引用本文: | 柯达,黄知涛,邓寿云,等.利用主成分分析的通信调制识别通用对抗攻击方法.[J].国防科技大学学报,2023,45(5):30-37.[点击复制] |
KE Da,HUANG Zhitao,DENG Shouyun,et al.Universal adversarial attack method for communication modulation identification using principal component analysis[J].Journal of National University of Defense Technology,2023,45(5):30-37[点击复制] |
|
|
|
本文已被:浏览 4382次 下载 3143次 |
利用主成分分析的通信调制识别通用对抗攻击方法 |
柯达1,黄知涛1,2,邓寿云3,卢超奇3 |
(1. 国防科技大学 电子科学学院, 湖南 长沙 410073;2. 国防科技大学 电子对抗学院, 安徽 合肥 230037;3. 中国人民解放军31433部队, 辽宁 沈阳 110000)
|
摘要: |
深度学习容易被对抗样本所攻击。以通信调制识别为例,在待传输的通信信号中加入对抗性扰动,可以有效防止非合作的用户利用深度学习方法识别信号的调制方式,进而提升通信安全。针对现有对抗样本生成技术难以满足自适应和实时性的问题,通过对数据集中抽取的小部分数据产生的对抗扰动进行主成分分析,得到适用于整个数据集的通用对抗扰动。通用对抗扰动的计算可以在离线条件下进行,然后实时添加到待发射的信号中,可以满足通信的实时性要求,实现降低非合作方调制识别准确率的目的。实验结果表明该方法相对基线方法具有更优的欺骗性能。 |
关键词: 对抗样本 通用对抗扰动 通信调制识别 |
DOI:10.11887/j.cn.202305004 |
投稿日期:2022-10-14 |
基金项目:国防科技大学青年科技创新奖资助项目(18/19-QNCXJ) |
|
Universal adversarial attack method for communication modulation identification using principal component analysis |
KE Da1, HUANG Zhitao1,2, DENG Shouyun3, LU Chaoqi3 |
(1. College of Electronic Science and Technology, National University of Defense Technology, Changsha 410073, China;2. College of Electronic Engineering, National University of Defense Technology, Hefei 230037, China;3. The PLA Unit 31433, Shengyang 110000, China)
|
Abstract: |
Deep learning is easily attacked by adversarial examples. Taking communication modulation recognition as an example, adding adversarial perturbations to the transmitted signal can effectively prevent non-cooperative users from utilizing the deep learning method to recognize the modulation of the signal. Thus, adversarial perturbations can help enhance communication security. To address the problem that the existing adversarial attack techniques are difficult to meet the adaptive and real-time requirements, the universal adversarial perturbation applicable to the whole dataset was obtained by the principal component analysis of the adversarial perturbation generated by a small part of the data extracted from the dataset. The computation of the universal adversarial perturbation can be carried out under offline conditions and then added to the signal to be transmitted in real time, which can satisfy the real-time requirements of communication and realize the purpose of reducing the accuracy of non-cooperative party modulation recognition. Experimental results show that the proposed method has better deception performance relative to the baseline method. |
Keywords: adversarial examples universal adversarial perturbation communication modulation identification |
|
|
|
|
|