In a spoofing attack, an attacker impersonates a legitimate user to access or modify data belonging to the latter. Typical approaches for spoofing detection in the physical layer declare an attack when a change is observed in certain channel features, such as the received signal strength (RSS) measured by spatially distributed receivers. However, since channels change over time, for example due to user movement, such approaches are impractical. To sidestep this limitation, this paper proposes a scheme that combines the decisions of a position-change detector based on a deep neural network to distinguish spoofing from movement. Building upon community detection on graphs, the sequence of received frames is partitioned into subsequences to detect concurrent transmissions from distinct locations. The scheme can be easily deployed in practice since it just involves collecting a small dataset of measurements at a few tens of locations that need not even be computed or recorded. The scheme is evaluated on real data collected for this purpose.

翻译：在欺骗攻击中，攻击者冒充合法用户以访问或修改属于该用户的数据。物理层中典型的欺骗检测方法通常通过观察某些信道特征的变化（如空间分布接收器测量的接收信号强度RSS）来判定攻击发生。然而，由于信道会随时间变化（例如因用户移动所致），这类方法难以实际应用。为规避该局限性，本文提出一种方案：结合基于深度神经网络的位置变化检测器的决策结果，区分欺骗攻击与合法移动。通过基于图的社区检测技术，将接收帧序列划分为子序列，以检测来自不同位置的并发传输。该方案仅需在数十个位置收集少量测量数据（这些位置甚至无需计算或记录），易于实际部署。我们基于为此场景采集的真实数据对该方案进行了性能评估。