This article presents a framework for converting wireless signals into structured datasets, which can be fed into machine learning algorithms for the detection of active eavesdropping attacks at the physical layer. More specifically, a wireless communication system, which consists of an access point (AP), $K$ legitimate users and an active eavesdropper, is considered. To detect the eavesdropper who breaks into the system during the authentication phase, we first build structured datasets based on different features and then apply sophisticated support vector machine (SVM) classifiers to those structured datasets. To be more specific, we first process the signals received by the AP and then define a pair of statistical features based on the post-processing of the signals. By arranging for the AP to simulate the entire process of transmission and the process of constructing features, we form the so-called artificial training data (ATD). By training SVM classifiers on the ATD, we classify the received signals associated with eavesdropping attacks and non-attacks, thereby detecting the presence of the eavesdropper. Two SVM classifiers are considered, including a classic twin-class SVM (TC-SVM) and a single-class SVM (SC-SVM). While the TC-SVM is preferred in the case of having perfect channel state information (CSI) of all channels , the SC-SVM is preferred in the realistic scenario when we have only the CSI of legitimate users . We also evaluate the accuracy of the trained models depending on the choice of kernel functions, the choice of features and on the eavesdropper’s power. Our numerical results show that careful parameter-tuning is required for exceeding an eavesdropper detection probability of 95%

中文翻译：

---

物理层安全性：通过支持向量机检测主动的窃听攻击

本文提出了一种用于将无线信号转换为结构化数据集的框架，可以将其输入到机器学习算法中，以检测物理层的主动窃听攻击。更具体地说，是一种无线通信系统，它由一个接入点（AP）组成， $ K $ 合法用户和活跃的窃听者将被考虑。为了检测在身份验证阶段闯入系统的窃听者，我们首先根据不同的功能构建结构化数据集，然后将复杂的支持向量机（SVM）分类器应用于这些结构化数据集。更具体地说，我们首先处理AP接收到的信号，然后根据信号的后处理来定义一对统计特征。通过安排AP模拟传输的整个过程和构建特征的过程，我们形成了所谓的人工训练数据（ATD）。通过在ATD上训练SVM分类器，我们对与窃听攻击和非攻击相关的接收信号进行分类，从而检测到窃听者的存在。考虑了两个SVM分类器，包括经典的双级SVM（TC-SVM）和单级SVM（SC-SVM）。尽管在有以下情况的情况下首选TC-SVM所有通道的完美通道状态信息（CSI） ，当我们有实际情况时，首选SC-SVM 仅合法用户的CSI 。我们还将根据内核功能的选择，功能的选择以及窃听者的能力来评估训练模型的准确性。我们的数值结果表明，要使窃听者的检测概率超过95％，就需要进行仔细的参数调整。