Robust Generative Defense Against Adversarial Attacks in Intelligent Modulation Recognition

IF 7 1区计算机科学 Q1 TELECOMMUNICATIONS IEEE Transactions on Cognitive Communications and Networking Pub Date : 2024-12-31 DOI:10.1109/TCCN.2024.3524184

Zhenju Zhang;Linru Ma;Mingqian Liu;Yunfei Chen;Nan Zhao;Arumugam Nallanathan

{"title":"Robust Generative Defense Against Adversarial Attacks in Intelligent Modulation Recognition","authors":"Zhenju Zhang;Linru Ma;Mingqian Liu;Yunfei Chen;Nan Zhao;Arumugam Nallanathan","doi":"10.1109/TCCN.2024.3524184","DOIUrl":null,"url":null,"abstract":"Deep neural network (DNN) greatly improves the efficiency of modulation recognition in wireless communication, but it also suffers from attacks. Generative artificial intelligence (GAI) possesses powerful data generation capabilities, which can be used to defend against attacks in modulation recognition. In practical scenarios, closed box attack can be implemented without information on the model. This is a great security threat. The existing defense methods are difficult to improve the robustness of the model while ensuring the recognition accuracy of the original signals. Therefore, this paper uses GAI to propose an adversarial decoupled defense method to protect modulation recognition. Firstly, for weak adversarial perturbations, the empirical mode decomposition (EMD) is used to highlight the high-frequency features in the signal, and the adversary detector is designed to detect the suspiciousness. Then, the signal is regenerated based on the generative adversarial network (GAN) to weaken the antagonism in the example. Further, the traditional adversarial training is decoupled into an original branch and an adversarial branch, and the outputs of the two branches are fused according to the suspiciousness. Simulation results show that the proposed defense method has high recognition accuracy for both original examples and adversarial examples even under attacks, and can effectively improve the robustness of the intelligent recognition model.","PeriodicalId":13069,"journal":{"name":"IEEE Transactions on Cognitive Communications and Networking","volume":"11 2","pages":"1041-1052"},"PeriodicalIF":7.0000,"publicationDate":"2024-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Cognitive Communications and Networking","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10818854/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Deep neural network (DNN) greatly improves the efficiency of modulation recognition in wireless communication, but it also suffers from attacks. Generative artificial intelligence (GAI) possesses powerful data generation capabilities, which can be used to defend against attacks in modulation recognition. In practical scenarios, closed box attack can be implemented without information on the model. This is a great security threat. The existing defense methods are difficult to improve the robustness of the model while ensuring the recognition accuracy of the original signals. Therefore, this paper uses GAI to propose an adversarial decoupled defense method to protect modulation recognition. Firstly, for weak adversarial perturbations, the empirical mode decomposition (EMD) is used to highlight the high-frequency features in the signal, and the adversary detector is designed to detect the suspiciousness. Then, the signal is regenerated based on the generative adversarial network (GAN) to weaken the antagonism in the example. Further, the traditional adversarial training is decoupled into an original branch and an adversarial branch, and the outputs of the two branches are fused according to the suspiciousness. Simulation results show that the proposed defense method has high recognition accuracy for both original examples and adversarial examples even under attacks, and can effectively improve the robustness of the intelligent recognition model.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

智能调制识别中对抗攻击的鲁棒生成防御

深度神经网络（Deep neural network， DNN）极大地提高了无线通信中调制识别的效率，但也容易受到攻击。生成式人工智能（GAI）具有强大的数据生成能力，可以用来防御调制识别中的攻击。在实际场景中，可以在没有模型信息的情况下实现闭箱攻击。这是一个巨大的安全威胁。现有的防御方法难以在保证原始信号识别精度的同时提高模型的鲁棒性。因此，本文利用GAI提出了一种对抗解耦防御方法来保护调制识别。首先，针对微弱的对抗性扰动，采用经验模态分解（EMD）来突出信号中的高频特征，并设计对手检测器来检测可疑性。然后，基于生成式对抗网络（GAN）对信号进行再生，以减弱示例中的对抗。进一步，将传统的对抗训练解耦为原始分支和对抗分支，并根据怀疑程度融合两个分支的输出。仿真结果表明，该防御方法在攻击情况下对原始样本和对抗样本均具有较高的识别精度，并能有效提高智能识别模型的鲁棒性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Transactions on Cognitive Communications and Networking Computer Science-Artificial Intelligence

CiteScore

15.50

自引率

7.00%

发文量

108

期刊介绍： The IEEE Transactions on Cognitive Communications and Networking (TCCN) aims to publish high-quality manuscripts that push the boundaries of cognitive communications and networking research. Cognitive, in this context, refers to the application of perception, learning, reasoning, memory, and adaptive approaches in communication system design. The transactions welcome submissions that explore various aspects of cognitive communications and networks, focusing on innovative and holistic approaches to complex system design. Key topics covered include architecture, protocols, cross-layer design, and cognition cycle design for cognitive networks. Additionally, research on machine learning, artificial intelligence, end-to-end and distributed intelligence, software-defined networking, cognitive radios, spectrum sharing, and security and privacy issues in cognitive networks are of interest. The publication also encourages papers addressing novel services and applications enabled by these cognitive concepts.