Adversarial Examples in RF Deep Learning: Detection and Physical Robustness
| Autor: | Silvija Kokalj-Filipovic, Rob Miller, Garrett Vanhoy |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
021110 strategic
defence & security studies Computer science business.industry Deep learning 0211 other engineering and technologies 020206 networking & telecommunications 02 engineering and technology law.invention Bluetooth Adversarial system Computer engineering law Softmax function 0202 electrical engineering electronic engineering information engineering Waveform Radio frequency Artificial intelligence business Classifier (UML) Statistical hypothesis testing |
| Zdroj: | GlobalSIP |
| DOI: | 10.1109/globalsip45357.2019.8969138 |
| Popis: | While research on adversarial examples (AdExs) in machine learning for images has been prolific, similar attacks on deep learning (DL) for radio frequency (RF) signals and corresponding mitigation strategies are scarcely addressed in the published work, with only a handful of recent publications in the RF domain. With minimal waveform perturbation, RF adversarial examples (AdExs) can cause a substantial increase in misclassifications for spectrum sensing/ survey applications (e.g. ZigBee mistaken for Bluetooth). In this work, two statistical tests for AdEx detection are proposed. One statistical test leverages the peak-to-average-power ratio (PAPR) of the RF samples. The second test uses the softmax outputs of the machine learning model, which is proportional to the likelihoods the classifier assigns to each of the trained classes. The first test leverages the RF nature of the data while the latter is universally applicable to AdExs regardless of the domain. Both solutions are shown as viable mitigation methods to subvert adversarial attacks against RF waveforms, and their effectiveness is analyzed as function of the propagation channel and type of waveform. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|