What problem does this paper attempt to address?

The problem that this paper attempts to solve is the adversarial threat problem of Automatic Modulation Open - Set Recognition (AMOSR) in wireless networks. Specifically, the paper focuses on: 1. **Vulnerability of the AMOSR system**: Although AMOSR plays an important role in cognitive radio communication, wireless spectrum management, and interference monitoring, research shows that it is very sensitive to small perturbations carefully designed by malicious attackers, which easily leads to signal misclassification. 2. **Security issues of adversarial attacks**: Existing research has not fully explored the adversarial security issues of the AMOSR system. By starting from the attacker's perspective, the paper proposes an open - set adversarial attack method (OSAttack) for AMOSR, aiming to investigate the adversarial vulnerabilities of various AMOSR methods. 3. **Improving the effectiveness of adversarial attacks**: The paper proposes two specific attack algorithms - Open - Set Fast Gradient Sign Method (OSFGSM) and Open - Set Projected Gradient Descent Method (OSPGD) to reduce the performance of AMOSR, and evaluates the impact of these attacks through a series of qualitative and quantitative indicators. ### Main contributions of the paper - **Establishing an adversarial threat model for AMOSR**: Based on existing adversarial attacks and AMOSR research, an adversarial threat model suitable for AMOSR scenarios is constructed. - **Proposing OSFGSM and OSPGD attack algorithms**: According to the decision criteria of discriminative models and generative models, these two attack algorithms are proposed to reduce the performance of AMOSR. - **Experimental verification**: Through extensive experiments, the impact of OSAttack on AMOSR is evaluated, and it is found that even in the face of small perturbations, AMOSR also shows significant adversarial vulnerability. ### Specific problem description The goal of AMOSR is to determine whether a signal belongs to an unknown category during the testing phase and correctly classify signals of known categories. The goal of an adversarial attack is to introduce a small perturbation so that an unknown signal is misclassified as a known category, thereby evading electromagnetic spectrum monitoring and interference signal demodulation. ### Mathematical formula representation - Formula for generating adversarial samples: \[ x_{\text{adv}} = x+\epsilon\cdot\text{sign}\left( \nabla_x J(\theta, x, y) \right) \] where $\epsilon$ is the maximum perturbation limit, $\theta$ is the model parameter, $y$ is the label of input $x$, $\nabla_x J(\cdot)$ is the gradient of the loss function $J(\cdot)$ with respect to $x$, and $\text{sign}(\cdot)$ is the sign function. - Projected Gradient Descent Method (PGD) for iteratively generating adversarial samples: \[ x_{i + 1}^{\text{adv}}=\Pi_{x+\delta}\left( x_i^{\text{adv}}+\alpha\cdot\text{sign}\left( \nabla_x J(\theta, x, y) \right) \right) \] where $i$ is the iteration index, $\delta$ is the adversarial perturbation, $\alpha$ is the perturbation step length, and $\Pi$ is the projection of the input onto the nearest element in the perturbed input set $x+\delta$. ### Summary Through the research on adversarial attacks of the AMOSR system, the paper reveals the vulnerability of AMOSR when facing carefully designed adversarial samples, which provides an important perspective for future research, especially in the development of new defense strategies.