Abstract:In this paper we propose a method for defending against an eavesdropper that uses a Deep Neural Network (DNN) for learning the modulation of wireless communication signals. Our method is based on manipulating the emitted waveform with the aid of a continuous time frequency-modulated (FM) obfuscating signal that is mixed with the modulated data. The resulting waveform allows a legitimate receiver (LRx) to demodulate the data but it increases the test error of a pre-trained or adversarially-trained DNN classifier at the eavesdropper. The scheme works for analog modulation and digital single carrier and multi carrier orthogonal frequency division multiplexing (OFDM) waveforms, while it can implemented in frame-based wireless protocols. The results indicate that careful selection of the parameters of the obfuscating waveform can drop classification performance at the eavesdropper to less than 10% in AWGN and fading channels with no performance loss at the LRx.

What problem does this paper attempt to address?

This paper attempts to address the problem of preventing deep neural networks (DNNs) from classifying modulation signals in wireless communications. Specifically, the paper proposes a method to defend against eavesdroppers using DNNs to learn the modulation of wireless communication signals. This method is implemented by adding a continuous-time frequency modulation (FM) confusion signal to the transmitted signal. After mixing this confusion signal with the modulated data, the legitimate receiver (LRx) can still demodulate the data, but it increases the test error of the pre-trained or adversarially trained DNN classifier at the eavesdropper's end. ### Paper Background - **Modulation Classification (MC)**: Determining the digital or analog modulation type of an unknown signal in wireless communication systems is a challenging problem. MC has important applications in both civilian and military fields. - **Application of Deep Learning (DL)**: In recent years, DL has made significant progress in fields such as signal processing, wireless communications, and networks, especially in image classification and natural language processing. DL has also been applied to MC, achieving high-accuracy modulation classification through different DNN architectures. - **Adversarial Attacks**: Although DNNs perform excellently in MC, this effectiveness is not always desirable in certain scenarios. For example, in the presence of a legitimate communication pair (transmitter Tx and legitimate receiver LRx), it is undesirable for a passive eavesdropper to identify the modulation type of the transmitted signal. ### Paper Objectives - **Problem Definition**: The paper aims to find a perturbation method that ensures no performance loss for the legitimate receiver under any type of modulation (digital or analog), while significantly degrading the classification performance of the eavesdropper. - **System Requirements**: 1. For digital modulation, the scheme should be implementable in frame-based wireless protocols. 2. The perturbation signal should be easily and completely removable from the manipulated waveform received by the legitimate receiver. 3. Minimize the classification performance of the eavesdropper as much as possible. ### Main Contributions - **Waveform Manipulation Strategy**: Proposes a waveform manipulation strategy suitable for digital frame-based or analog wireless communications as a defense against DNN-based MC attacks. - **Robust Waveform Design**: Designs a deterministic perturbation signal that can be recovered at the legitimate receiver without affecting bit decoding. - **New Dataset**: Provides a new dataset containing manipulated waveforms for the community to evaluate new DNN classification attacks. ### Implementation Method - **Waveform Manipulation**: Introduces a continuous-time perturbation \( p(t) \) into the transmitted signal, making it difficult for the eavesdropper to correctly classify the signal. The specific form of the perturbation is \( p(t) = (x_{sp}(t) - 1)x(t) \), where \( x_{sp}(t) \) is the confusion waveform. - **Confusion Waveform**: Selects a frequency-modulated (FM) sine wave as the confusion waveform, with a maximum instantaneous frequency deviation of \( \delta f \) and a frequency of \( f_m \). This waveform oscillates in the frequency domain, causing the signal to experience time-varying phase shifts while maintaining constant power. - **Channel Model**: Considers factors such as path loss, flat fading, and additive white Gaussian noise (AWGN) in practical channels, and derives the received signal model. ### Experimental Results - **AWGN Channel**: In the AWGN channel, by choosing appropriate \( \delta f \) and \( f_m \) parameters, the classification accuracy of the eavesdropper can be reduced to below 10%, while the performance of the legitimate receiver is almost unaffected. - **Multipath Fading Channel**: In frequency-selective channels, the same parameter settings can also effectively reduce the classification performance of the eavesdropper. - **Adversarial Training**: Even with adversarial training of the DNN, specific \( \delta f \) and \( f_m \) parameters can still significantly reduce classification performance. ### Conclusion The paper proposes an effective waveform manipulation method that can significantly reduce the classification performance of eavesdroppers on modulation signals without affecting the performance of legitimate receivers. This method is applicable to analog, single-carrier, and OFDM modulation and performs well under various channel conditions.

Waveform Manipulation Against DNN-based Modulation Classification Attacks

Threats of Adversarial Attacks in DNN-Based Modulation Recognition

Adversarial Deception on Deep-Learning Based Radio Waveforms Classification

Sparse Adversarial Attacks against DL-Based Automatic Modulation Classification

Evaluating and Improving Adversarial Attacks on DNN-Based Modulation Recognition

Over-the-Air Adversarial Attacks on Deep Learning Based Modulation Classifier over Wireless Channels

A Hybrid Training-time and Run-time Defense Against Adversarial Attacks in Modulation Classification

Anti-modulation-classification Transmitter Design Against Deep Learning Approaches

Countermeasures Against Adversarial Examples in Radio Signal Classification

Transferable Adversarial Attacks Against Automatic Modulation Classifier in Wireless Communications

Adversarial Attacks in DNN-based Modulation Recognition: A Preliminary Study.

Frequency-selective Adversarial Attack Against Deep Learning-Based Wireless Signal Classifiers

Filtered Randomized Smoothing: A New Defense for Robust Modulation Classification

Intra-Class Universal Adversarial Attacks on Deep Learning-Based Modulation Classifiers

Adversarial Attacks on Deep Neural Networks Based Modulation Recognition

Shift‐invariant universal adversarial attacks to avoid deep‐learning‐based modulation classification

Adversarial Attacks in Modulation Recognition with Convolutional Neural Networks.

Minimum Power Adversarial Attacks in Communication Signal Modulation Classification with Deep Learning

Universal Attack against Automatic Modulation Classification DNNs Under Frequency and Data Constraints

WaveAttack: Asymmetric Frequency Obfuscation-based Backdoor Attacks Against Deep Neural Networks

Adaptive Whitening and Feature Gradient Smoothing-Based Anti-Sample Attack Method for Modulated Signals in Frequency-Hopping Communication