On the Vulnerability of Deep Automatic Modulation Classifiers to Explainable Backdoor Threats
This addresses a security problem for wireless communication systems using deep learning, representing an incremental advance by adapting backdoor attacks from computer vision to the wireless domain.
The paper tackles the vulnerability of deep learning-based automatic modulation classifiers to backdoor attacks by introducing a physical backdoor attack guided by explainable AI, achieving high success rates across various SNR values with minimal poisoning.
Deep learning (DL) has been widely studied for assisting applications of modern wireless communications. One of the applications is automatic modulation classification (AMC). However, DL models are found to be vulnerable to adversarial machine learning (AML) threats. One of the most persistent and stealthy threats is the backdoor (Trojan) attack. Nevertheless, most studied threats originate from other AI domains, such as computer vision (CV). Therefore, in this paper, a physical backdoor attack targeting the wireless signal before transmission is studied. The adversary is considered to be using explainable AI (XAI) to guide the placement of the trigger in the most vulnerable parts of the signal. Then, a class prototype combined with principal components is used to generate the trigger. The studied threat was found to be efficient in breaching multiple DL-based AMC models. The attack achieves high success rates for a wide range of SNR values and a small poisoning ratio.