计算机科学

计算机科学 ›› 2021, Vol. 48 ›› Issue (7): 25-32.doi: 10.11896/jsjkx.210300299

所属专题: 人工智能安全

• 人工智能安全* • 上一篇    下一篇

基于特征梯度的调制识别深度网络对抗攻击方法

王超1, 魏祥麟2, 田青1, 焦翔1, 魏楠1, 段强2   

  1. 1 南京信息工程大学计算机与软件学院 南京210044
    2 国防科技大学第六十三研究所 南京210007
  • 收稿日期:2021-03-30 修回日期:2021-05-06 出版日期:2021-07-15 发布日期:2021-07-02
  • 通讯作者: 魏祥麟(wei_xianglin@163.com)
  • 基金资助:
    国家自然科学基金(61702273);江苏省自然科学基金(BK20170956)

Feature Gradient-based Adversarial Attack on Modulation Recognition-oriented Deep Neural Networks

WANG Chao1, WEI Xiang-lin2, TIAN Qing1, JIAO Xiang1, WEI Nan1, DUAN Qiang2   

  1. 1 School of Computer and Software,Nanjing University of Information Science and Technology,Nanjing 210044,China
    2 The 63rd Research Institute,National University of Defense Technology,Nanjing 210007,China
  • Received:2021-03-30 Revised:2021-05-06 Online:2021-07-15 Published:2021-07-02
  • About author:WANG Chao,born in 1997,postgra-duate.His main research interests include deep learning and adversarial example.(wangchao2020@nuist.edu.cn)
    WEI Xiang-lin,born in 1985,Ph.D,engineer.His main research interests include edge computing,deep learning and wireless network security.
  • Supported by:
    National Natural Science Foundation of China(61702273) and Natural Science Foundation of Jiangsu Province(BK20170956).

PDF (PC)

1126

摘要: 基于深度神经网络(Deep Neural Network,DNN)的自动调制识别(Automatic Modulation Recognition,AMR)模型具有特征自提取、识别精度高、人工干预少的优势。但是,业界在设计面向AMR的DNN(AMR-oriented DNN,ADNN)模型时,往往仅关注识别精度,而忽视了对抗样本可能带来的安全威胁。为此,文中从人工智能安全的角度出发,探究了对抗样本对ADNN模型的安全威胁,并提出了一种新颖的基于特征梯度的对抗攻击方法。相比传统标签梯度的攻击方式,特征梯度攻击方法能够更有效地攻击ADNN提取的调制信号空时特征,且具有更好的迁移性。在公开数据集上的实验结果表明,无论白盒攻击还是黑盒攻击,所提出的基于特征梯度的对抗攻击方法的攻击效果和迁移性均优于当前的标签梯度攻击方法。

关键词: 调制信号, 对抗样本, 深度学习, 神经网络, 自动调制识别

Abstract: Deep neural network (DNN)-based automatic modulation recognition (AMR) outperforms traditional AMR methods in automatic feature extraction,recognition accuracy with less manual intervention.However,high recognition accuracy is the first priority of the practitioners when designing AMR-oriented DNN (ADNN) models while security is usually neglected.In this backdrop,from the perspective of the security of artificial intelligence,this paper presents a novel characteristic gradient-based adversarial attack method on ADNN models.Compared with traditional label gradient-based attack method,the proposed method can better attack the extracted temporal and spatial features by ADNN models.Experimental results on an open dataset show that the proposed method outperforms label gradient-based method in the attacking success ratio and transferability in both white-box and black-box attacks.

Key words: Adversarial examples, Automatic modulation recognition, Deep learning, Modulation signal, Neural Networks

中图分类号: 

  • TP183
[1]O’SHEA T J,WEST N.Radio machine learning dataset generation with gnu radio[C]//Proceedings of the GNU Radio Confe-rence.2016:16.
[2]LIU Y,YANG C.Modulation recognition with graph convolutional network[J].IEEE Wireless Communications Letters,2020,9(5):624-627.
[3]KATO N,FADLULLAH Z M,MAO B,et al.The deep learning vision for heterogeneous network traffic control:Proposal,challenges,and future perspective [J].IEEE Wireless Communications,2016,24(3):146-153.
[4]O’SHEA T J,ROY T,CLANCY T C.Over-the-air deep lear-ning based radio signal classification[J].IEEE Journal of Selec-ted Topics in Signal Processing,2018,12(1):168-179.
[5]WANG Y,LIU M,YANG J,et al.Data-driven deep learning for automatic modulation recognition in cognitive radios[J].IEEE Transactions on Vehicular Technology,2019,68(4):4074-4077.
[6]RAJENDRAN S,MEERT W,GIUSTINIANO D,et al.Deeplearning models for wireless signal classification with distributed low-cost spectrum sensors[J].IEEE Transactions on Cognitive Communications and Networking,2018,4(3):433-445.
[7]TANG B,TU Y,ZHANG Z,et al.Digital signal modulationclassification with data augmentation using generative adver-sarial nets in cognitive radio networks[J].IEEE Access,2018,6:15713-15722.
[8]CHEN K,ZHANG S,ZHU L,et al.Modulation Recognition of Radar Signals Based on Adaptive Singular Value Reconstruction and Deep Residual Learning[J].Sensors,2021,21(2):449.
[9]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[J].arXiv:1312.6199,2013.
[10]GOODFELLOW I J,SHLENS J,SZEGEDYC.Explaining and harnessing adversarial examples [C]//ICML.2015.
[11]KURAKIN A,GOODFELLOW I,BENGIO S.Adversarialexamples in the physical world[J].arXiv:1607.02533,2016.
[12]DONG Y,LIAO F,PANG T,et al.Boosting adversarial attacks with momentum[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2018:9185-9193.
[13]MOOSAVI-DEZFOOLI S M,FAWZI A,FROSSARD P.Deepfool:a simple and accurate method to fool deep neural networks[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:2574-2582.
[14]LIN J,SONG C,HE K,et al.Nesterov accelerated gradient and scale invariance for adversarial attacks[J].arXiv:1908.06281,2019.
[15]MOOSAVI-DEZFOOLI S M,FAWZI A,FAWZI O,et al.Universal adversarial perturbations[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2017:1765-1773.
[16]KURAKIN A,GOODFELLOW I,BENGIO S.Adversarial machine learning at scale[J].arXiv:1611.01236,2016.
[17]CARLINI N,WAGNER D.Towards evaluating the robustness of neural networks[C]//2017 IEEE Symposium on Security and Privacy (SP).IEEE,2017:39-57.
[18]ATHALYE A,ENGSTROM L,ILYAS A,et al.Synthesizingrobust adversarial examples[C]//International Conference on Machine Learning.PMLR,2018:284-293.
[19]LIN Y,ZHAO H,TU Y,et al.Threats of adversarial attacks in DNN-based modulation recognition[C]//IEEE Conference on Computer Communications(IEEE INFOCOM 2020).IEEE,2020:2469-2478.
[20]ZHAO H,LIN Y,GAO S,et al.Evaluating and Improving Adversarial Attacks on DNN-Based Modulation Recognition[C]//2020 IEEE Global Communications Conference(GLOBECOM 2020) .IEEE,2020:1-5.
[21]DeepSig.Deepsig dataset:Radioml 2016.10a[OL].https://www.deepsig.io/datasets,2016.
[22]SIMONYAN K,ZISSERMAN A.Very Deep Convolutional Networks for Large-Scale Image Recognition[J].arXiv:1409.1556,2014.
[23]HE K,ZHANG X,REN S,et al.Deep residual learning forimage recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:770-778.
[1] 周芳泉, 成卫青.
基于全局增强图神经网络的序列推荐
Sequence Recommendation Based on Global Enhanced Graph Neural Network
计算机科学, 2022, 49(9): 55-63. https://doi.org/10.11896/jsjkx.210700085
[2] 周乐员, 张剑华, 袁甜甜, 陈胜勇.
多层注意力机制融合的序列到序列中国连续手语识别和翻译
Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion
计算机科学, 2022, 49(9): 155-161. https://doi.org/10.11896/jsjkx.210800026
[3] 徐涌鑫, 赵俊峰, 王亚沙, 谢冰, 杨恺.
时序知识图谱表示学习
Temporal Knowledge Graph Representation Learning
计算机科学, 2022, 49(9): 162-171. https://doi.org/10.11896/jsjkx.220500204
[4] 饶志双, 贾真, 张凡, 李天瑞.
基于Key-Value关联记忆网络的知识图谱问答方法
Key-Value Relational Memory Networks for Question Answering over Knowledge Graph
计算机科学, 2022, 49(9): 202-207. https://doi.org/10.11896/jsjkx.220300277
[5] 宁晗阳, 马苗, 杨波, 刘士昌.
密码学智能化研究进展与分析
Research Progress and Analysis on Intelligent Cryptology
计算机科学, 2022, 49(9): 288-296. https://doi.org/10.11896/jsjkx.220300053
[6] 汤凌韬, 王迪, 张鲁飞, 刘盛云.
基于安全多方计算和差分隐私的联邦学习方案
Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy
计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108
[7] 李宗民, 张玉鹏, 刘玉杰, 李华.
基于可变形图卷积的点云表征学习
Deformable Graph Convolutional Networks Based Point Cloud Representation Learning
计算机科学, 2022, 49(8): 273-278. https://doi.org/10.11896/jsjkx.210900023
[8] 王剑, 彭雨琦, 赵宇斐, 杨健.
基于深度学习的社交网络舆情信息抽取方法综述
Survey of Social Network Public Opinion Information Extraction Based on Deep Learning
计算机科学, 2022, 49(8): 279-293. https://doi.org/10.11896/jsjkx.220300099
[9] 郝志荣, 陈龙, 黄嘉成.
面向文本分类的类别区分式通用对抗攻击方法
Class Discriminative Universal Adversarial Attack for Text Classification
计算机科学, 2022, 49(8): 323-329. https://doi.org/10.11896/jsjkx.220200077
[10] 姜梦函, 李邵梅, 郑洪浩, 张建朋.
基于改进位置编码的谣言检测模型
Rumor Detection Model Based on Improved Position Embedding
计算机科学, 2022, 49(8): 330-335. https://doi.org/10.11896/jsjkx.210600046
[11] 王润安, 邹兆年.
基于物理操作级模型的查询执行时间预测方法
Query Performance Prediction Based on Physical Operation-level Models
计算机科学, 2022, 49(8): 49-55. https://doi.org/10.11896/jsjkx.210700074
[12] 陈泳全, 姜瑛.
基于卷积神经网络的APP用户行为分析方法
Analysis Method of APP User Behavior Based on Convolutional Neural Network
计算机科学, 2022, 49(8): 78-85. https://doi.org/10.11896/jsjkx.210700121
[13] 朱承璋, 黄嘉儿, 肖亚龙, 王晗, 邹北骥.
基于注意力机制的医学影像深度哈希检索算法
Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism
计算机科学, 2022, 49(8): 113-119. https://doi.org/10.11896/jsjkx.210700153
[14] 孙奇, 吉根林, 张杰.
基于非局部注意力生成对抗网络的视频异常事件检测方法
Non-local Attention Based Generative Adversarial Network for Video Abnormal Event Detection
计算机科学, 2022, 49(8): 172-177. https://doi.org/10.11896/jsjkx.210600061
[15] 檀莹莹, 王俊丽, 张超波.
基于图卷积神经网络的文本分类方法研究综述
Review of Text Classification Methods Based on Graph Convolutional Network
计算机科学, 2022, 49(8): 205-216. https://doi.org/10.11896/jsjkx.210800064
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发