicates the existence of an attack. Since a localization-based approach would require costly data collection and would suffer from low spatial resolution due to multipath, the proposed algorithm employs a deep neural network to construct a graph embedding of a sequence of RSS features that reflects changes in the propagation conditions. A graph neural network then classifies these embeddings to detect spoofing attacks. The effectiveness and robustness of the proposed scheme are corroborated by experiments with real-data.