学术文献库

This paper advances the state of the art by proposing the first comprehensive analysis and experimental evaluation of adversarial learning attacks to wireless deep learning systems. We postulate a series of adversarial attacks, and formulate a Generalized Wireless Adversarial Machine Learning Problem (GWAP) where we analyze the combined effect of the wireless channel and the adversarial waveform on the efficacy of the attacks. We propose a new neural network architecture called FIRNet, which can be trained to "hack" a classifier based only on its output. We extensively evaluate the performance on (i) a 1,000-device radio fingerprinting dataset, and (ii) a 24-class modulation dataset. Results obtained with several channel conditions show that our algorithms can decrease the classifier accuracy up to 3x. We also experimentally evaluate FIRNet on a radio testbed, and show that our data-driven blackbox approach can confuse the classifier up to 97% while keeping the waveform distortion to a minimum.