Investigating a Spectral Deception Loss Metric for Training Machine Learning-based Evasion Attacks

TL;DR

This paper introduces a spectral deception loss metric to improve the spectral shape fidelity of adversarial signals in machine learning evasion attacks, enhancing their robustness against spectral defenses.

Contribution

The work proposes a novel spectral deception loss metric for training adversarial signals, addressing spectral shape preservation during evasion attacks in RF spectrum sensing.

Findings

Spectral deception loss effectively controls spectral shape of adversarial signals.

Methods demonstrate improved spectral fidelity without compromising attack success.

The approach enhances attack robustness against spectral filtering defenses.

Abstract

Adversarial evasion attacks have been very successful in causing poor performance in a wide variety of machine learning applications. One such application is radio frequency spectrum sensing. While evasion attacks have proven particularly successful in this area, they have done so at the detriment of the signal's intended purpose. More specifically, for real-world applications of interest, the resulting perturbed signal that is transmitted to evade an eavesdropper must not deviate far from the original signal, less the intended information is destroyed. Recent work by the authors and others has demonstrated an attack framework that allows for intelligent balancing between these conflicting goals of evasion and communication. However, while these methodologies consider creating adversarial signals that minimize communications degradation, they have been shown to do so at the expense of the spectral shape of the signal. This opens the adversarial signal up to defenses at the eavesdropper such as filtering, which could render the attack ineffective. To remedy this, this work introduces a new spectral deception loss metric that can be implemented during the training process to force the spectral shape to be more in-line with the original signal. As an initial proof of concept, a variety of methods are presented that provide a starting point for this proposed loss. Through performance analysis, it is shown that these techniques are effective in controlling the shape of the adversarial signal.