arxiv: 2605.14387 · v1 · submitted 2026-05-14 · 💻 cs.CR · eess.SP

Recognition: no theorem link

Model Forensics in AI-Native Wireless Networks: Taxonomy, Applications, and Case Study

Pengyu Chen , Weiyang Li , Jin Xu , Jiacheng Wang , Ning Wang , Dusit Niyato , Tao Xiang

Authors on Pith no claims yet

Pith reviewed 2026-05-15 02:32 UTC · model grok-4.3

classification 💻 cs.CR eess.SP

keywords model forensicsAI-native wireless networksRF fingerprintingwatermark authenticationbackdoor detectionprovenance tracinganomaly assessmenttrustworthy AI

0 comments

The pith

Model forensics verifies AI model authenticity and detects tampering in wireless networks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper examines how to check the integrity of AI models embedded in wireless networks for signal processing, resource scheduling, and control tasks. It organizes forensic approaches into categories that address authenticity verification, malicious function identification, and accountability tracing. A detailed case study applies watermark authentication to prove model ownership and backdoor detection to uncover hidden sabotage in RF fingerprinting models. If these methods hold up, operators gain tools to assess anomalies, trace model sources, and sustain reliable AI-driven wireless operation. The work frames model forensics as a practical response to security risks from compromised or malicious models.

Core claim

The authors establish a taxonomy of model forensics methods for AI-native wireless networks centered on verifying model authenticity, identifying malicious functions, and tracing accountability. In the RF fingerprinting case study, they implement two workflows: watermark authentication to confirm provenance and backdoor detection to identify tampering. These demonstrations show that model forensics can support anomaly assessment, provenance tracing, and trustworthy network operation.

What carries the argument

Watermark authentication and backdoor detection workflows applied to RF fingerprinting models, which confirm provenance and identify malicious behaviors in wireless settings.

If this is right

Model forensics enables anomaly assessment for AI models used in signal processing and resource scheduling.
Provenance tracing and accountability become feasible for models that control network operations.
Malicious function identification supports identification of tampering before deployment in AI-native networks.
The case study provides concrete workflows that can be adapted to other wireless AI applications.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

These forensic techniques could be incorporated into deployment standards for 5G and 6G AI components to reduce risks from supply-chain attacks.
Similar watermark and backdoor methods might extend to AI models in other wireless-dependent systems such as connected vehicles or industrial IoT.
Adversaries are likely to develop targeted evasion methods, which would require ongoing refinement of detection thresholds in real deployments.

Load-bearing premise

The watermark authentication and backdoor detection workflows shown in the RF fingerprinting case study can be implemented in real wireless environments without major performance loss or easy circumvention by adversaries.

What would settle it

A live wireless network test in which an adversary removes or forges watermarks and hides backdoors in an RF fingerprinting model while the model continues to perform its normal function without detection.

Figures

Figures reproduced from arXiv: 2605.14387 by Dusit Niyato, Jiacheng Wang, Jin Xu, Ning Wang, Pengyu Chen, Tao Xiang, Weiyang Li.

**Figure 1.** Figure 1: Representative application scenarios and potential forensic risks of AI models in AI-native wireless networks. (A) RF fingerprint identification [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗

**Figure 2.** Figure 2: Model forensic framework and representative forensic workflows for RF fingerprinting models. (A) A unified model forensics framework, which [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗

**Figure 3.** Figure 3: Experimental results of the RF fingerprinting model forensic case study. Part (i) presents the results of authentication forensics, including the watermark [PITH_FULL_IMAGE:figures/full_fig_p006_3.png] view at source ↗

read the original abstract

As artificial intelligence (AI) is increasingly embedded in wireless networks, models are becoming core components that influence signal processing, resource scheduling and network control. However, model anomalies, tampering and malicious functions also introduce new security risks. In this article, we focus on model forensics in AI-native wireless networks. Specifically, we first discuss key problems including model authenticity verification, malicious function identification and accountability tracing, and summarize the main categories of model forensics. We then explain the role of model forensics in AI-native wireless networks and review representative application scenarios. In the case study, we use RF fingerprinting as an example and present two concrete workflows based on watermark authentication and backdoor detection, illustrating how provenance authentication and malicious behavior identification can be implemented in practice. The results show that model forensics can provide important support for anomaly assessment, provenance tracing and trustworthy operation in AI-native wireless networks. Finally, we outline several promising directions for future research in this emerging area.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

A taxonomy paper on model forensics for AI in wireless nets with an illustrative RF fingerprinting case study that shows workflows but no quantitative validation.

read the letter

This paper organizes model forensics ideas for AI-native wireless networks into a taxonomy covering authenticity verification, malicious function detection, and accountability tracing. It then applies standard techniques like watermarking and backdoor detection to an RF fingerprinting example through two sketched workflows. The main value is in mapping the problem space and linking it to wireless scenarios such as anomaly assessment and provenance tracing. The framing is clear and the application review pulls together relevant use cases without overclaiming. The case study stays at the level of concrete but high-level workflows, which helps show how these methods could fit into practice. The stress-test concern holds up: the abstract asserts that the workflows deliver important support for trustworthy operation, yet the available text gives no metrics, baselines, error analysis, or tests against realistic channels and adaptive adversaries. That leaves the central claim resting on illustration rather than demonstrated performance. Citations look standard for the security and communications literature with no obvious circularity or self-referential fitting. This is for researchers working at the intersection of wireless systems and AI security who need a structured overview rather than new algorithms or large-scale results. A reader building a reading list on model-level threats in critical infrastructure would find it useful as a starting point. I would send it to peer review because the topic is timely and the taxonomy provides a reasonable organizing frame, but the authors should be asked to strengthen the case study with actual evaluation data before publication.

Referee Report

2 major / 1 minor

Summary. The manuscript introduces model forensics for AI-native wireless networks, outlining key problems such as model authenticity verification, malicious function identification, and accountability tracing. It provides a taxonomy of forensics categories, reviews application scenarios, and presents an RF fingerprinting case study with two illustrative workflows based on watermark authentication and backdoor detection. The paper claims that these workflows demonstrate how model forensics can deliver important support for anomaly assessment, provenance tracing, and trustworthy operation, while also outlining future research directions.

Significance. If the case study workflows can be shown to retain effectiveness under realistic conditions, the work could establish a useful taxonomy and practical framing for an emerging security area at the intersection of AI and wireless systems. The structured overview of problems and scenarios provides a foundation that may help guide subsequent research on securing AI components in networks.

major comments (2)

[Case Study] Case study section: the watermark authentication and backdoor detection workflows are presented only as illustrative examples without reporting quantitative metrics (e.g., detection accuracy, false-positive rates), baselines, error analysis, or evaluation under realistic wireless propagation conditions such as fading, noise, or interference. This absence is load-bearing for the central claim that the results show 'important support' for trustworthy operation.
[Abstract and Case Study] Abstract and case study: the assertion that the workflows 'can be implemented in practice' and provide 'important support' for anomaly assessment rests on untested assumptions about robustness to adaptive adversaries and real-world channel effects; no such tests or circumvention analysis are described.

minor comments (1)

[Taxonomy section] Clarify whether the taxonomy is derived from a systematic literature review or is primarily conceptual, and add citations to any prior surveys on AI security in wireless systems to better position the contribution.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback, which highlights important distinctions between illustrative examples and empirical validation. We agree that the case study and abstract claims require clarification to better reflect the manuscript's taxonomic focus. We will revise the text accordingly in the next version.

read point-by-point responses

Referee: [Case Study] Case study section: the watermark authentication and backdoor detection workflows are presented only as illustrative examples without reporting quantitative metrics (e.g., detection accuracy, false-positive rates), baselines, error analysis, or evaluation under realistic wireless propagation conditions such as fading, noise, or interference. This absence is load-bearing for the central claim that the results show 'important support' for trustworthy operation.

Authors: We agree that the case study presents conceptual workflows rather than a quantitative empirical evaluation. The manuscript's primary contribution is a taxonomy of model forensics techniques and application scenarios; the RF fingerprinting example is intended only to illustrate how such workflows could be structured, drawing on established methods from the literature. We will revise the case study section to explicitly label the workflows as illustrative, remove references to 'results' demonstrating support, and add a paragraph discussing the need for future quantitative assessments under realistic channel conditions including fading and interference. revision: yes
Referee: [Abstract and Case Study] Abstract and case study: the assertion that the workflows 'can be implemented in practice' and provide 'important support' for anomaly assessment rests on untested assumptions about robustness to adaptive adversaries and real-world channel effects; no such tests or circumvention analysis are described.

Authors: We concur that the current wording overstates the practical readiness of the workflows. The abstract and case study will be revised to use more precise language, such as 'illustrate potential implementation approaches' instead of 'can be implemented in practice' and 'important support'. We will also qualify that robustness to adaptive adversaries and real-world propagation effects remains an open question for subsequent empirical work, consistent with the paper's emphasis on taxonomy and future directions rather than validated implementations. revision: yes

Circularity Check

0 steps flagged

No circularity in taxonomy or case study workflows

full rationale

The paper presents a taxonomy of model forensics problems and categories, then illustrates two standard workflows (watermark authentication and backdoor detection) applied to an RF fingerprinting example. No equations, predictions, or first-principles results are derived that reduce to self-defined inputs, fitted parameters renamed as outputs, or load-bearing self-citations. The central claim that model forensics provides support for anomaly assessment follows directly from describing the application of existing techniques, without any self-referential construction or renaming of known results.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

No mathematical derivations, fitted parameters, axioms, or new postulated entities are described in the abstract; the work relies on conceptual organization and application of existing security methods.

pith-pipeline@v0.9.0 · 5481 in / 1134 out tokens · 56426 ms · 2026-05-15T02:32:46.172266+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

15 extracted references · 15 canonical work pages

[1]

Toward native ai in 6g standardization: The roadmap of semantic communication,

P. Zhang, X. Xu, M. Sun, H. Gao, N. Ma, X. Wang, R. Zhang, J. Wang, and D. Niyato, “Toward native ai in 6g standardization: The roadmap of semantic communication,”IEEE Communications Standards Magazine, 2026

work page 2026
[2]

Overview of ai and communication for 6g network: fundamentals, challenges, and future research opportunities,

Q. Cui, X. You, N. Wei, G. Nan, X. Zhang, J. Zhang, X. Lyu, M. Ai, X. Tao, Z. Feng,et al., “Overview of ai and communication for 6g network: fundamentals, challenges, and future research opportunities,” Science China Information Sciences, vol. 68, no. 7, p. 171301, 2025

work page 2025
[3]

Towards secure intelligent o-ran architecture: vulnerabilities, threats and promising technical solutions using llms,

M. K. Motalleb, C. Benzaid, T. Taleb, M. Katz, V . Shah-Mansouri, and J. Kim, “Towards secure intelligent o-ran architecture: vulnerabilities, threats and promising technical solutions using llms,”Digital Commu- nications and Networks, 2025

work page 2025
[4]

A survey on xai for 5g and beyond security: Technical aspects, challenges and research directions,

T. Senevirathna, V . H. La, S. Marcha, B. Siniarski, M. Liyanage, and S. Wang, “A survey on xai for 5g and beyond security: Technical aspects, challenges and research directions,”IEEE Communications Surveys & Tutorials, vol. 27, no. 2, pp. 941–973, 2024

work page 2024
[5]

Founding the domain of ai forensics.,

V . Behzadan and I. M. Baggili, “Founding the domain of ai forensics.,” inSafeAI@ AAAI, pp. 31–35, 2020

work page 2020
[6]

On exploring the sub-domain of artificial intelligence (ai) model forensics,

T. Edwards, S. McCullough, M. Nassar, and I. Baggili, “On exploring the sub-domain of artificial intelligence (ai) model forensics,”Digital Forensics and Cyber Crime. ICDF2C 2021, vol. 441, 2022

work page 2021
[7]

Security risks in vision-based beam prediction: From spatial proxy attacks to feature refinement,

A. D. Raha, K. Kim, M. Gain, A. Adhikary, Z. Han, E.-N. Huh, and C. S. Hong, “Security risks in vision-based beam prediction: From spatial proxy attacks to feature refinement,”IEEE Transactions on Wireless Communications, vol. 25, pp. 7988–8004, 2025

work page 2025
[8]

An overview of ai in 3gpp’s ran release 18: Enhancing next- generation connectivity?,

X. Lin, “An overview of ai in 3gpp’s ran release 18: Enhancing next- generation connectivity?,”Global Communications, vol. 2024, 2024

work page 2024
[9]

Digital communication forensics in 6g and beyond networks,

A. Alqabbani, K. Saleem, and A. S. Almazyad, “Digital communication forensics in 6g and beyond networks,”Applied Sciences, vol. 13, no. 19, p. 10861, 2023

work page 2023
[10]

Watermarking and anomaly detection in machine learning models for lora rf fingerprinting,

A. Mahajan and W. Burleson, “Watermarking and anomaly detection in machine learning models for lora rf fingerprinting,”arXiv preprint arXiv:2509.15170, 2025

work page arXiv 2025
[11]

Flare: A wireless side-channel fingerprinting attack on federated learning,

M. N. H. Shuvo, M. Hossain, A. Mallik, J. Twigg, and F. Dagefu, “Flare: A wireless side-channel fingerprinting attack on federated learning,” in IEEE INFOCOM 2026-IEEE Conference on Computer Communications, IEEE, 2026. Accepted for publication

work page 2026
[12]

The model inversion eaves- dropping attack in semantic communication systems,

Y . Chen, Q. Yang, Z. Shi, and J. Chen, “The model inversion eaves- dropping attack in semantic communication systems,” inGLOBECOM 2023-2023 IEEE Global Communications Conference, pp. 5171–5177, IEEE, 2023

work page 2023
[13]

Detecting backdoor attacks via similarity in semantic communication systems,

Z. Wei, Y . Jiang, J. Huang, F. Zhong, and S. Gyawali, “Detecting backdoor attacks via similarity in semantic communication systems,” inInternational Symposium on Intelligent Computing and Networking, pp. 315–329, Springer, 2025

work page 2025
[14]

Hidden backdoor attack against deep learning-based wireless signal modulation classifiers,

Y . Huang, W. Liu, and H.-M. Wang, “Hidden backdoor attack against deep learning-based wireless signal modulation classifiers,”IEEE Trans- actions on Vehicular Technology, vol. 72, no. 9, pp. 12396–12400, 2023

work page 2023
[15]

Wisig: A large-scale wifi signal dataset for receiver and channel agnostic rf fingerprinting,

S. Hanna, S. Karunaratne, and D. Cabric, “Wisig: A large-scale wifi signal dataset for receiver and channel agnostic rf fingerprinting,”IEEE Access, vol. 10, pp. 22808–22818, 2022

work page 2022