Abstract:Motivated by the superior performance of deep learning in many applications including computer vision and natural language processing, several recent studies have focused on applying deep neural network for devising future generations of wireless networks. However, several recent works have pointed out that imperceptible and carefully designed adversarial examples (attacks) can significantly deteriorate the classification accuracy. In this paper, we investigate a defense mechanism based on both training-time and run-time defense techniques for protecting machine learning-based radio signal (modulation) classification against adversarial attacks. The training-time defense consists of adversarial training and label smoothing, while the run-time defense employs a support vector machine-based neural rejection (NR). Considering a white-box scenario and real datasets, we demonstrate that our proposed techniques outperform existing state-of-the-art technologies.

What problem does this paper attempt to address?

This paper attempts to address the problem of how to effectively defend against adversarial attacks in the modulation classification task in wireless communications. Specifically, the paper proposes a method that combines training-time and run-time defense techniques to enhance the robustness of deep neural networks against adversarial samples. ### Background - **Application of Deep Learning in Wireless Communications**: In recent years, deep learning has been widely applied in wireless communications, especially in the automatic modulation classification (AMC) task, where deep neural networks (DNN) are trained to identify different modulation types. - **Threat of Adversarial Attacks**: Although DNNs perform excellently in many tasks, they are highly sensitive to adversarial samples. Adversarial samples are those that cause the model to misclassify by making small, carefully crafted modifications to the input data. This type of attack is particularly dangerous in critical application scenarios such as military. ### Problem Description - **Limitations of Existing Research**: Currently, there is limited research on adversarial defenses for the AMC task. Existing methods, such as deep ensemble defense and autoencoder (AE) detection, are mainly suitable for black-box scenarios and have limited effectiveness in white-box scenarios. - **Objective of the Paper**: This paper aims to propose a method that combines training-time and run-time defense techniques to enhance the robustness of DNNs against adversarial attacks in the AMC task. ### Solution - **Training-Time Defense**: This includes adversarial training and label smoothing. Adversarial training involves generating adversarial samples during the training process and adding them to the training set to make the model more robust. Label smoothing reduces the model's sensitivity to adversarial samples by smoothing the labels during training. - **Run-Time Defense**: This employs a neural rejection technique based on support vector machines (SVM) to detect and reject low-confidence samples by establishing rejection regions, thereby further enhancing the model's robustness. ### Experimental Results - **Performance Evaluation**: Experiments conducted on real radio datasets show that the proposed Hybrid Training-Time and Run-Time Defense (HTRD) method outperforms existing state-of-the-art techniques, including LS-GNA (Label Smoothing and Gaussian Noise Augmentation) and two-stage defense systems, under various adversarial attacks. - **Robustness and Accuracy**: HTRD not only improves the model's robustness against adversarial samples but also does not significantly degrade the classification accuracy on normal samples. ### Conclusion The paper proposes a method that combines training-time and run-time defense techniques, effectively enhancing the robustness of deep neural networks against adversarial attacks in the modulation classification task. This method has significant practical implications, especially in critical fields such as military communications.

A Hybrid Training-time and Run-time Defense Against Adversarial Attacks in Modulation Classification

Countermeasures Against Adversarial Examples in Radio Signal Classification

Adversarial Deception on Deep-Learning Based Radio Waveforms Classification

Sparse Adversarial Attacks against DL-Based Automatic Modulation Classification

Deterrence of Adversarial Perturbations: Moving Target Defense for Automatic Modulation Classification in Wireless Communication Systems

Boosting Robustness in Automatic Modulation Recognition for Wireless Communications

Adversarial Defense Method Based on Ensemble Learning for Modulation Signal Intelligent Recognition

Threats of Adversarial Attacks in DNN-Based Modulation Recognition

Over-the-Air Adversarial Attacks on Deep Learning Based Modulation Classifier over Wireless Channels

Transferable Adversarial Attacks Against Automatic Modulation Classifier in Wireless Communications

MDPD: Mapping-based Data Processing Defense Against Adversarial Attacks in Automatic Modulation Classification

Filtered Randomized Smoothing: A New Defense for Robust Modulation Classification

Minimum Power Adversarial Attacks in Communication Signal Modulation Classification with Deep Learning

Adversarial Attacks on Deep-Learning Based Radio Signal Classification

Adversarial Attacks in DNN-based Modulation Recognition: A Preliminary Study.

Wireless Universal Adversarial Attack and Defense for Deep Learning-Based Modulation Classification

Defending AI-Based Automatic Modulation Recognition Models Against Adversarial Attacks.

A knowledge distillation strategy for enhancing the adversarial robustness of lightweight automatic modulation classification models

Adversarial Attacks with Multiple Antennas Against Deep Learning-Based Modulation Classifiers

Intra-Class Universal Adversarial Attacks on Deep Learning-Based Modulation Classifiers

Gradient-based Adversarial Deep Modulation Classification with Data-driven Subsampling