AIR: Threats of Adversarial Attacks on Deep Learning-Based Information Recovery

TL;DR

This paper investigates the vulnerability of deep learning-based information recovery systems in wireless communications, demonstrating that state-of-the-art models like DeepReceiver are susceptible to adversarial attacks that significantly impair their performance.

Contribution

The study formulates adversarial attack methods tailored for DL-based information recovery models and evaluates their effectiveness against DeepReceiver under various scenarios.

Findings

DeepReceiver is vulnerable to adversarial attacks across all tested scenarios.

Adversarial perturbations can increase bit error rate above 10%.

Even low-power, limited-PAPR attacks can compromise DeepReceiver.

Abstract

A wireless communications system usually consists of a transmitter which transmits the information and a receiver which recovers the original information from the received distorted signal. Deep learning (DL) has been used to improve the performance of the receiver in complicated channel environments and state-of-the-art (SOTA) performance has been achieved. However, its robustness has not been investigated. In order to evaluate the robustness of DL-based information recovery models under adversarial circumstances, we investigate adversarial attacks on the SOTA DL-based information recovery model, i.e., DeepReceiver. We formulate the problem as an optimization problem with power and peak-to-average power ratio (PAPR) constraints. We design different adversarial attack methods according to the adversary's knowledge of DeepReceiver's model and/or testing samples. Extensive experiments show that the DeepReceiver is vulnerable to the designed attack methods in all of the considered scenarios. Even in the scenario of both model and test sample restricted, the adversary can attack the DeepReceiver and increase its bit error rate (BER) above 10%. It can also be found that the DeepReceiver is vulnerable to adversarial perturbations even with very low power and limited PAPR. These results suggest that defense measures should be taken to enhance the robustness of DeepReceiver.