The Best Defense Is a Good Offense: Adversarial Attacks to Avoid Modulation Detection
This addresses security in wireless communication for scenarios where eavesdroppers use machine learning to intercept signals, though it is incremental as it adapts existing adversarial attack methods to a new domain.
The paper tackles the problem of preventing intruders from detecting modulation schemes in wireless communication by perturbing channel inputs, similar to adversarial attacks in machine learning, and shows that this approach can secure communication against state-of-the-art intruders with minimal performance loss.
We consider a communication scenario, in which an intruder tries to determine the modulation scheme of the intercepted signal. Our aim is to minimize the accuracy of the intruder, while guaranteeing that the intended receiver can still recover the underlying message with the highest reliability. This is achieved by perturbing channel input symbols at the encoder, similarly to adversarial attacks against classifiers in machine learning. In image classification, the perturbation is limited to be imperceptible to a human observer, while in our case the perturbation is constrained so that the message can still be reliably decoded by the legitimate receiver, which is oblivious to the perturbation. Simulation results demonstrate the viability of our approach to make wireless communication secure against state-of-the-art intruders (using deep learning or decision trees) with minimal sacrifice in the communication performance. On the other hand, we also demonstrate that using diverse training data and curriculum learning can significantly boost the accuracy of the intruder.