• Computer Science > Networking and Internet Architecture [Submitted on 30 Oct 2025 (v1), last revised 20 Feb 2026 (this version, v2)] Title:FGGM: Formal Grey-box Gradient Method for Attacking DRL-based MU-MIMO Scheduler View PDFAbstract:In 5G mobile communication systems, MU-MIMO has been applied to enhance spectral efficiency and support high data rates. • To maximize spectral efficiency while providing fairness among users, the base station (BS) needs to selects a subset of users for data transmission. • Given that this problem is NP-hard, DRL-based methods have been proposed to infer the near-optimal solutions in real-time, yet this approach has an intrinsic security problem. • This paper investigates how a group of adversarial users can exploit unsanitized raw CSIs to launch a throughput degradation attack. • Most existing studies only focused on systems in which adversarial users can obtain the exact values of victims’ CSIs, but this is impractical in the case of uplink transmission in LTE/5G mobile systems. • We note that the DRL policy contains an observation normalizer which has the mean and variance of the observation to improve training convergence.
Article Summaries:
- Researchers have identified a security flaw in deep‑reinforcement‑learning (DRL) algorithms used to schedule multi‑user MIMO (MU‑MIMO) transmissions in 5G networks. The study shows that malicious users can exploit the observation‑normalizing component of a DRL policy to estimate bounds on other users’ channel state information (CSI). Using a new “Formal Grey‑box Gradient Method” (FGGM) that applies polytope abstraction to neural‑network outputs, attackers can craft a single set of manipulated CSIs that, when reused, can degrade a victim’s throughput by up to 70 %-even without knowing the exact CSI values. The findings highlight a broader vulnerability in DRL‑based resource‑allocation systems.
Sources: