Scribd
Upload
13 views16 pages

DNN-Based Modulation Classification

The document discusses the threats posed by adversarial attacks on deep neural networks (DNN) used for modulation recognition in communication systems. It outlines the advantages of deep learning in this field, such as autonomous feature extraction and handling large datasets, while also highlighting the security risks associated with DNNs. The results indicate that iterative attack methods outperform one-step attacks, with varying success rates based on the attack model and noise sensitivity.

Uploaded by

gao310504
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views16 pages

DNN-Based Modulation Classification

The document discusses the threats posed by adversarial attacks on deep neural networks (DNN) used for modulation recognition in communication systems. It outlines the advantages of deep learning in this field, such as autonomous feature extraction and handling large datasets, while also highlighting the security risks associated with DNNs. The results indicate that iterative attack methods outperform one-step attacks, with varying success rates based on the attack model and noise sensitivity.

Uploaded by

gao310504
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Threats of Adversarial Attacks in DNN-

Based Modulation Recognition


IEEE INFOCOM 2020 - IEEE Conference on Computer Communications
Outline

• Introduction

• Background

• Attack Model

• Result

• Conclusion
Introduction
• Modulation Classification refers to the process of identifying and
categorizing the modulation methods used in radio waves within a
communication system.
• Different communication systems employ various modulation
techniques, such as Amplitude Modulation (AM), Frequency
Modulation (FM), Phase Modulation (PM), and others.
• Modulation classification involves identifying the modulation method
used in the received radio signals.
• This is crucial for various aspects such as wireless radio spectrum
management, interference detection, and optimization of radio
systems.
Introduction
• Traditional modulation recognition methods usually require prior
knowledge of signal and channel parameters, which can be inaccurate
under mild circumstances and need to be delivered through a separate
control channel.

• Deep Neural Networks have played a significant role in the research


domain of video, speech and image processing in the past few years.

• Recently the idea of deep learning has been introduced to the area of
communications by applying convolutional neural networks to the task of
radio modulation recognition.
Introduction
• The advantages of deep learning in communication area such as
modulation recognition are as follows:
1. Due to a large number of communication devices and high communication data
rates, the massive data required for deep learning are available in the
communication systems.
2. Deep learning can autonomously extract features and avoid manual feature
selection.
3. Convolutional neural networks (CNN) can use convolutional layers instead of fully
connected layers to reduce data parameters.
Introduction
• Although deep learning has unique advantages in solving problems in
radio communications, the black-box features and unexplained
properties of DNNs can cause numerous security risks.
Background
Background
FGSM PGD

FGSM

BIM MIM
Attack Model- White Box Attack
• In white-box attack, the adversary needs to have extensive knowledge
of the target DNN model, including input samples, weight values,
activation functions, architecture, and training methods.
• The adversarial examples are generated by continuously accessing the
model to calculate the gradient.
Attack Model- Black Box Attack
• The black-box attack assumes that the adversary cannot access the target
model and only knows the output label and predicted confidence level.

• This paper used a substitute DNN model to simulate the decision


boundaries of the approximate target model.

• The substitute model is not used to learn to determine the optimal model
but to learn the alternative ability to mimic the decision boundary of the
target model.
Attack Model- Black Box Attack
Result

VTCNN2 Substitute model


Result
Result
Result
Conclusion
• The results showed that in white-box attacks, regardless of the SNR or
perturbation, the iterative attack methods significantly outperformed the one-
step attack of FGSM with an advantage of 10% on the average attack effect.

• The MIM attack success rate was slightly higher than that of BIM and PGD in the
iterative algorithms.

• Different methods exhibited different sensitivity to noise, which required us to


choose an appropriate attack method based on the actual scenarios.

You might also like