TY - GEN
T1 - Robust automatic modulation classification in the presence of adversarial attacks
AU - Sahay, Rajeev
AU - Love, David J.
AU - Brinton, Christopher G.
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021/3/24
Y1 - 2021/3/24
N2 - Automatic modulation classification (AMC) is used in intelligent receivers operating in shared spectrum environments to classify the modulation constellation of radio frequency (RF) signals from received waveforms. Recently, deep learning has proven capable of enhancing AMC performance using both convolutional neural networks (CNNs) and recurrent neural networks (RNNs). However, deep learning-based AMC models are susceptible to adversarial attacks, which can significantly degrade the performance of well-trained models by adding small amounts of interference into wireless RF signals during transmission. In this work, we present a two-fold defense mechanism to withstand adversarial interference on modulated radio signals. Specifically, our method consists of (1) correcting misclassifications on mild attacks and (2) detecting the presence of an adversary on more potent attacks. We show that our proposed defense is capable of withstanding adversarial interference injected into RF signals while maintaining false positive detection rates on CNNs and RNNs as low as 3%.
AB - Automatic modulation classification (AMC) is used in intelligent receivers operating in shared spectrum environments to classify the modulation constellation of radio frequency (RF) signals from received waveforms. Recently, deep learning has proven capable of enhancing AMC performance using both convolutional neural networks (CNNs) and recurrent neural networks (RNNs). However, deep learning-based AMC models are susceptible to adversarial attacks, which can significantly degrade the performance of well-trained models by adding small amounts of interference into wireless RF signals during transmission. In this work, we present a two-fold defense mechanism to withstand adversarial interference on modulated radio signals. Specifically, our method consists of (1) correcting misclassifications on mild attacks and (2) detecting the presence of an adversary on more potent attacks. We show that our proposed defense is capable of withstanding adversarial interference injected into RF signals while maintaining false positive detection rates on CNNs and RNNs as low as 3%.
UR - http://www.scopus.com/inward/record.url?scp=85105007976&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85105007976&partnerID=8YFLogxK
U2 - 10.1109/CISS50987.2021.9400326
DO - 10.1109/CISS50987.2021.9400326
M3 - Conference contribution
AN - SCOPUS:85105007976
T3 - 2021 55th Annual Conference on Information Sciences and Systems, CISS 2021
BT - 2021 55th Annual Conference on Information Sciences and Systems, CISS 2021
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 55th Annual Conference on Information Sciences and Systems, CISS 2021
Y2 - 24 March 2021 through 26 March 2021
ER -