Threats of Adversarial Attacks in DNN-Based Modulation Recognition

With the emergence of the information age, mobile data has become more random, heterogeneous and massive. Thanks to its many advantages, deep learning is increasingly applied in communication fields such as modulation recognition. However, recent studies show that the deep neural networks (DNN) is vulnerable to adversarial examples, where subtle perturbations deliberately designed by an attacker can fool a classifier model into making mistakes. From the perspective of an attacker, this study adds elaborate adversarial examples to the modulation signal, and explores the threats and impacts of adversarial attacks on the DNN-based modulation recognition in different environments. The results show that, regardless of a white-box or a black-box model, the adversarial attack can reduce the accuracy of the target model. Among them, the performance of the iterative attack is superior to the one-step attack in most scenarios. In order to ensure the invisibility of the attack (the waveform being consistent before and after the perturbations), an appropriate perturbation level is found without losing the attack effect. Finally, it is attested that the signal confidence level is inversely proportional to the attack success rate, and several groups of signals with high robustness are obtained.

[1]  Dawn Xiaodong Song,et al.  Delving into Transferable Adversarial Examples and Black-box Attacks , 2016, ICLR.

[2]  Jun Zhu,et al.  Boosting Adversarial Attacks with Momentum , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[3]  Ian J. Goodfellow,et al.  Technical Report on the CleverHans v2.1.0 Adversarial Examples Library , 2016 .

[4]  Pan He,et al.  Adversarial Examples: Attacks and Defenses for Deep Learning , 2017, IEEE Transactions on Neural Networks and Learning Systems.

[5]  P. N. Suganthan,et al.  Differential Evolution: A Survey of the State-of-the-Art , 2011, IEEE Transactions on Evolutionary Computation.

[6]  Ajmal Mian,et al.  Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey , 2018, IEEE Access.

[7]  Jin Wei,et al.  Deep learning-based automated modulation classification for cognitive radio , 2016, 2016 IEEE International Conference on Communication Systems (ICCS).

[8]  Samy Bengio,et al.  Adversarial examples in the physical world , 2016, ICLR.

[9]  Tommaso Melodia,et al.  Big Data Goes Small: Real-Time Spectrum-Driven Embedded Wireless Networking Through Deep Learning in the RF Loop , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[10]  An He,et al.  A Survey of Artificial Intelligence for Cognitive Radios , 2010, IEEE Transactions on Vehicular Technology.

[11]  Ya Tu,et al.  Digital Signal Modulation Classification With Data Augmentation Using Generative Adversarial Nets in Cognitive Radio Networks , 2018, IEEE Access.

[12]  Erik G. Larsson,et al.  Adversarial Attacks on Deep-Learning Based Radio Signal Classification , 2018, IEEE Wireless Communications Letters.

[13]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Universal Adversarial Perturbations , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[14]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[15]  Sameer Singh,et al.  Generating Natural Adversarial Examples , 2017, ICLR.

[16]  Kouichi Sakurai,et al.  One Pixel Attack for Fooling Deep Neural Networks , 2017, IEEE Transactions on Evolutionary Computation.

[17]  Yun Lin,et al.  Semi-Supervised Learning with Generative Adversarial Networks on Digital Signal Modulation Classification , 2018 .

[18]  Timothy J. O'Shea,et al.  Radio Machine Learning Dataset Generation with GNU Radio , 2016 .

[19]  Jinfeng Yi,et al.  ZOO: Zeroth Order Optimization Based Black-box Attacks to Deep Neural Networks without Training Substitute Models , 2017, AISec@CCS.

[20]  Haitian Pang,et al.  Intelligent Edge-Assisted Crowdcast with Deep Reinforcement Learning for Personalized QoE , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[21]  Guan Gui,et al.  Deep Learning for an Effective Nonorthogonal Multiple Access Scheme , 2018, IEEE Transactions on Vehicular Technology.

[22]  Jin Wang,et al.  Semi-supervised Learning with Generative Adversarial Networks on Digital Signal Mod-ulation Classification , 2018 .

[23]  Logan Engstrom,et al.  Synthesizing Robust Adversarial Examples , 2017, ICML.

[24]  Dan Boneh,et al.  The Space of Transferable Adversarial Examples , 2017, ArXiv.

[25]  Timothy J. O'Shea,et al.  Applications of Machine Learning to Cognitive Radio Networks , 2007, IEEE Wireless Communications.

[26]  Aleksander Madry,et al.  Towards Deep Learning Models Resistant to Adversarial Attacks , 2017, ICLR.

[27]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[28]  Jie Yang,et al.  Data-Driven Deep Learning for Automatic Modulation Recognition in Cognitive Radios , 2019, IEEE Transactions on Vehicular Technology.

[29]  Trevor Darrell,et al.  Fully Convolutional Networks for Semantic Segmentation , 2017, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[30]  Asoke K. Nandi,et al.  Automatic digital modulation recognition using artificial neural network and genetic algorithm , 2004, Signal Process..

[31]  Nei Kato,et al.  The Deep Learning Vision for Heterogeneous Network Traffic Control: Proposal, Challenges, and Future Perspective , 2017, IEEE Wireless Communications.

[32]  T. Charles Clancy,et al.  Over-the-Air Deep Learning Based Radio Signal Classification , 2017, IEEE Journal of Selected Topics in Signal Processing.

[33]  Samy Bengio,et al.  Adversarial Machine Learning at Scale , 2016, ICLR.

[34]  Davide Castelvecchi,et al.  Can we open the black box of AI? , 2016, Nature.

[35]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.