A look at adversarial attacks on radio waveforms from discrete latent space

TL;DR

This paper investigates how a VQVAE model can mitigate adversarial attacks on radio waveforms by analyzing its ability to reconstruct data and suppress attack effectiveness, revealing properties of the discrete latent space that aid in attack detection.

Contribution

The study demonstrates that VQVAE effectively reduces adversarial attack success on radio RF data and explores properties of the discrete latent space for attack detection.

Findings

VQVAE substantially decreases attack effectiveness.

Latent space properties vary with attack strength.

Reconstructed data shows reduced adversarial impact.

Abstract

Having designed a VQVAE that maps digital radio waveforms into discrete latent space, and yields a perfectly classifiable reconstruction of the original data, we here analyze the attack suppressing properties of VQVAE when an adversarial attack is performed on high-SNR radio-frequency (RF) data-points. To target amplitude modulations from a subset of digitally modulated waveform classes, we first create adversarial attacks that preserve the phase between the in-phase and quadrature component whose values are adversarially changed. We compare them with adversarial attacks of the same intensity where phase is not preserved. We test the classification accuracy of such adversarial examples on a classifier trained to deliver 100% accuracy on the original data. To assess the ability of VQVAE to suppress the strength of the attack, we evaluate the classifier accuracy on the reconstructions by VQVAE of the adversarial datapoints and show that VQVAE substantially decreases the effectiveness of the attack. We also compare the I/Q plane diagram of the attacked data, their reconstructions and the original data. Finally, using multiple methods and metrics, we compare the probability distribution of the VQVAE latent space with and without attack. Varying the attack strength, we observe interesting properties of the discrete space, which may help detect the attacks.