Adversarial Attacks on Deep-Learning Based Radio Signal Classification
Meysam Sadeghi, Erik G. Larsson
TL;DR
This paper demonstrates that deep learning models used for radio signal classification are highly vulnerable to adversarial attacks, which can drastically impair performance with minimal input perturbations, raising security concerns.
Contribution
The paper introduces practical methods for white-box and black-box adversarial attacks on DL-based radio signal classification, highlighting security vulnerabilities.
Findings
Adversarial attacks significantly reduce classification accuracy.
Small perturbations can fool DL models more effectively than classical jamming.
Attacks pose security risks for wireless physical layer applications.
Abstract
Deep learning (DL), despite its enormous success in many computer vision and language processing applications, is exceedingly vulnerable to adversarial attacks. We consider the use of DL for radio signal (modulation) classification tasks, and present practical methods for the crafting of white-box and universal black-box adversarial attacks in that application. We show that these attacks can considerably reduce the classification performance, with extremely small perturbations of the input. In particular, these attacks are significantly more powerful than classical jamming attacks, which raises significant security and robustness concerns in the use of DL-based algorithms for the wireless physical layer.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsWireless Signal Modulation Classification · Adversarial Robustness in Machine Learning · Bacillus and Francisella bacterial research