Channel-Aware Adversarial Attacks Against Deep Learning-Based Wireless Signal Classifiers

by   Brian Kim, et al.

This paper presents channel-aware adversarial attacks against deep learning-based wireless signal classifiers. There is a transmitter that transmits signals with different modulation types. A deep neural network is used at each receiver to classify its over-the-air received signals to modulation types. In the meantime, an adversary transmits an adversarial perturbation (subject to a power budget) to fool receivers into making errors in classifying signals that are received as superpositions of transmitted signals and adversarial perturbations. First, these evasion attacks are shown to fail when channels are not considered in designing adversarial perturbations. Then realistic attacks are presented by considering channel effects from the adversary to each receiver. After showing that a channel-aware attack is selective (i.e., it affects only the receiver whose channel is considered in the perturbation design), a broadcast adversarial attack is presented by crafting a common adversarial perturbation to simultaneously fool classifiers at different receivers. The major vulnerability of modulation classifiers to over-the-air adversarial attacks is shown by accounting for different levels of information available about channel, transmitter input, and classifier model. Finally, a certified defense based on randomized smoothing that augments training data with noise is introduced to make modulation classifier robust to adversarial perturbations.


page 1

page 2

page 3

page 4


Over-the-Air Adversarial Attacks on Deep Learning Based Modulation Classifier over Wireless Channels

We consider a wireless communication system that consists of a transmitt...

How to Make 5G Communications "Invisible": Adversarial Machine Learning for Wireless Privacy

We consider the problem of hiding wireless communications from an eavesd...

Over-The-Air Adversarial Attacks on Deep Learning Wi-Fi Fingerprinting

Empowered by deep neural networks (DNNs), Wi-Fi fingerprinting has recen...

Penetrating RF Fingerprinting-based Authentication with a Generative Adversarial Attack

Physical layer authentication relies on detecting unique imperfections i...

Communication without Interception: Defense against Deep-Learning-based Modulation Detection

We consider a communication scenario, in which an intruder, employing a ...

Adversarial Filters for Secure Modulation Classification

Modulation Classification (MC) refers to the problem of classifying the ...

Adversarial Attacks against Deep Learning Based Power Control in Wireless Communications

We consider adversarial machine learning based attacks on power allocati...

Please sign up or login with your details

Forgot password? Click here to reset