计算机科学 ›› 2021, Vol. 48 ›› Issue (7): 25-32.doi: 10.11896/jsjkx.210300299
所属专题: 人工智能安全
王超1, 魏祥麟2, 田青1, 焦翔1, 魏楠1, 段强2
WANG Chao1, WEI Xiang-lin2, TIAN Qing1, JIAO Xiang1, WEI Nan1, DUAN Qiang2
摘要: 基于深度神经网络(Deep Neural Network,DNN)的自动调制识别(Automatic Modulation Recognition,AMR)模型具有特征自提取、识别精度高、人工干预少的优势。但是,业界在设计面向AMR的DNN(AMR-oriented DNN,ADNN)模型时,往往仅关注识别精度,而忽视了对抗样本可能带来的安全威胁。为此,文中从人工智能安全的角度出发,探究了对抗样本对ADNN模型的安全威胁,并提出了一种新颖的基于特征梯度的对抗攻击方法。相比传统标签梯度的攻击方式,特征梯度攻击方法能够更有效地攻击ADNN提取的调制信号空时特征,且具有更好的迁移性。在公开数据集上的实验结果表明,无论白盒攻击还是黑盒攻击,所提出的基于特征梯度的对抗攻击方法的攻击效果和迁移性均优于当前的标签梯度攻击方法。
中图分类号:
[1]O’SHEA T J,WEST N.Radio machine learning dataset generation with gnu radio[C]//Proceedings of the GNU Radio Confe-rence.2016:16. [2]LIU Y,YANG C.Modulation recognition with graph convolutional network[J].IEEE Wireless Communications Letters,2020,9(5):624-627. [3]KATO N,FADLULLAH Z M,MAO B,et al.The deep learning vision for heterogeneous network traffic control:Proposal,challenges,and future perspective [J].IEEE Wireless Communications,2016,24(3):146-153. [4]O’SHEA T J,ROY T,CLANCY T C.Over-the-air deep lear-ning based radio signal classification[J].IEEE Journal of Selec-ted Topics in Signal Processing,2018,12(1):168-179. [5]WANG Y,LIU M,YANG J,et al.Data-driven deep learning for automatic modulation recognition in cognitive radios[J].IEEE Transactions on Vehicular Technology,2019,68(4):4074-4077. [6]RAJENDRAN S,MEERT W,GIUSTINIANO D,et al.Deeplearning models for wireless signal classification with distributed low-cost spectrum sensors[J].IEEE Transactions on Cognitive Communications and Networking,2018,4(3):433-445. [7]TANG B,TU Y,ZHANG Z,et al.Digital signal modulationclassification with data augmentation using generative adver-sarial nets in cognitive radio networks[J].IEEE Access,2018,6:15713-15722. [8]CHEN K,ZHANG S,ZHU L,et al.Modulation Recognition of Radar Signals Based on Adaptive Singular Value Reconstruction and Deep Residual Learning[J].Sensors,2021,21(2):449. [9]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[J].arXiv:1312.6199,2013. [10]GOODFELLOW I J,SHLENS J,SZEGEDYC.Explaining and harnessing adversarial examples [C]//ICML.2015. [11]KURAKIN A,GOODFELLOW I,BENGIO S.Adversarialexamples in the physical world[J].arXiv:1607.02533,2016. [12]DONG Y,LIAO F,PANG T,et al.Boosting adversarial attacks with momentum[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2018:9185-9193. [13]MOOSAVI-DEZFOOLI S M,FAWZI A,FROSSARD P.Deepfool:a simple and accurate method to fool deep neural networks[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:2574-2582. [14]LIN J,SONG C,HE K,et al.Nesterov accelerated gradient and scale invariance for adversarial attacks[J].arXiv:1908.06281,2019. [15]MOOSAVI-DEZFOOLI S M,FAWZI A,FAWZI O,et al.Universal adversarial perturbations[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2017:1765-1773. [16]KURAKIN A,GOODFELLOW I,BENGIO S.Adversarial machine learning at scale[J].arXiv:1611.01236,2016. [17]CARLINI N,WAGNER D.Towards evaluating the robustness of neural networks[C]//2017 IEEE Symposium on Security and Privacy (SP).IEEE,2017:39-57. [18]ATHALYE A,ENGSTROM L,ILYAS A,et al.Synthesizingrobust adversarial examples[C]//International Conference on Machine Learning.PMLR,2018:284-293. [19]LIN Y,ZHAO H,TU Y,et al.Threats of adversarial attacks in DNN-based modulation recognition[C]//IEEE Conference on Computer Communications(IEEE INFOCOM 2020).IEEE,2020:2469-2478. [20]ZHAO H,LIN Y,GAO S,et al.Evaluating and Improving Adversarial Attacks on DNN-Based Modulation Recognition[C]//2020 IEEE Global Communications Conference(GLOBECOM 2020) .IEEE,2020:1-5. [21]DeepSig.Deepsig dataset:Radioml 2016.10a[OL].https://www.deepsig.io/datasets,2016. [22]SIMONYAN K,ZISSERMAN A.Very Deep Convolutional Networks for Large-Scale Image Recognition[J].arXiv:1409.1556,2014. [23]HE K,ZHANG X,REN S,et al.Deep residual learning forimage recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:770-778. |
[1] | 周芳泉, 成卫青. 基于全局增强图神经网络的序列推荐 Sequence Recommendation Based on Global Enhanced Graph Neural Network 计算机科学, 2022, 49(9): 55-63. https://doi.org/10.11896/jsjkx.210700085 |
[2] | 周乐员, 张剑华, 袁甜甜, 陈胜勇. 多层注意力机制融合的序列到序列中国连续手语识别和翻译 Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion 计算机科学, 2022, 49(9): 155-161. https://doi.org/10.11896/jsjkx.210800026 |
[3] | 徐涌鑫, 赵俊峰, 王亚沙, 谢冰, 杨恺. 时序知识图谱表示学习 Temporal Knowledge Graph Representation Learning 计算机科学, 2022, 49(9): 162-171. https://doi.org/10.11896/jsjkx.220500204 |
[4] | 饶志双, 贾真, 张凡, 李天瑞. 基于Key-Value关联记忆网络的知识图谱问答方法 Key-Value Relational Memory Networks for Question Answering over Knowledge Graph 计算机科学, 2022, 49(9): 202-207. https://doi.org/10.11896/jsjkx.220300277 |
[5] | 宁晗阳, 马苗, 杨波, 刘士昌. 密码学智能化研究进展与分析 Research Progress and Analysis on Intelligent Cryptology 计算机科学, 2022, 49(9): 288-296. https://doi.org/10.11896/jsjkx.220300053 |
[6] | 汤凌韬, 王迪, 张鲁飞, 刘盛云. 基于安全多方计算和差分隐私的联邦学习方案 Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy 计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108 |
[7] | 李宗民, 张玉鹏, 刘玉杰, 李华. 基于可变形图卷积的点云表征学习 Deformable Graph Convolutional Networks Based Point Cloud Representation Learning 计算机科学, 2022, 49(8): 273-278. https://doi.org/10.11896/jsjkx.210900023 |
[8] | 王剑, 彭雨琦, 赵宇斐, 杨健. 基于深度学习的社交网络舆情信息抽取方法综述 Survey of Social Network Public Opinion Information Extraction Based on Deep Learning 计算机科学, 2022, 49(8): 279-293. https://doi.org/10.11896/jsjkx.220300099 |
[9] | 郝志荣, 陈龙, 黄嘉成. 面向文本分类的类别区分式通用对抗攻击方法 Class Discriminative Universal Adversarial Attack for Text Classification 计算机科学, 2022, 49(8): 323-329. https://doi.org/10.11896/jsjkx.220200077 |
[10] | 姜梦函, 李邵梅, 郑洪浩, 张建朋. 基于改进位置编码的谣言检测模型 Rumor Detection Model Based on Improved Position Embedding 计算机科学, 2022, 49(8): 330-335. https://doi.org/10.11896/jsjkx.210600046 |
[11] | 王润安, 邹兆年. 基于物理操作级模型的查询执行时间预测方法 Query Performance Prediction Based on Physical Operation-level Models 计算机科学, 2022, 49(8): 49-55. https://doi.org/10.11896/jsjkx.210700074 |
[12] | 陈泳全, 姜瑛. 基于卷积神经网络的APP用户行为分析方法 Analysis Method of APP User Behavior Based on Convolutional Neural Network 计算机科学, 2022, 49(8): 78-85. https://doi.org/10.11896/jsjkx.210700121 |
[13] | 朱承璋, 黄嘉儿, 肖亚龙, 王晗, 邹北骥. 基于注意力机制的医学影像深度哈希检索算法 Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism 计算机科学, 2022, 49(8): 113-119. https://doi.org/10.11896/jsjkx.210700153 |
[14] | 孙奇, 吉根林, 张杰. 基于非局部注意力生成对抗网络的视频异常事件检测方法 Non-local Attention Based Generative Adversarial Network for Video Abnormal Event Detection 计算机科学, 2022, 49(8): 172-177. https://doi.org/10.11896/jsjkx.210600061 |
[15] | 檀莹莹, 王俊丽, 张超波. 基于图卷积神经网络的文本分类方法研究综述 Review of Text Classification Methods Based on Graph Convolutional Network 计算机科学, 2022, 49(8): 205-216. https://doi.org/10.11896/jsjkx.210800064 |
|