On the Vulnerability of Deep Automatic Modulation Classifiers to Explainable Backdoor Threats

TL;DR

This paper investigates a novel physical backdoor attack on deep learning-based automatic modulation classifiers in wireless communications, exploiting explainable AI to identify vulnerable signal parts, revealing significant security risks.

Contribution

It introduces a new physical backdoor attack method guided by explainable AI, demonstrating its effectiveness against multiple deep learning models in wireless signal classification.

Findings

High success rates across various SNR levels

Effective with small poisoning ratios

Vulnerable to explainable AI-guided backdoor attacks

Abstract

Deep learning (DL) has been widely studied for assisting applications of modern wireless communications. One of the applications is automatic modulation classification (AMC). However, DL models are found to be vulnerable to adversarial machine learning (AML) threats. One of the most persistent and stealthy threats is the backdoor (Trojan) attack. Nevertheless, most studied threats originate from other AI domains, such as computer vision (CV). Therefore, in this paper, a physical backdoor attack targeting the wireless signal before transmission is studied. The adversary is considered to be using explainable AI (XAI) to guide the placement of the trigger in the most vulnerable parts of the signal. Then, a class prototype combined with principal components is used to generate the trigger. The studied threat was found to be efficient in breaching multiple DL-based AMC models. The attack achieves high success rates for a wide range of SNR values and a small poisoning ratio.