Related papers: Channel Effects on Surrogate Models of Adversarial Attacks against Wireless Signal Classifiers

Channel Effects on Surrogate Models of Adversarial Attacks against Wireless Signal Classifiers

URL: http://arxiv.org/abs/2012.02160v2
Date: Tue, 9 Mar 2021 00:01:27 GMT
Title: Channel Effects on Surrogate Models of Adversarial Attacks against Wireless Signal Classifiers
Authors: Brian Kim and Yalin E. Sagduyu and Tugba Erpek and Kemal Davaslioglu and Sennur Ulukus
Abstract summary: We consider a wireless communication system that consists of a background emitter, a transmitter, and an adversary. The adversary generates adversarial attacks to fool the transmitter into misclassifying the channel as idle. We consider different topologies to investigate how different surrogate models that are trained by the adversary affect the performance of the adversarial attack.
Score: 42.56367378986028
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: We consider a wireless communication system that consists of a background emitter, a transmitter, and an adversary. The transmitter is equipped with a deep neural network (DNN) classifier for detecting the ongoing transmissions from the background emitter and transmits a signal if the spectrum is idle. Concurrently, the adversary trains its own DNN classifier as the surrogate model by observing the spectrum to detect the ongoing transmissions of the background emitter and generate adversarial attacks to fool the transmitter into misclassifying the channel as idle. This surrogate model may differ from the transmitter's classifier significantly because the adversary and the transmitter experience different channels from the background emitter and therefore their classifiers are trained with different distributions of inputs. This system model may represent a setting where the background emitter is a primary user, the transmitter is a secondary user, and the adversary is trying to fool the secondary user to transmit even though the channel is occupied by the primary user. We consider different topologies to investigate how different surrogate models that are trained by the adversary (depending on the differences in channel effects experienced by the adversary) affect the performance of the adversarial attack. The simulation results show that the surrogate models that are trained with different distributions of channel-induced inputs severely limit the attack performance and indicate that the transferability of adversarial attacks is neither readily available nor straightforward to achieve since surrogate models for wireless applications may significantly differ from the target model depending on channel effects.

Related papers

Downstream Transfer Attack: Adversarial Attacks on Downstream Models with Pre-trained Vision Transformers [95.22517830759193]
This paper studies the transferability of such an adversarial vulnerability from a pre-trained ViT model to downstream tasks. We show that DTA achieves an average attack success rate (ASR) exceeding 90%, surpassing existing methods by a huge margin.
arXiv Detail & Related papers (2024-08-03T08:07:03Z)
Mitigating Receiver Impact on Radio Frequency Fingerprint Identification via Domain Adaptation [15.347306554562048]
We develop a theoretical generalization error bound for the adaptation model. Motivated by the bound, we propose a novel method to solve the cross-receiver RFFI problem, which includes domain alignment and adaptive pseudo-labeling. Experimental results indicate that the proposed method can effectively mitigate the receiver impact and improve the cross-receiver RFFI performance.
arXiv Detail & Related papers (2024-04-12T16:08:32Z)
An Adaptive Model Ensemble Adversarial Attack for Boosting Adversarial Transferability [26.39964737311377]
We propose an adaptive ensemble attack, dubbed AdaEA, to adaptively control the fusion of the outputs from each model. We achieve considerable improvement over the existing ensemble attacks on various datasets.
arXiv Detail & Related papers (2023-08-05T15:12:36Z)
Is Semantic Communications Secure? A Tale of Multi-Domain Adversarial Attacks [70.51799606279883]
We introduce test-time adversarial attacks on deep neural networks (DNNs) for semantic communications. We show that it is possible to change the semantics of the transferred information even when the reconstruction loss remains low.
arXiv Detail & Related papers (2022-12-20T17:13:22Z)
FedRec: Federated Learning of Universal Receivers over Fading Channels [92.15358738530037]
We propose a neural network-based symbol detection technique for downlink fading channels. Multiple users collaborate to jointly learn a universal data-driven detector, hence the name FedRec. The performance of the resulting receiver is shown to approach the MAP performance in diverse channel conditions without requiring knowledge of the fading statistics.
arXiv Detail & Related papers (2020-11-14T11:29:55Z)
Adversarial Attacks with Multiple Antennas Against Deep Learning-Based Modulation Classifiers [43.156901821548935]
We show how to utilize multiple antennas at the adversary to improve the adversarial (evasion) attack performance. We introduce an attack to transmit the adversarial perturbation through the channel with the largest channel gain at the symbol level.
arXiv Detail & Related papers (2020-07-31T17:56:50Z)
Channel-Aware Adversarial Attacks Against Deep Learning-Based Wireless Signal Classifiers [43.156901821548935]
This paper presents channel-aware adversarial attacks against deep learning-based wireless signal classifiers. A certified defense based on randomized smoothing that augments training data with noise is introduced to make the modulation classifier robust to adversarial perturbations.
arXiv Detail & Related papers (2020-05-11T15:42:54Z)
Over-the-Air Adversarial Attacks on Deep Learning Based Modulation Classifier over Wireless Channels [43.156901821548935]
We consider a wireless communication system that consists of a transmitter, a receiver, and an adversary. In the meantime, the adversary makes over-the-air transmissions that are received as superimposed with the transmitter's signals. We present how to launch a realistic evasion attack by considering channels from the adversary to the receiver.
arXiv Detail & Related papers (2020-02-05T18:45:43Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.