论文标题

黑客波形:广义无线对抗深度学习

Hacking the Waveform: Generalized Wireless Adversarial Deep Learning

论文作者

Restuccia, Francesco, D'Oro, Salvatore, Al-Shawabka, Amani, Rendon, Bruno Costa, Chowdhury, Kaushik, Ioannidis, Stratis, Melodia, Tommaso

论文摘要

本文通过提出对无线深度学习系统的对抗性学习攻击的首次综合分析和实验评估,从而推进了艺术的状态。我们假设一系列对抗性攻击,并制定了广义的无线对抗机学习问题(GWAP),在其中我们分析了无线通道和对抗波形对攻击功效的综合效果。我们提出了一种称为FireNet的新神经网络体系结构,该架构可以培训以“黑客”仅基于其输出的分类器。我们广泛评估了(i)1,000个设备无线电指纹数据集和(ii)24级调制数据集的性能。在几个通道条件下获得的结果表明,我们的算法可以将分类器精度降低到3倍。我们还在无线电测试台上测试了Firenet,并表明我们的数据驱动的黑框方法可以使分类器高达97%,同时将波形变形保持在最小值。

This paper advances the state of the art by proposing the first comprehensive analysis and experimental evaluation of adversarial learning attacks to wireless deep learning systems. We postulate a series of adversarial attacks, and formulate a Generalized Wireless Adversarial Machine Learning Problem (GWAP) where we analyze the combined effect of the wireless channel and the adversarial waveform on the efficacy of the attacks. We propose a new neural network architecture called FIRNet, which can be trained to "hack" a classifier based only on its output. We extensively evaluate the performance on (i) a 1,000-device radio fingerprinting dataset, and (ii) a 24-class modulation dataset. Results obtained with several channel conditions show that our algorithms can decrease the classifier accuracy up to 3x. We also experimentally evaluate FIRNet on a radio testbed, and show that our data-driven blackbox approach can confuse the classifier up to 97% while keeping the waveform distortion to a minimum.

扫码加入交流群

加入微信交流群

微信交流群二维码

扫码加入学术交流群,获取更多资源