# Evaluating Adversarial Evasion Attacks in the Context of Wireless   Communications

**Authors:** Bryse Flowers, R. Michael Buehrer, and William C. Headley

arXiv: 1903.01563 · 2019-03-06

## TL;DR

This paper assesses the vulnerability of RFML systems to adversarial attacks, especially over-the-air, and introduces a new evaluation methodology tailored for wireless communication metrics like bit error rate.

## Contribution

It differentiates attack scenarios in RFML, develops a novel evaluation framework for adversarial success in wireless contexts, and demonstrates RFML's vulnerability to such attacks.

## Key findings

- RFML is vulnerable to adversarial examples in various attack scenarios.
- Over-the-air attacks face impairments due to wireless channel effects.
- The proposed methodology effectively evaluates adversarial success in wireless systems.

## Abstract

Recent advancements in radio frequency machine learning (RFML) have demonstrated the use of raw in-phase and quadrature (IQ) samples for multiple spectrum sensing tasks. Yet, deep learning techniques have been shown, in other applications, to be vulnerable to adversarial machine learning (ML) techniques, which seek to craft small perturbations that are added to the input to cause a misclassification. The current work differentiates the threats that adversarial ML poses to RFML systems based on where the attack is executed from: direct access to classifier input, synchronously transmitted over the air (OTA), or asynchronously transmitted from a separate device. Additionally, the current work develops a methodology for evaluating adversarial success in the context of wireless communications, where the primary metric of interest is bit error rate and not human perception, as is the case in image recognition. The methodology is demonstrated using the well known Fast Gradient Sign Method to evaluate the vulnerabilities of raw IQ based Automatic Modulation Classification and concludes RFML is vulnerable to adversarial examples, even in OTA attacks. However, RFML domain specific receiver effects, which would be encountered in an OTA attack, can present significant impairments to adversarial evasion.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1903.01563/full.md

## Figures

14 figures with captions in the complete paper: https://tomesphere.com/paper/1903.01563/full.md

## References

36 references — full list in the complete paper: https://tomesphere.com/paper/1903.01563/full.md

---
Source: https://tomesphere.com/paper/1903.01563