首页 | 本学科首页   官方微博 | 高级检索  
     

利用主成分分析的通信调制识别通用对抗攻击方法
引用本文:柯达,黄知涛,邓寿云,卢超奇. 利用主成分分析的通信调制识别通用对抗攻击方法[J]. 国防科技大学学报, 2023, 45(5): 30-37
作者姓名:柯达  黄知涛  邓寿云  卢超奇
作者单位:国防科技大学 电子科学学院, 湖南 长沙 410073;国防科技大学 电子科学学院, 湖南 长沙 410073;国防科技大学 电子对抗学院, 安徽 合肥 230037;中国人民解放军3143
基金项目:国防科技大学青年科技创新奖资助项目(18/19-QNCXJ)
摘    要:深度学习容易被对抗样本所攻击。以通信调制识别为例,在待传输的通信信号中加入对抗性扰动,可以有效防止非合作的用户利用深度学习方法识别信号的调制方式,进而提升通信安全。针对现有对抗样本生成技术难以满足自适应和实时性的问题,通过对数据集中抽取的小部分数据产生的对抗扰动进行主成分分析,得到适用于整个数据集的通用对抗扰动。通用对抗扰动的计算可以在离线条件下进行,然后实时添加到待发射的信号中,可以满足通信的实时性要求,实现降低非合作方调制识别准确率的目的。实验结果表明该方法相对基线方法具有更优的欺骗性能。

关 键 词:对抗样本  通用对抗扰动  通信调制识别
收稿时间:2022-10-14

Universal adversarial attack method for communication modulation identification using principal component analysis
KE D,HUANG Zhitao,DENG Shouyun,LU Chaoqi. Universal adversarial attack method for communication modulation identification using principal component analysis[J]. Journal of National University of Defense Technology, 2023, 45(5): 30-37
Authors:KE D  HUANG Zhitao  DENG Shouyun  LU Chaoqi
Affiliation:College of Electronic Science and Technology, National University of Defense Technology, Changsha 410073, China;College of Electronic Science and Technology, National University of Defense Technology, Changsha 410073, China;College of Electronic Engineering, National University of Defense Technology, Hefei 230037, China;The PLA Unit 31433, Shengyang 110000, China
Abstract:Deep learning is easily attacked by adversarial examples. Taking communication modulation recognition as an example, adding adversarial perturbations to the transmitted signal can effectively prevent non-cooperative users from utilizing the deep learning method to recognize the modulation of the signal. Thus, adversarial perturbations can help enhance communication security. To address the problem that the existing adversarial attack techniques are difficult to meet the adaptive and real-time requirements, the universal adversarial perturbation applicable to the whole dataset was obtained by the principal component analysis of the adversarial perturbation generated by a small part of the data extracted from the dataset. The computation of the universal adversarial perturbation can be carried out under offline conditions and then added to the signal to be transmitted in real time, which can satisfy the real-time requirements of communication and realize the purpose of reducing the accuracy of non-cooperative party modulation recognition. Experimental results show that the proposed method has better deception performance relative to the baseline method.
Keywords:adversarial examples   universal adversarial perturbation   communication modulation identification
点击此处可从《国防科技大学学报》浏览原始摘要信息
点击此处可从《国防科技大学学报》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号