Reason: Part of this work is under review for publication
until file(s) become available
Mitigating Adversarial Interference in Deep Learning-based Wireless Signal Classification Receivers
Automatic modulation classification (AMC) aims to improve the efficiency of crowded radio spectrums by automatically predicting the modulation constellation of wireless RF signals. Recent work has demonstrated the ability of deep learning (DL) to achieve robust AMC performance using raw in-phase and quadrature (IQ) time samples. Yet, deep learning models are highly susceptible to adversarial interference, which cause intelligent prediction models to misclassify received samples with high confidence. As a result, these attacks present significant security risks and inhibit the widespread deployment of deep learning in wireless communication channels. In this thesis, we propose and evaluate several defensive algorithms to mitigate such interference in a variety of threat models. We begin by considering the white box threat model, in which the adversary has complete knowledge of the classification models at the receiver allowing the transmission of the most potent attack. In this capacity, we present a two-fold defense mechanism, which consists of correcting misclassifications and detecting the presence of an adversary in a wireless channel. The former is designed by training the underlying model to correctly classify inputs with subtle perturbations whereas the latter is designed using manifold learning to identify samples further away from the manifold of the training data as adversarial inputs. Next, we consider the black box threat model, where the adversary uses partial or no system knowledge to craft an adversarial interference signal. Here, we develop a novel receiver architecture and show that adversarial attacks crafted to fool targeted AMC DL architectures are not transferable to different AMC network architectures, with classification performance improvements of up to 75%. Furthermore, we show that time-domain and frequency-domain trained classifiers are resilient to adversarial attacks crafted to induce misclassification in the altering domain. Finally, we propose our wireless receiver's assorted deep ensemble (ADE) defense, consisting of both time-domain and frequency-domain trained classifiers, which effectively mitigate the effects of imperceptible black box adversarial interference increasing classification performance by up to 70%.