A Hybrid Training-time and Run-time Defense Against Adversarial Attacks in Modulation Classification

TL;DR

This paper proposes a combined training-time and run-time defense strategy against adversarial attacks on modulation classification in wireless networks, improving robustness over existing methods.

Contribution

It introduces a novel hybrid defense mechanism integrating adversarial training, label smoothing, and SVM-based neural rejection for radio signal classification.

Findings

Outperforms state-of-the-art defenses in white-box scenarios

Effective against carefully crafted adversarial examples

Enhances robustness of modulation classification models

Abstract

Motivated by the superior performance of deep learning in many applications including computer vision and natural language processing, several recent studies have focused on applying deep neural network for devising future generations of wireless networks. However, several recent works have pointed out that imperceptible and carefully designed adversarial examples (attacks) can significantly deteriorate the classification accuracy. In this paper, we investigate a defense mechanism based on both training-time and run-time defense techniques for protecting machine learning-based radio signal (modulation) classification against adversarial attacks. The training-time defense consists of adversarial training and label smoothing, while the run-time defense employs a support vector machine-based neural rejection (NR). Considering a white-box scenario and real datasets, we demonstrate that our proposed techniques outperform existing state-of-the-art technologies.