Trojan Attacks on Wireless Signal Classification with Adversarial Machine Learning
Kemal Davaslioglu, Yalin E. Sagduyu
TL;DR
This paper introduces a stealthy Trojan attack on deep learning-based wireless signal classifiers, demonstrating its effectiveness across various conditions and proposing detection methods using activation outlier analysis.
Contribution
It presents a novel Trojan attack method for wireless signal classification and evaluates detection techniques capable of identifying poisoned training data.
Findings
Trojan attacks can bypass classifiers without affecting clean signal accuracy.
The attack remains effective under different channel conditions.
Clustering-based detection can identify Trojan-infected samples.
Abstract
We present a Trojan (backdoor or trapdoor) attack that targets deep learning applications in wireless communications. A deep learning classifier is considered to classify wireless signals using raw (I/Q) samples as features and modulation types as labels. An adversary slightly manipulates training data by inserting Trojans (i.e., triggers) to only few training data samples by modifying their phases and changing the labels of these samples to a target label. This poisoned training data is used to train the deep learning classifier. In test (inference) time, an adversary transmits signals with the same phase shift that was added as a trigger during training. While the receiver can accurately classify clean (unpoisoned) signals without triggers, it cannot reliably classify signals poisoned with triggers. This stealth attack remains hidden until activated by poisoned inputs (Trojans) to…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsTest