Fanghao Xu,Chao Wang,Jiakai Liang,Chenyang Zuo,Keqiang Yue,Wenjun Li

DOI: https://doi.org/10.1049/cmu2.12793

IF: 1.345

2024-06-14

IET Communications

Abstract:We propose an adversarial attack defense system for the lightweight automatic modulation classification model, which can enhance the robustness when subjected to adversarial attacks. Automatic modulation classification models based on deep learning models are at risk of being interfered by adversarial attacks. In an adversarial attack, the attacker causes the classification model to misclassify the received signal by adding carefully crafted adversarial interference to the transmitted signal. Based on the requirements of efficient computing and edge deployment, a lightweight automatic modulation classification model is proposed. Considering that the lightweight automatic modulation classification model is more susceptible to interference from adversarial attacks and that adversarial training of the lightweight auto‐modulation classification model fails to achieve the desired results, an adversarial attack defense system for the lightweight automatic modulation classification model is further proposed, which can enhance the robustness when subjected to adversarial attacks. The defense method aims to transfer the adversarial robustness from a trained large automatic modulation classification model to a lightweight model through the technique of adversarial robust distillation. The proposed method exhibits better adversarial robustness than current defense techniques in feature fusion based automatic modulation classification models in white box attack scenarios.

engineering, electrical & electronic

Peihan Qi,Tao Jiang,Lizhan Wang,Xu Yuan,Zan Li

DOI: https://doi.org/10.1109/tr.2022.3161138

IF: 5.883

2022-01-01

IEEE Transactions on Reliability

Abstract:Advances in adversarial attack and defense technologies will enhance the reliability of deep learning (DL) systems spirally. Most existing adversarial attack methods make overly ideal assumptions, which creates the illusion that the DL system can be attacked simply and has restricted the further improvement on DL systems. To perform practical adversarial attacks, a detection tolerant black-box adversarial-attack (DTBA) method against DL-based automatic modulation classification (AMC) is presented in this article. In the DTBA method, the local DL model as a substitution of the remote target DL model is trained first. The training dataset is generated by an attacker, labeled by the target model, and augmented by Jacobian transformation. Then, the conventional gradient attack method is utilized to generate adversarial attack examples toward the local DL model. Moreover, before launching attack to the target model, the local model estimates the misclassification probability of the perturbed examples in advance and deletes those invalid adversarial examples. Compared with related attack methods of different criteria on public datasets, the DTBA method can reduce the attack cost while increasing the rate of successful attack. Adversarial attack transferability of the proposed method on the target model has increased by more than 20%. The DTBA method will be suitable for launching flexible and effective black-box adversarial attacks against DL-based AMC systems.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Yuhang Zhao,Yajie Wang,Chuan Zhang,Chunhai Li,Zehui Xiong,Liehuang Zhu,Dusit Niyato

DOI: https://doi.org/10.1109/tccn.2024.3499362

IF: 6.359

2024-01-01

IEEE Transactions on Cognitive Communications and Networking

Abstract:In the radio frequency field, deep neural networks have been widely used for automatic modulation recognition tasks due to their superior accuracy. However, it has been shown that these models are susceptible to adversarial examples, which are the kinds of carefully crafted perturbations that can lead to model misclassification and raise security issues in applications. To solve this problem, we propose an Ultra-Fusion Adversarial Training method, which combines adversarial training and ensemble learning to enable the model robustness to withstand different attack strengths. We explore the number and distribution of ensembled attacks and introduce a Fermi-function-like distribution to optimally balance the performance of different attack strengths. Additionally, we investigate the effect of the signal-to-noise ratio (SNR) interval on the model accuracy and robustness, suggesting the effective SNR interval for training. Considering the demand for practical application scenarios of modulation recognition, we propose a comprehensive robustness metric based on weighted integral to evaluate the robustness of the trained models. Numerical experiments demonstrate that our method improves the model’s robustness by 31.89% against white-box attacks, and achieves up to an 80.54% improvement in black-box scenarios. These results show that our method has the ability to resiliently resist potential attacks of various strengths and can be applied to spectrum application scenarios with high-security requirements.

Da Ke,Xiang Wang,Kaizhu Huang,Haoyuan Wang,Zhitao Huang

DOI: https://doi.org/10.1007/s12559-022-10062-y

IF: 4.89

2022-10-20

Cognitive Computation

Abstract:Integrating cognitive radio (CR) technique with wireless networks is an effective way to solve the increasingly crowded spectrum. Automatic modulation classification (AMC) plays an important role in CR. AMC significantly improves the intelligence of CR system by classifying the modulation type and signal parameters of received communication signals. AMC can provide more information for decision making of the CR system. In addition, AMC can help the CR system dynamically adjust the modulation type and coding rate of the communication signal to adapt to different channel qualities, and the AMC technique help eliminate the cost of broadcast modulation type and coding rate. Deep learning (DL) has recently emerged as one most popular method in AMC of communication signals. Despite their success, DL models have recently been shown vulnerable to adversarial attacks in pattern recognition and computer vision. Namely, they can be easily deceived if a small and carefully designed perturbation called an adversarial attack is imposed on the input, typically an image in pattern recognition. Owing to the very different nature of communication signals, it is interesting yet crucially important to study if adversarial perturbation could also fool AMC. In this paper, we make a first attempt to investigate how we can design a special adversarial attack on AMC. we start from the assumption of a linear binary classifier which is further extended to multi-way classifier. We consider the minimum power consumption that is different from existing adversarial perturbation but more reasonable in the context of AMC. We then develop a novel adversarial perturbation generation method that leads to high attack success to communication signals. Experimental results on real data show that the method is able to successfully spoof the 11-class modulation classification at a model with a minimum cost of about − 21 dB in automatic modulation classification task. The visualization results demonstrate that the adversarial perturbation manifests in the time domain as imperceptible undulations of the signal, and in the frequency domain as small noise outside the signal band.

computer science, artificial intelligence,neurosciences

Lu Zhang,Sangarapillai Lambotharan,Gan Zheng,Guisheng Liao,Ambra Demontis,Fabio Roli

2024-07-09

Abstract:Motivated by the superior performance of deep learning in many applications including computer vision and natural language processing, several recent studies have focused on applying deep neural network for devising future generations of wireless networks. However, several recent works have pointed out that imperceptible and carefully designed adversarial examples (attacks) can significantly deteriorate the classification accuracy. In this paper, we investigate a defense mechanism based on both training-time and run-time defense techniques for protecting machine learning-based radio signal (modulation) classification against adversarial attacks. The training-time defense consists of adversarial training and label smoothing, while the run-time defense employs a support vector machine-based neural rejection (NR). Considering a white-box scenario and real datasets, we demonstrate that our proposed techniques outperform existing state-of-the-art technologies.

Artificial Intelligence

Yan, Bin

DOI: https://doi.org/10.1007/s11036-024-02333-9

2024-05-14

Mobile Networks and Applications

Abstract:In the rapidly evolving landscape of wireless communication systems, the vulnerability of automatic modulation classification (AMC) models to adversarial attacks presents a significant security challenge. This study introduces a pruning and training methodology tailored to address the nuances of signal processing within these systems. Leveraging a pruning method based on channel activation contributions, our approach optimizes adversarial training potential, enhancing the model's capacity to improve robustness against attacks. Additionally, the approach constructs a resilient training method based on a composite strategy, integrating balanced adversarial training, soft target regularization, and gradient masking. This combination effectively broadens the model's uncertainty space and obfuscates gradients, thereby enhancing the model's defenses against a wide spectrum of adversarial tactics. The training regimen is carefully adjusted to retain sensitivity to adversarial inputs while maintaining accuracy on original data. Comprehensive evaluations conducted on the RML2016.10A dataset demonstrate the effectiveness of our method in defending against both gradient-based and optimization-based attacks within the realm of wireless communication. This research offers insightful and practical approaches to improving the security and performance of AMC models against the complex and evolving threats present in modern wireless communication environments.

computer science, information systems,telecommunications, hardware & architecture

Dongwei Xu,Jiajun Chen,Yao Lu,Tianhao Xia,Qi Xuan,Wei Wang,Yun Lin,Xiaoniu Yang

2024-08-05

Abstract:Recently, deep learning technology has been successfully introduced into Automatic Modulation Recognition (AMR) tasks. However, the success of deep learning is all attributed to the training on large-scale datasets. Such a large amount of data brings huge pressure on storage, transmission and model training. In order to solve the problem of large amount of data, some researchers put forward the method of data distillation, which aims to compress large training data into smaller synthetic datasets to maintain its performance. While numerous data distillation techniques have been developed within the realm of image processing, the unique characteristics of signals set them apart. Signals exhibit distinct features across various domains, necessitating specialized approaches for their analysis and processing. To this end, a novel dataset distillation method--Multi-domain Distribution Matching (MDM) is proposed. MDM employs the Discrete Fourier Transform (DFT) to translate timedomain signals into the frequency domain, and then uses a model to compute distribution matching losses between the synthetic and real datasets, considering both the time and frequency domains. Ultimately, these two losses are integrated to update the synthetic dataset. We conduct extensive experiments on three AMR datasets. Experimental results show that, compared with baseline methods, our method achieves better performance under the same compression ratio. Furthermore, we conduct crossarchitecture generalization experiments on several models, and the experimental results show that our synthetic datasets can generalize well on other unseen models.

Machine Learning,Artificial Intelligence

Sicheng Zhang,Yandie Yang,Ziyao Zhou,Zhi Sun,Yun Lin

DOI: https://doi.org/10.1109/tifs.2024.3372798

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Automatic Modulation Classification (AMC) is crucial for monitoring the legitimacy of user frequency behavior and identifying potential sources of interference in spectrum monitoring. Deep learning-based AMC models have shown excellent performance, however, it has been proven susceptible to adversarial attacks. To address the problem, we propose a Disentangled Hilbert-Schmidt Information Bottleneck Adversarial Defense (DIBAD) method to enhance the adversarial robustness of AMC models. Specifically, we firstly analyze the task-relevant and task-irrelevant features in the intermediate representations of modulation signals from the perspective of mutual information theory. Secondly, a training framework consisting of a classification feature extractor, a supplementary feature extractor, and a classifier is designed. Under the information bottleneck constraint, the classification feature extractor and supplementary feature extractor are used to extract task-relevant and task-irrelevant features, respectively. The information bottleneck constraint is employed to reduce task-irrelevant features, thus improving the model’s adversarial robustness. Experiments on the RML2016.10a and DMRadio09.real datasets, along with comprehensive analysis, demonstrate the superiority of the DIBAD method terms of adversarial robustness.

computer science, theory & methods,engineering, electrical & electronic

Nayan Moni Baishya,B. R. Manoj

2024-04-11

Abstract:Data-driven deep learning (DL) techniques developed for automatic modulation classification (AMC) of wireless signals are vulnerable to adversarial attacks. This poses a severe security threat to the DL-based wireless systems, specifically for edge applications of AMC. In this work, we address the joint problem of developing optimized DL models that are also robust against adversarial attacks. This enables efficient and reliable deployment of DL-based AMC on edge devices. We first propose two optimized models using knowledge distillation and network pruning, followed by a computationally efficient adversarial training process to improve the robustness. Experimental results on five white-box attacks show that the proposed optimized and adversarially trained models can achieve better robustness than the standard (unoptimized) model. The two optimized models also achieve higher accuracy on clean (unattacked) samples, which is essential for the reliability of DL-based solutions at edge applications.

Signal Processing,Cryptography and Security,Information Theory,Machine Learning

Yang Peng,Lantu Guo,Jun Yan,Mengyuan Tao,Xue Fu,Yun Lin,Guan Gui

DOI: https://doi.org/10.3390/drones7060390

IF: 5.532

2023-06-12

Drones

Abstract:Automatic modulation classification (AMC) is a signal processing technology used to identify the modulation type of unknown signals without prior information such as modulation parameters for drone communications. In recent years, deep learning (DL) has been widely used in AMC methods due to its powerful feature extraction ability. The significant performance of DL-based AMC methods is highly dependent on large amount of data. However, with the increasingly complex signal environment and the emergence of new signals, several recognition tasks have difficulty obtaining sufficient high-quality signals. To address this problem, we propose an AMC method based on a deep residual neural network with masked modeling (DRMM). Specifically, masked modeling is adopted to improve the performance of a deep neural network with limited signal samples. Both complex-valued and real-valued residual neural networks (ResNet) play an important role in extracting signal features for identification. Several typical experiments are conducted to evaluate our proposed DRMM-based AMC method on the RadioML 2016.10A dataset and a simulated dataset, and comparison experiments with existing AMC methods are also conducted. The simulation results illustrate that our proposed DRMM-based AMC method achieves better performance in the case of limited signal samples with low signal-to-noise ratio (SNR) than other existing methods.

Yi Zhao,Wenjing Yuan,Yinghua Huang,Zhenyu Chen

DOI: https://doi.org/10.1109/dsa56465.2022.00163

2022-01-01

Abstract:With the development of information technology and 5G communication, the number of wireless devices has increased significantly, and the complexity of the communication system has also been rapidly upgraded. Due to the complexity and the high dimensionality of signals, many researchers have applied deep learning to modulation recognition tasks. However, although deep learning exhibits strong capabilities for modulation recognition, its vulnerability to adversarial examples should also be addressed. In this paper, we conduct a preliminary study on the security of DNN-based modulation recognition models. We build multiple high-accuracy DNN-based models on existing research and test their robustness by implementing multiple adversarial attacks on the well-trained models. The results show that adversarial examples pose a very serious threat to DNN-based modulation recognition models.

Yunpeng Qu,Zhilin Lu,Rui Zeng,Jintao Wang,Jian Wang

2024-01-02

Abstract:Automatic Modulation Recognition (AMR) plays a crucial role in wireless communication systems. Deep learning AMR strategies have achieved tremendous success in recent years. Modulated signals exhibit long temporal dependencies, and extracting global features is crucial in identifying modulation schemes. Traditionally, human experts analyze patterns in constellation diagrams to classify modulation schemes. Classical convolutional-based networks, due to their limited receptive fields, excel at extracting local features but struggle to capture global relationships. To address this limitation, we introduce a novel hybrid deep framework named TLDNN, which incorporates the architectures of the transformer and long short-term memory (LSTM). We utilize the self-attention mechanism of the transformer to model the global correlations in signal sequences while employing LSTM to enhance the capture of temporal dependencies. To mitigate the impact like RF fingerprint features and channel characteristics on model generalization, we propose data augmentation strategies known as segment substitution (SS) to enhance the model's robustness to modulation-related features. Experimental results on widely-used datasets demonstrate that our method achieves state-of-the-art performance and exhibits significant advantages in terms of complexity. Our proposed framework serves as a foundational backbone that can be extended to different datasets. We have verified the effectiveness of our augmentation approach in enhancing the generalization of the models, particularly in few-shot scenarios. Code is available at \url{

Signal Processing,Artificial Intelligence,Machine Learning

Xiangrong Zhang,Yifan Chen,Guanchun Wang,Yifang Zhang,Licheng Jiao

DOI: https://doi.org/10.1109/jstsp.2024.3453559

IF: 7.695

2024-01-01

IEEE Journal of Selected Topics in Signal Processing

Abstract:The development of deep learning technology has injected new vitality into the task of automatic modulation recognition (AMR). Despite achieving promising progress, existing models tend to lose recognition capability in low-quality communication environments due to the neglect of latent distributions within the data, i.e., classifying samples in a single feature space, resulting in unsatisfactory performance. Motivated by this observation, this paper aims to rethink the modulation signals classification from a new perspective on the latent data distribution. To address this, we propose a novel efficient divide-and-conquer domain adapter (EDDA) for AMR tasks, significantly enhancing the existing model's performance in challenging scenarios, irrespective of its architecture. Specifically, we first follow a divide-and-conquer approach to divide the raw data into multiple sub-domain spaces by signal-to-noise ratio (SNR), and then encourage the domain adapter to estimate the latent distributions and learn domain internally-invariant feature projections. Subsequently, we introduce a dynamic strategy for updating domain labels to overcome the limitations of the initial domain label partition by SNR. Finally, we provide theoretical support for EDDA and validate its effectiveness on two widely used benchmark datasets, RadioML2016.10a and RadioML2016.10b. Experimental results show that EDDA achieves average accuracy improvements of 11.63% and 2.32% on the respective datasets. Theoretical and experimental results demonstrate the superiority and versatility of EDDA.

Sicheng Zhang,Yun Lin,Jiarun Yu,Jianting Zhang,Qi Xuan,Dongwei Xu,Juzhen Wang,Meiyu Wang

DOI: https://doi.org/10.1109/tccn.2024.3360514

IF: 6.359

2024-01-01

IEEE Transactions on Cognitive Communications and Networking

Abstract:Deep neural networks provide intelligent solutions for Automatic Modulation Classification (AMC) tasks in the field of communication. However, their susceptibility to adversarial examples due to the interpretability problem presents a challenge as it leads to anomalous decisions. Emerging studies suggest that the high-frequency constituents within signals constitute a fundamental source of adversarial vulnerability. To address this issue, this paper introduces a Homomorphic Filtering Adversarial Defense (HFAD) algorithm that aims to effectively defend against adversarial examples by applying frequency domain filtering on the signal. This approach enhances the security and reliability of the AMC model by attenuating high-frequency components of the signal through homomorphic filtering, thereby reducing errors caused by adversarial perturbations on model outputs. The robustness of the AMC model is further enhanced through the integration of HFAD with data augmentation strategies. Experimental results demonstrate that the proposed defense algorithm not only maintains high signal recognition accuracy but also preserves communication signal transmission quality. Moreover, HFAD effectively withstands a wide range of white-box adversarial attacks and demonstrates resilience against black-box adversarial attacks, thereby enhancing the robustness of the AMC model against adversarial examples and exhibiting strong transfer performance.

Jingchun Wang,Peihao Dong,Fuhui Zhou,Qihui Wu

2024-10-15

Abstract:Deep learning (DL) has significantly improved automatic modulation classification (AMC) by leveraging neural networks as the feature <a class="link-external link-http" href="http://extractor.However" rel="external noopener nofollow">this http URL</a>, as the DL-based AMC becomes increasingly widespread, it is faced with the severe secure issue from various adversarial attacks. Existing defense methods often suffer from the high computational cost, intractable parameter tuning, and insufficient <a class="link-external link-http" href="http://robustness.This" rel="external noopener nofollow">this http URL</a> paper proposes an eXplainable artificial intelligence (XAI) defense approach, which uncovers the negative information caused by the adversarial attack through measuring the importance of input features based on the SHapley Additive exPlanations (SHAP).By properly removing the negative information in adversarial samples and then fine-tuning(FT) the model, the impact of the attacks on the classification result can be <a class="link-external link-http" href="http://mitigated.Experimental" rel="external noopener nofollow">this http URL</a> results demonstrate that the proposed SHAP-FT improves the classification performance of the model by 15%-20% under different attack levels,which not only enhances model robustness against various attack levels but also reduces the resource consumption, validating its effectiveness in safeguarding communication networks.

Signal Processing

Jinyin Chen,Jie Ge,Shilian Zheng,Linhui Ye,Haibin Zheng,Weiguo Shen,Keqiang Yue,Xiaoniu Yang

DOI: https://doi.org/10.1109/twc.2024.3374699

IF: 10.4

2024-01-01

IEEE Transactions on Wireless Communications

Abstract:A wireless communications system usually consists of a transmitter which transmits the information and a receiver which recovers the original information from the received distorted signal. Deep learning (DL) has been used to improve the performance of the receiver in complicated channel environments and state-of-the-art (SOTA) performance has been achieved. However, its robustness has not been investigated. In order to evaluate the robustness of DL-based information recovery models under adversarial circumstances, we investigate adversarial attacks on the SOTA DL-based information recovery model, i.e., DeepReceiver. We formulate the problem as an optimization problem with power and peak-to-average power ratio (PAPR) constraints. We design different adversarial attack methods according to the adversary’s knowledge of DeepReceiver’s model and/or testing samples. Extensive experiments show that the DeepReceiver is vulnerable to the designed attack methods in all of the considered scenarios. Even in the scenario of both model and test sample restricted, the adversary can attack the DeepReceiver and increase its bit error rate (BER) above 10%. It can also be found that the DeepReceiver is vulnerable to adversarial perturbations even with very low power and limited PAPR. These results suggest that defense measures should be taken to enhance the robustness of DeepReceiver.

telecommunications,engineering, electrical & electronic

Xiaoyang Hao,Zhixi Feng,Tongqing Peng,Shuyuan Yang

2024-08-10

Abstract:Automatic modulation classification (AMC) is an effective way to deal with physical layer threats of the internet of things (IoT). However, there is often label mislabeling in practice, which significantly impacts the performance and robustness of deep neural networks (DNNs). In this paper, we propose a meta-learning guided label noise distillation method for robust AMC. Specifically, a teacher-student heterogeneous network (TSHN) framework is proposed to distill and reuse label noise. Based on the idea that labels are representations, the teacher network with trusted meta-learning divides and conquers untrusted label samples and then guides the student network to learn better by reassessing and correcting labels. Furthermore, we propose a multi-view signal (MVS) method to further improve the performance of hard-to-classify categories with few-shot trusted label samples. Extensive experimental results show that our methods can significantly improve the performance and robustness of signal AMC in various and complex label noise scenarios, which is crucial for securing IoT applications.

Machine Learning,Artificial Intelligence,Signal Processing

Yu Wang,Liang Guo,Yu Zhao,Jie Yang,Bamidele Adebisi,Haris Gacanin,Guan Gui

DOI: https://doi.org/10.1109/lwc.2020.3016822

IF: 6.3

2020-12-01

IEEE Wireless Communications Letters

Abstract:Automatic modulation classification (AMC) is a typical technology for identifying different modulation types, which has been widely applied into various scenarios. Recently, deep learning (DL), one of the most advanced classification algorithms, has been applied into AMC. However, these previously proposed AMC methods are centralized in nature, i.e., all training data must be collected together to train the same neural network. In addition, they are generally based on powerful computing devices and may not be suitable for edge devices. Thus, a distributed learning-based AMC (DistAMC) method is proposed, which relies on the cooperation of multiple edge devices and model averaging (MA) algorithm. When compared with the centralized AMC (CentAMC), there are two advantages of the DistAMC: the higher training efficiency and the lower computing overhead, which are very consistent with the characteristics of edge devices. Simulation results show that there are slight performance gap between the DistAMC and the CentAMC, and they also have similar convergence speed, but the consumed training time per epoch in the former method will be shorter than that on the latter method, if the low latency and the high bandwidth are considered in model transmission process of the DistAMC. Moreover, the DistAMC can combine the computing power of multiple edge devices to reduce the computing overhead of a single edge device in the CentAMC.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qinghe Zheng,Xinyu Tian,Zhiguo Yu,Hongjun Wang,Abdussalam Elhanashi,Sergio Saponara

DOI: https://doi.org/10.1016/j.engappai.2023.106082

IF: 8

2023-06-01

Engineering Applications of Artificial Intelligence

Abstract:Automatic modulation classification (AMC) is an essential and indispensable topic in the development of cognitive radios. It is the cornerstone of adaptive modulation and demodulation capabilities to perceive and understand surrounding environments and make corresponding decisions. In this paper, we propose a priori regularization method in deep learning (DL-PR) for guiding loss optimization during model training process. The regularization factor designed by the combination of inter-class confrontation factor, global and dimensional divergence can help increase the inter-class distance and reduce the intra-class distance of samples. While preserving the original information of received signals as much as possible, it makes full use of the prior knowledge in the signal transmission process and ultimately helps deep learning models to be well generalized on signals with various signal-to-noise ratios (SNRs). As far as we know, this is the first attempt to regularize deep learning models based on SNR distribution of samples to improve AMC accuracy. Moreover, it can be proved that priori regularization can be interpreted as implicit data augmentation and model ensemble methods. By comparing with a series of state-of-the-art AMC methods and different regularization techniques on the public dataset RadioML 2016.10a, experimental results of multiple deep learning models illustrate the superiority of DL-PR, including CNN with accuracy of 62.6% and inference time of 0.82 ms per signal, LSTM with 61.8% and 0.87 ms, and hybrid CNN–LSTM with 64.2% and 0.94 ms. In practical applications, DL-PR can be also easily applied to complex environments due to its robustness to hyper-parameters and SNR estimation.

automation & control systems,computer science, artificial intelligence,engineering, electrical & electronic, multidisciplinary

Xingyu Qi,Yuanjian Liu,Yingchun Ye

DOI: https://doi.org/10.3390/s24196464

IF: 3.9

2024-10-08

Sensors

Abstract:Millimeter-wave (mm-wave) technology, crucial for future networks and vehicle-to-everything (V2X) communication in intelligent transportation, offers high data rates and bandwidth but is vulnerable to adversarial attacks, like interference and eavesdropping. It is crucial to protect V2X mm-wave communication from cybersecurity attacks, as traditional security measures often fail to counter sophisticated threats and complex attacks. To tackle these difficulties, the current study introduces an attention-enhanced defensive distillation network (AEDDN) to improve robustness and accuracy in V2X mm-wave communication under adversarial attacks. The AEDDN model combines the transformer algorithm with defensive distillation, leveraging the transformer's attention mechanism to focus on critical channel features and adapt to complex conditions. This helps mitigate adversarial examples by filtering misleading data. Defensive distillation further strengthens the model by smoothing decision boundaries, making it less sensitive to small perturbations. To evaluate and validate the AEDDN model, this study uses a publicly available dataset called 6g-channel-estimation and a proprietary dataset named MMMC, comparing the simulation results with the convolutional neural network (CNN) model. The findings from the experiments indicate that the AEDDN, especially in the complex V2X mm-wave environment, demonstrates enhanced performance.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation