More Web Proxy on the site http://driver.im/

research-article

Public Access

Robust Adversarial Attacks Against DNN-Based Wireless Communication Systems

Authors:

Alireza Bahramali,

Amir Houmansadr,

Dennis Goeckel,

Don TowsleyAuthors Info & Claims

CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Pages 126 - 140

https://doi.org/10.1145/3460120.3484777

Published: 13 November 2021 Publication History

Abstract

There is significant enthusiasm for the employment of Deep Neural Networks (DNNs) for important tasks in major wireless communication systems: channel estimation and decoding in orthogonal frequency division multiplexing (OFDM) systems, end-to-end autoencoder system design, radio signal classification, and signal authentication. Unfortunately, DNNs can be susceptible to adversarial examples, potentially making such wireless systems fragile and vulnerable to attack. In this work, by designing robust adversarial examples that meet key criteria, we perform a comprehensive study of the threats facing DNN-based wireless systems. We model the problem of adversarial wireless perturbations as an optimization problem that incorporates domain constraints specific to different wireless systems. This allows us to generate wireless adversarial perturbations that can be applied to wireless signals on-the-fly (i.e., with no need to know the target signals a priori), are undetectable from natural wireless noise, and are robust against removal. We show that even in the presence of significant defense mechanisms deployed by the communicating parties, our attack performs significantly better compared to existing attacks against DNN-based wireless systems. In particular, the results demonstrate that even when employing well-considered defenses, DNN-based wireless communication systems are vulnerable to adversarial attacks and call into question the employment of DNNs for a number of tasks in robust wireless communication.

References

[1]

Abdullatif Albaseer, Bekir Sait Ciftler, and Mohamed M Abdallah. 2020. Performance Evaluation of Physical Attacks against E2E Autoencoder over Rayleigh Fading Channel. In 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT).

[2]

Samuel Bair, Matthew DelVecchio, Bryse Flowers, Alan J Michaels, and William C Headley. 2019. On the limitations of targeted adversarial evasion attacks against deep learning enabled modulation recognition. In Proceedings of the ACM Workshop on Wireless Security and Machine Learning.

Digital Library

[3]

Federico Boccardi, Robert W Heath, Angel Lozano, Thomas L Marzetta, and Petar Popovski. 2014. Five disruptive technology directions for 5G. IEEE communications magazine (2014).

[4]

Nicholas Carlini, Anish Athalye, Nicolas Papernot, Wieland Brendel, Jonas Rauber, Dimitris Tsipras, Ian Goodfellow, Aleksander Madry, and Alexey Kurakin. 2019. On evaluating adversarial robustness. In arXiv preprint arXiv:1902.06705.

[5]

Jeremy Cohen, Elan Rosenfeld, and Zico Kolter. 2019. Certified adversarial robustness via randomized smoothing. In International Conference on Machine Learning.

[6]

Linglong Dai, Ruicheng Jiao, Fumiyuki Adachi, H Vincent Poor, and Lajos Hanzo. 2020. Deep learning for wireless communications: An emerging interdisciplinary paradigm. IEEE Wireless Communications (2020).

[7]

Matthew DelVecchio, Vanessa Arndorfer, and William C Headley. 2020 a. Investigating a Spectral Deception Loss Metric for Training Machine Learning-based Evasion Attacks. arXiv preprint arXiv:2005.13124 (2020).

[8]

Matthew DelVecchio, Bryse Flowers, and William C Headley. 2020 b. Effects of Forward Error Correction on Communications Aware Evasion Attacks. arXiv preprint arXiv:2005.13123 (2020).

[9]

Ali Fatih Demir, Mohamed Elkourdi, Mostafa Ibrahim, and Huseyin Arslan. 2019. Waveform design for 5G and beyond. arXiv preprint arXiv:1902.05999 (2019).

[10]

O. Dobre, A. Abdi, Y. Bar-Ness, and Wei Su. 2007. Survey of automatic modulation classification techniques: classical approaches and new trends. (2007).

[11]

Yinpeng Dong, Fangzhou Liao, Tianyu Pang, Hang Su, Jun Zhu, Xiaolin Hu, and Jianguo Li. 2018. Boosting adversarial attacks with momentum. In Proceedings of the IEEE conference on computer vision and pattern recognition.

[12]

Bryse Flowers, R Michael Buehrer, and William C Headley. 2019 a. Communications aware adversarial residual networks for over the air evasion attacks. In MILCOM 2019--2019 IEEE Military Communications Conference (MILCOM).

Digital Library

[13]

Bryse Flowers, R Michael Buehrer, and William C Headley. 2019 b. Evaluating adversarial evasion attacks in the context of wireless communications. IEEE Transactions on Information Forensics and Security (2019).

[14]

Jean-Yves Franceschi, Alhussein Fawzi, and Omar Fawzi. 2018. Robustness of classifiers to uniform $l_p$ and Gaussian noise. In International Conference on Artificial Intelligence and Statistics.

[15]

Ian Goodfellow, Yoshua Bengio, and Aaron Courville. 2016. Deep learning. MIT press.

Digital Library

[16]

Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2014. Generative Adversarial Nets. In Advances in Neural Information Processing Systems 27.

[17]

Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7--9, 2015, Conference Track Proceedings.

[18]

Tobias Gruber, Sebastian Cammerer, Jakob Hoydis, and Stephan ten Brink. 2017. On deep learning-based channel decoding. In 2017 51st Annual Conference on Information Sciences and Systems (CISS).

[19]

Muhammad Zaid Hameed, Andras Gyorgy, and Deniz Gunduz. 2019. Communication without interception: Defense against deep-learning-based modulation detection. arXiv preprint arXiv:1902.10674 (2019).

[20]

Taewon Hwang, Chenyang Yang, Gang Wu, Shaoqian Li, and Geoffrey Ye Li. 2008. OFDM and its wireless applications: A survey. IEEE transactions on Vehicular Technology (2008).

[21]

Yihan Jiang, Hyeji Kim, Himanshu Asnani, Sreeram Kannan, Sewoong Oh, and Pramod Viswanath. 2019. Turbo autoencoder: Deep learning based channel codes for point-to-point communication channels. In Advances in Neural Information Processing Systems.

[22]

Evgeny Khorov, Anton Kiryanov, Andrey Lyakhov, and Giuseppe Bianchi. 2018. A tutorial on IEEE 802.11 ax high efficiency WLANs. IEEE Communications Surveys & Tutorials (2018).

[23]

Brian Kim, Yalin E Sagduyu, Kemal Davaslioglu, Tugba Erpek, and Sennur Ulukus. 2020 a. Channel-aware adversarial attacks against deep learning-based wireless signal classifiers. arXiv preprint arXiv:2005.05321 (2020).

[24]

Brian Kim, Yalin E Sagduyu, Kemal Davaslioglu, Tugba Erpek, and Sennur Ulukus. 2020 b. Over-the-Air Adversarial Attacks on Deep Learning Based Modulation Classifier over Wireless Channels. In 2020 54th Annual Conference on Information Sciences and Systems (CISS).

[25]

Diederik Kingma and Jimmy Ba. 2014. Adam: A Method for Stochastic Optimization. International Conference on Learning Representations (2014).

[26]

Silvija Kokalj-Filipovic, Rob Miller, and Garrett Vanhoy. 2019. Adversarial examples in RF deep learning: Detection and physical robustness. In 2019 IEEE Global Conference on Signal and Information Processing (GlobalSIP).

[27]

Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236 (2016).

[28]

YLJC Li, Leonard J Cimini, and Nelson R Sollenberger. 1998. Robust channel estimation for OFDM systems with rapid dispersive fading channels. IEEE Transactions on communications (1998).

[29]

Fei Liang, Cong Shen, and Feng Wu. 2018. An iterative BP-CNN architecture for channel decoding. IEEE Journal of Selected Topics in Signal Processing (2018).

[30]

Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017).

[31]

Fan Meng, Peng Chen, Lenan Wu, and Xianbin Wang. 2018. Automatic modulation classification: A deep learning enabled approach. IEEE Transactions on Vehicular Technology (2018).

[32]

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Omar Fawzi, and Pascal Frossard. 2017. Universal adversarial perturbations. In Proceedings of the IEEE conference on computer vision and pattern recognition.

[33]

Eliya Nachmani, Yair Be'ery, and David Burshtein. 2016. Learning to decode linear codes using deep learning. In 2016 54th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

Digital Library

[34]

Eliya Nachmani, Elad Marciano, David Burshtein, and Yair Be'ery. 2017. RNN decoding of linear block codes. arXiv preprint arXiv:1702.07560 (2017).

[35]

Milad Nasr, Alireza Bahramali, and Amir Houmansadr. 2021. Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations. In 30th USENIX Security Symposium (USENIX Security 21).

[36]

Timothy J O'shea and Nathan West. 2016. Radio machine learning dataset generation with gnu radio. In Proceedings of the GNU Radio Conference.

[37]

Timothy O'Shea and Jakob Hoydis. 2017. An introduction to deep learning for the physical layer. IEEE Transactions on Cognitive Communications and Networking (2017).

[38]

Timothy J O'Shea, Johnathan Corgan, and T Charles Clancy. 2016. Convolutional radio modulation recognition networks. In International conference on engineering applications of neural networks.

[39]

Timothy James O'Shea, Tamoghna Roy, and T Charles Clancy. 2018. Over-the-air deep learning based radio signal classification. IEEE Journal of Selected Topics in Signal Processing (2018).

[40]

Nicolas Papernot, Patrick McDaniel, and Ian Goodfellow. 2016. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277 (2016).

[41]

Sharan Ramjee, Shengtai Ju, Diyu Yang, Xiaoyu Liu, Aly El Gamal, and Yonina C Eldar. 2019. Fast deep learning for automatic modulation classification. arXiv preprint arXiv:1901.05850 (2019).

[42]

Francesco Restuccia, Salvatore D'Oro, Amani Al-Shawabka, Bruno Costa Rendon, Kaushik Chowdhury, Stratis Ioannidis, and Tommaso Melodia. 2020. Generalized wireless adversarial deep learning. Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning.

Digital Library

[43]

Meysam Sadeghi and Erik G Larsson. 2018. Adversarial attacks on deep-learning based radio signal classification. IEEE Wireless Communications Letters (2018).

[44]

Meysam Sadeghi and Erik G Larsson. 2019. Physical adversarial attacks against end-to-end autoencoder communication systems. IEEE Communications Letters (2019).

[45]

Yi Shi, Kemal Davaslioglu, and Yalin E Sagduyu. 2020. Generative Adversarial Network in the Air: Deep Adversarial Learning for Wireless Signal Spoofing. IEEE Transactions on Cognitive Communications and Networking (2020).

[46]

Florian Tramèr, Alexey Kurakin, Nicolas Papernot, Ian Goodfellow, Dan Boneh, and Patrick McDaniel. 2017. Ensemble adversarial training: Attacks and defenses. arXiv preprint arXiv:1705.07204 (2017).

[47]

Muhammad Usama, Muhammad Asim, Junaid Qadir, Ala Al-Fuqaha, and Muhammad Ali Imran. 2019. Adversarial Machine Learning Attack on Modulation Classification. In 2019 UK/China Emerging Technologies (UCET).

[48]

Nathan E West and Tim O'Shea. 2017. Deep architectures for modulation recognition. 2017 IEEE International Symposium on Dynamic Spectrum Access Networks (DySPAN).

Digital Library

[49]

Hao Ye, Geoffrey Ye Li, and Biing-Hwang Juang. 2017. Power of deep learning for channel estimation and signal detection in OFDM systems. IEEE Wireless Communications Letters (2017).

[50]

Zhongyuan Zhao, Mehmet C Vuran, Fujuan Guo, and Stephen Scott. 2018. Deep-waveform: A learned OFDM receiver based on deep complex convolutional networks. arXiv preprint arXiv:1810.07181 (2018).

Cited By

Baishya NManoj B(2024)Adversarial Robustness of Distilled and Pruned Deep Learning-based Wireless Classifiers2024 IEEE Wireless Communications and Networking Conference (WCNC)10.1109/WCNC57260.2024.10571193(01-06)Online publication date: 21-Apr-2024
https://doi.org/10.1109/WCNC57260.2024.10571193
Xu TWei ZXu TZheng G(2024)A Low-Cost Multi-Band Waveform Security Framework in Resource-Constrained CommunicationsIEEE Transactions on Wireless Communications10.1109/TWC.2024.336013023:8(9190-9205)Online publication date: Aug-2024
https://doi.org/10.1109/TWC.2024.3360130
Jiang RRao WChen S(2024)TRANS-G: Transformer Generator for Modeling and Constructing of UAPs Against DNN-Based Modulation ClassifiersIEEE Transactions on Vehicular Technology10.1109/TVT.2024.342159873:11(16892-16904)Online publication date: Nov-2024
https://doi.org/10.1109/TVT.2024.3421598
Show More Cited By

Index Terms

Robust Adversarial Attacks Against DNN-Based Wireless Communication Systems
1. Security and privacy
  1. Network security
    1. Mobile and wireless security

Recommendations

AdvRefactor: A Resampling-Based Defense Against Adversarial Attacks
Advances in Multimedia Information Processing – PCM 2018
Abstract
Deep neural networks have achieved great success in many domains. However, they are vulnerable to adversarial attacks, which generate adversarial examples by adding tiny perturbations to legitimate images. Previous studies providing defense mostly ...
Robust convolutional neural networks against adversarial attacks on medical images
Highlights
- We quantify the scale of adversarial perturbations imperceptible to clinicians.
Abstract
Convolutional neural networks (CNNs) have been widely applied to medical images. However, medical images are vulnerable to adversarial attacks by perturbations that are undetectable to human experts. This poses significant security ...
Adversarial Attacks and Defenses: Frontiers, Advances and Practice
KDD '20: Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining

Deep neural networks (DNN) have achieved unprecedented success in numerous machine learning tasks in various domains. However, the existence of adversarial examples leaves us a big hesitation when applying DNN models on safety-critical tasks such as ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

November 2021

3558 pages

ISBN:9781450384544

DOI:10.1145/3460120

General Chairs:
Yongdae Kim
KAIST, Republic of Korea
,
Jong Kim
POSTECH, Republic of Korea
,
Program Chairs:
Giovanni Vigna
University of California, Santa Barbara / VMware, USA
,
Elaine Shi
Carnegie Mellon University, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSF CAREER
NSF
DARPA and NIWC

Conference

CCS '21

Sponsor:

SIGSAC

CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security

November 15 - 19, 2021

Virtual Event, Republic of Korea

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

37
Total Citations
View Citations
1,648
Total Downloads

Downloads (Last 12 months)544
Downloads (Last 6 weeks)86

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Baishya NManoj B(2024)Adversarial Robustness of Distilled and Pruned Deep Learning-based Wireless Classifiers2024 IEEE Wireless Communications and Networking Conference (WCNC)10.1109/WCNC57260.2024.10571193(01-06)Online publication date: 21-Apr-2024
https://doi.org/10.1109/WCNC57260.2024.10571193
Xu TWei ZXu TZheng G(2024)A Low-Cost Multi-Band Waveform Security Framework in Resource-Constrained CommunicationsIEEE Transactions on Wireless Communications10.1109/TWC.2024.336013023:8(9190-9205)Online publication date: Aug-2024
https://doi.org/10.1109/TWC.2024.3360130
Jiang RRao WChen S(2024)TRANS-G: Transformer Generator for Modeling and Constructing of UAPs Against DNN-Based Modulation ClassifiersIEEE Transactions on Vehicular Technology10.1109/TVT.2024.342159873:11(16892-16904)Online publication date: Nov-2024
https://doi.org/10.1109/TVT.2024.3421598
Tian YXu DTong ESun RChen KLi YBaker TNiu WLiu J(2024)Toward Learning Model-Agnostic Explanations for Deep Learning-Based Signal Modulation ClassifiersIEEE Transactions on Reliability10.1109/TR.2024.336778073:3(1529-1543)Online publication date: Sep-2024
https://doi.org/10.1109/TR.2024.3367780
Zhang SFu JYu JXu HZha HMao SLin Y(2024)Channel-Robust Class-Universal Spectrum-Focused Frequency Adversarial Attacks on Modulated Classification ModelsIEEE Transactions on Cognitive Communications and Networking10.1109/TCCN.2024.338212610:4(1280-1293)Online publication date: Aug-2024
https://doi.org/10.1109/TCCN.2024.3382126
Chen JLiao DZheng SYe LJia CZheng HXiang S(2024)RobustRMC: Robustness Interpretable Deep Neural Network for Radio Modulation ClassificationIEEE Transactions on Cognitive Communications and Networking10.1109/TCCN.2024.337552110:4(1218-1240)Online publication date: Aug-2024
https://doi.org/10.1109/TCCN.2024.3375521
Jiang ZZeng WZhou XChen PYin S(2024)Transferable Sparse Adversarial Attack on Modulation Recognition With Generative NetworksIEEE Communications Letters10.1109/LCOMM.2024.337322228:5(999-1003)Online publication date: May-2024
https://doi.org/10.1109/LCOMM.2024.3373222
Son BHoa NChien TKhalid WFerrag MChoi WDebbah M(2024)Adversarial Attacks and Defenses in 6G Network-Assisted IoT SystemsIEEE Internet of Things Journal10.1109/JIOT.2024.337380811:11(19168-19187)Online publication date: 1-Jun-2024
https://doi.org/10.1109/JIOT.2024.3373808
Liu JHe YXu WXie YHan J(2024)Manipulating Semantic Communication by Adding Adversarial Perturbations to Wireless Channel2024 IEEE/ACM 32nd International Symposium on Quality of Service (IWQoS)10.1109/IWQoS61813.2024.10682897(1-10)Online publication date: 19-Jun-2024
https://doi.org/10.1109/IWQoS61813.2024.10682897
Hoque NRahbari H(2024)Deep Learning Models as Moving Targets to Counter Modulation Classification AttacksIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621413(1601-1610)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621413
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents