# Mitigation of Adversarial Examples in RF Deep Classifiers Utilizing   AutoEncoder Pre-training

**Authors:** Silvija Kokalj-Filipovic, Rob Miller, Nicholas Chang, Chi Leung Lau

arXiv: 1902.08034 · 2019-02-22

## TL;DR

This paper introduces an autoencoder pre-training method to defend RF deep classifiers against adversarial examples, considering real-world over-the-air effects, and demonstrates its effectiveness in improving robustness.

## Contribution

It proposes a novel RF-specific defense mechanism using autoencoder pre-training to mitigate adversarial attacks on deep RF classifiers.

## Key findings

- Autoencoder pre-training improves robustness against RF adversarial examples.
- The method accounts for physical over-the-air effects in defense strategies.
- Results show significant reduction in misclassification caused by adversarial perturbations.

## Abstract

Adversarial examples in machine learning for images are widely publicized and explored. Illustrations of misclassifications caused by slightly perturbed inputs are abundant and commonly known (e.g., a picture of panda imperceptibly perturbed to fool the classifier into incorrectly labeling it as a gibbon). Similar attacks on deep learning (DL) for radio frequency (RF) signals and their mitigation strategies are scarcely addressed in the published work. Yet, RF adversarial examples (AdExs) with minimal waveform perturbations can cause drastic, targeted misclassification results, particularly against spectrum sensing/survey applications (e.g. BPSK is mistaken for 8-PSK). Our research on deep learning AdExs and proposed defense mechanisms are RF-centric, and incorporate physical world, over-the-air (OTA) effects. We herein present defense mechanisms based on pre-training the target classifier using an autoencoder. Our results validate this approach as a viable mitigation method to subvert adversarial attacks against deep learning-based communications and radar sensing systems.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1902.08034/full.md

## Figures

22 figures with captions in the complete paper: https://tomesphere.com/paper/1902.08034/full.md

## References

21 references — full list in the complete paper: https://tomesphere.com/paper/1902.08034/full.md

---
Source: https://tomesphere.com/paper/1902.08034