A Hybrid Training-time and Run-time Defense Against Adversarial Attacks in Modulation Classification
This work addresses the security of machine learning-based wireless networks against adversarial attacks, which is an incremental improvement in a domain-specific context.
The paper tackles the problem of adversarial attacks degrading the accuracy of deep learning-based radio signal classification by proposing a hybrid defense combining adversarial training and label smoothing at training time with a support vector machine-based neural rejection at run time. The result is that the proposed techniques outperform existing state-of-the-art methods in white-box scenarios using real datasets.
Motivated by the superior performance of deep learning in many applications including computer vision and natural language processing, several recent studies have focused on applying deep neural network for devising future generations of wireless networks. However, several recent works have pointed out that imperceptible and carefully designed adversarial examples (attacks) can significantly deteriorate the classification accuracy. In this paper, we investigate a defense mechanism based on both training-time and run-time defense techniques for protecting machine learning-based radio signal (modulation) classification against adversarial attacks. The training-time defense consists of adversarial training and label smoothing, while the run-time defense employs a support vector machine-based neural rejection (NR). Considering a white-box scenario and real datasets, we demonstrate that our proposed techniques outperform existing state-of-the-art technologies.