TY - GEN
T1 - Targeted adversarial examples against RF deep classifiers
AU - Kokalj-Filipovic, Silvija
AU - Miller, Rob
AU - Morman, Joshua
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/5/15
Y1 - 2019/5/15
N2 - Adversarial examples (AdExs) in machine learning for classification of radio frequency (RF) signals can be created in a targeted manner such that they go beyond general misclassification and result in the detection of a specific targeted class. Moreover, these drastic, targeted misclassifications can be achieved with minimal waveform perturbations, resulting in catastrophic impact to deep learning based spectrum sensing applications (e.g. WiFi is mistaken for Bluetooth). This work addresses targeted deep learning AdExs, specifically those obtained using the Carlini-Wagner algorithm, and analyzes previously introduced defense mechanisms that performed successfully against non-targeted FGSM-based attacks. To analyze the effects of the Carlini-Wagner attack, and the defense mechanisms, we trained neural networks on two datasets. The first dataset is a subset of the DeepSig dataset, comprised of three synthetic modulations BPSK, QPSK, 8-PSK, which we use to train a simple network for Modulation Recognition. The second dataset contains real-world, well-labeled, curated data from the 2.4 GHz Industrial, Scientific and Medical (ISM) band, that we use to train a network for wireless technology (protocol) classification using three classes: WiFi 802.11n, Bluetooth (BT) and ZigBee. We show that for attacks of limited intensity the impact of the attack in terms of percentage of misclassifications is similar for both datasets, and that the proposed defense is effective in both cases. Finally, we use our ISM data to show that the targeted attack is effective against the deep learning classifier but not against a classical demodulator.
AB - Adversarial examples (AdExs) in machine learning for classification of radio frequency (RF) signals can be created in a targeted manner such that they go beyond general misclassification and result in the detection of a specific targeted class. Moreover, these drastic, targeted misclassifications can be achieved with minimal waveform perturbations, resulting in catastrophic impact to deep learning based spectrum sensing applications (e.g. WiFi is mistaken for Bluetooth). This work addresses targeted deep learning AdExs, specifically those obtained using the Carlini-Wagner algorithm, and analyzes previously introduced defense mechanisms that performed successfully against non-targeted FGSM-based attacks. To analyze the effects of the Carlini-Wagner attack, and the defense mechanisms, we trained neural networks on two datasets. The first dataset is a subset of the DeepSig dataset, comprised of three synthetic modulations BPSK, QPSK, 8-PSK, which we use to train a simple network for Modulation Recognition. The second dataset contains real-world, well-labeled, curated data from the 2.4 GHz Industrial, Scientific and Medical (ISM) band, that we use to train a network for wireless technology (protocol) classification using three classes: WiFi 802.11n, Bluetooth (BT) and ZigBee. We show that for attacks of limited intensity the impact of the attack in terms of percentage of misclassifications is similar for both datasets, and that the proposed defense is effective in both cases. Finally, we use our ISM data to show that the targeted attack is effective against the deep learning classifier but not against a classical demodulator.
UR - http://www.scopus.com/inward/record.url?scp=85066605890&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85066605890&partnerID=8YFLogxK
U2 - 10.1145/3324921.3328792
DO - 10.1145/3324921.3328792
M3 - Conference contribution
AN - SCOPUS:85066605890
T3 - WiseML 2019 - Proceedings of the 2019 ACM Workshop on Wireless Security and Machine Learning
SP - 6
EP - 11
BT - WiseML 2019 - Proceedings of the 2019 ACM Workshop on Wireless Security and Machine Learning
PB - Association for Computing Machinery, Inc
T2 - 2019 ACM Workshop on Wireless Security and Machine Learning, WiseML 2019
Y2 - 15 May 2019 through 17 May 2019
ER -