Adversarial Attacks on Deep-Learning Based Radio Signal Classification
This raises security and robustness concerns for DL-based wireless physical layer algorithms, impacting communication systems.
The paper tackles the vulnerability of deep learning in radio signal classification to adversarial attacks, showing that both white-box and black-box attacks can significantly reduce classification performance with minimal input perturbations, outperforming classical jamming methods.
Deep learning (DL), despite its enormous success in many computer vision and language processing applications, is exceedingly vulnerable to adversarial attacks. We consider the use of DL for radio signal (modulation) classification tasks, and present practical methods for the crafting of white-box and universal black-box adversarial attacks in that application. We show that these attacks can considerably reduce the classification performance, with extremely small perturbations of the input. In particular, these attacks are significantly more powerful than classical jamming attacks, which raises significant security and robustness concerns in the use of DL-based algorithms for the wireless physical layer.