UNICA IRIS Institutional Research Information System

Motivated by the superior performance of deep learning in many applications including computer vision and natural language processing, several recent studies have focused on applying deep neural network for devising future generations of wireless networks. However, several recent works have pointed out that imperceptible and carefully designed adversarial examples (attacks) can significantly deteriorate the classification accuracy. In this letter, we investigate a defense mechanism based on both training-time and run-time defense techniques for protecting machine learning-based radio signal (modulation) classification against adversarial attacks. The training-time defense consists of adversarial training and label smoothing, while the run-time defense employs a support vector machine-based neural rejection (NR). Considering a white-box scenario and real datasets, we demonstrate that our proposed techniques outperform existing state-of-the-art technologies.

A Hybrid Training-Time and Run-Time Defense Against Adversarial Attacks in Modulation Classification

Demontis, A;Roli, F
Ultimo
2022-01-01

Abstract

Motivated by the superior performance of deep learning in many applications including computer vision and natural language processing, several recent studies have focused on applying deep neural network for devising future generations of wireless networks. However, several recent works have pointed out that imperceptible and carefully designed adversarial examples (attacks) can significantly deteriorate the classification accuracy. In this letter, we investigate a defense mechanism based on both training-time and run-time defense techniques for protecting machine learning-based radio signal (modulation) classification against adversarial attacks. The training-time defense consists of adversarial training and label smoothing, while the run-time defense employs a support vector machine-based neural rejection (NR). Considering a white-box scenario and real datasets, we demonstrate that our proposed techniques outperform existing state-of-the-art technologies.
2022
Training
Modulation
Perturbation methods
Smoothing methods
Support vector machines
Convolutional neural networks
Deep learning
DNNs
adversarial examples
projected gradient descent algorithm
adversarial training
label smoothing
neural rejection
File in questo prodotto:
File Dimensione Formato  
A_Hybrid_Training-Time_and_Run-Time_Defense_Against_Adversarial_Attacks_in_Modulation_Classification.pdf

Solo gestori archivio

Tipologia: versione editoriale (VoR)
Dimensione 643 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
643 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
A_Hybrid_Training-Time_and_Run-Time_Defense_Against_Adversarial_Attacks_in_Modulation_Classification_preprint.pdf.pdf

accesso aperto

Tipologia: versione post-print (AAM)
Dimensione 1.28 MB
Formato Adobe PDF
Visualizza/Apri
1.28 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11584/344016
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 10
  • ???jsp.display-item.citation.isi??? 8
social impact