Skip to main content
SpringerLink
Log in

Adversarial defense method based on ensemble learning for modulation signal intelligent recognition

  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

Modulation signal intelligent recognition model based on deep learning is widely used in the field of radio signal intelligent processing, but the adversarial attack has become a huge security threat. In order to promote the safe and reliable application of the modulation recognition intelligent model, it is necessary to study its adversarial defense technology. An adversarial defense method based on ensemble learning for modulation signal intelligent recognition model is proposed in this paper. Specifically, this method is achieved by combining multiple defense models such as adversarial training, defensive distillation, and noise smoothing. Variety of attack algorithms in both the white-box and black-box scenarios under different intensities of perturbation and different signal-to-noise ratios are carried out to verify the robustness performance of the proposed method. Strikingly, the accuracy of the model is improved to over 80% when the SNR is above 0 dB under Carlini and Wagner attack.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig.5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

Data availability

The data that support the findings of this study are available in DEEPSIG DATASET: RADIOML 2016.10A at https://www.deepsig.ai/datasets.

References

  1. Hou, C., Liu, G., Tian, Q., Zhou, Z., Hua, L., & Lin, Y. (2022). Multi-signal modulation classification using sliding window detection and complex convolutional network in frequency domain. IEEE Internet of Things Journal, 9(19), 19438–19449.

    Article  Google Scholar 

  2. Liu, S., Gao, P., Li, Y., et al. (2023). Multi-modal fusion network with complementarity and importance for emotion recognition. Information Sciences, 619, 679–694.

    Article  Google Scholar 

  3. Fu, X., Peng, Y., Liu, Y., Lin, Y., Gui, G., Gacanin, H., & Adachi, F. (2023). Semi-supervised specific emitter identification method using metric-adversarial training. IEEE Internet of Things Journal.

  4. Franco, H., Cobo-Kroenke, C., Welch, S., & Graciarena, M. (2020). Wideband spectral monitoring using deep learning. In Proceedings of the 2nd ACM workshop on wireless security and machine learning (pp. 19–24).

  5. Omotere, O., Fuller, J., Qian, L., & Han, Z. (2018). Spectrum occupancy prediction in coexisting wireless systems using deep learning. In: IEEE 88th vehicular technology conference (pp. 1–7).

  6. Liu, S., Huang, S., Wang, S., et al. (2023). Visual tracking in complex scenes: A location fusion mechanism based on the combination of multiple visual cognition flows. Information Fusion. https://doi.org/10.1016/j.inffus.2023.02.005

    Article  Google Scholar 

  7. Xu, Z., Han, G., Liu, L., et al. (2022). A lightweight specific emitter identification model for IIoT devices based on adaptive broad learning. IEEE Transactions on Industrial Informatics.

  8. Wang, Y., Gui, G., Lin, Y., et al. (2022). Few-shot specific emitter identification via deep metric ensemble learning. IEEE Internet of Things Journal, 9(24), 24980–24994.

    Article  Google Scholar 

  9. Fu, X., Gui, G., Wang, Y., et al. (2022). Automatic modulation classification based on decentralized learning and ensemble learning. IEEE Transactions on Vehicular Technology, 71(7), 7942–7946.

    Article  Google Scholar 

  10. Zhang, X., Zhao, H., Zhu, H., et al. (2022). NAS-AMR: Neural architecture search-based automatic modulation recognition for integrated sensing and communication systems. IEEE Transactions on Cognitive Communications and Networking, 8(3), 1374–1386.

    Article  Google Scholar 

  11. O'shea, T. J., & West, N. (2016). Radio machine learning dataset generation with GNU radio. In Proceedings of the GNU radio conference (Vol. 1, No. 1).

  12. Bao, Z., Lin, Y., Zhang, S., et al. (2021). Threat of adversarial attacks on DL-based IoT device identification. IEEE Internet of Things Journal, 9(11), 9012–9024.

    Article  Google Scholar 

  13. Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. (2013). Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199.

  14. Sadeghi, M., & Larsson, E. G. (2018). Adversarial attacks on deep-learning based radio signal classification. IEEE Wireless Communications Letters, 8(1), 213–216.

    Article  Google Scholar 

  15. Lin, Y., Zhao, H., Tu, Y., Mao, S., & Dou, Z. (2020). Threats of adversarial attacks in DNN-based modulation recognition. In IEEE conference on computer communications (pp. 2469–2478).

  16. Qi, P., Jiang, T., Wang, L., et al. (2022). Detection tolerant black-box adversarial attack against automatic modulation classification with deep learning. IEEE Transactions on Reliability, 71.2, 674–686.

    Article  Google Scholar 

  17. Rana, M. M., Xiang, W., Wang, E., Li, X., & Choi, B. J. (2018). Internet of Things infrastructure for wireless power transfer systems. IEEE Access, 6, 19295–19303.

    Article  Google Scholar 

  18. Tian, Q., Zhang, S., Mao, S., et al. (2022). Adversarial attacks and defenses for digital communication signals identification. Digital Communications and Networks.

  19. Kim, B., Sagduyu, Y. E., Davaslioglu, K., et al. (2021). Channel-aware adversarial attacks against deep learning-based wireless signal classifiers. IEEE Transactions on Wireless Communications, 21(6), 3868–3880.

    Article  Google Scholar 

  20. Kokalj-Filipovic, S., Miller, R., & Vanhoy, G. (2019). Adversarial examples in RF deep learning: Detection and physical robustness. In IEEE global conference on signal and information processing (pp. 1–5).

  21. Carlini, N., & Wagner, D. (2017). Towards evaluating the robustness of neural networks. In IEEE symposium on security and privacy (pp. 39–57).

  22. Adesina, D., Hsieh, C. C., Sagduyu, Y. E., & Qian, L. (2022). Adversarial machine learning in wireless communications using RF data: A review. IEEE Communications Surveys and Tutorials.

  23. Goodfellow, I. J., Shlens, J., & Szegedy, C. (2014). Explaining and harnessing adversarial examples. In International conference on learning representations.

  24. Kurakin, A., Goodfellow, I. J., & Bengio, S. (2018). Adversarial examples in the physical world. In Artificial intelligence safety and security (pp. 99–112).

  25. Madry, A., Makelov, A., Schmidt, L., Tsipras, D., & Vladu, A. (2017). Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083.

  26. Dong, Y., Liao, F., Pang, T., Su, H., Zhu, J., Hu, X., & Li, J. (2018). Boosting adversarial attacks with momentum. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 9185–9193).

  27. Hinton, G., Vinyals, O., & Dean, J. (2015). Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531.

  28. Lecuyer, M., Atlidakis, V., Geambasu, R., Hsu, D., & Jana, S. (2019). Certified robustness to adversarial examples with differential privacy. In IEEE symposium on security and privacy (pp. 656–672).

  29. Yang, G., Duan, T., Hu, J. E., Salman, H., Razenshteyn, I., & Li, J. (2020). Randomized smoothing of all shapes and sizes. In International conference on machine learning (pp. 10693–10705).

  30. He, W., Wei, J., Chen, X., Carlini, N., & Song, D. (2017). Adversarial example defense: Ensembles of weak defenses are not strong. In 11th USENIX workshop on offensive technologies.

  31. Kuncheva, L. I., & Whitaker, C. J. (2003). Measures of diversity in classifier ensembles and their relationship with the ensemble accuracy. Machine learning, 51(2), 181–207.

    Article  MATH  Google Scholar 

  32. Kurakin, A., Goodfellow, I., Bengio, S., Dong, Y., Liao, F., Liang, M., et al. (2018). Adversarial attacks and defences competition. In The NIPS'17 competition: Building intelligent systems (pp. 195–231).

  33. Tramèr, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., & McDaniel, P. (2017). Ensemble adversarial training: Attacks and defenses. arXiv preprint arXiv:1705.07204.

  34. Kannan, H., Kurakin, A., & Goodfellow, I. (2018). Adversarial logit pairing. arXiv preprint arXiv:1803.06373.

  35. Wang, Y., Zou, D., Yi, J., Bailey, J., Ma, X., & Gu, Q. (2019). Improving adversarial robustness requires revisiting misclassified examples. In International conference on learning representations.

  36. Papernot, N., McDaniel, P., Wu, X., Jha, S., & Swami, A. (2016). Distillation as a defense to adversarial perturbations against deep neural networks. In IEEE symposium on security and privacy (pp. 582–597).

  37. Gao, Q., Cao, Z., & Li, D. (2021). Defensive distillation based end-to-end auto-encoder communication system. In 7th international conference on computer and communications (pp. 109–114).

  38. Catak, F. O., Kuzlu, M., Catak, E., Cali, U., & Guler, O. (2022). Defensive distillation-based adversarial attack mitigation method for channel estimation using deep learning models in next-generation wireless networks. IEEE Access, 10, 98191–98203.

    Article  Google Scholar 

  39. Cohen, J., Rosenfeld, E., & Kolter, Z. (2019). Certified adversarial robustness via randomized smoothing. In International conference on machine learning (pp. 1310–1320).

  40. Levine, A., & Feizi, S. (2020). (De)Randomized smoothing for certifiable defense against patch attacks. Neural Information Processing Systems, 33, 6465–6475.

    Google Scholar 

  41. Jia, J., Cao, X., Wang, B., & Gong, N. Z. (2019). Certified robustness for top-k predictions against adversarial perturbations via randomized smoothing. In International conference on learning representations.

  42. Zhang, D., Ye, M., Gong, C., Zhu, Z., & Liu, Q. (2020). Black-box certification with randomized smoothing: A Functional Optimization based Framework. Neural Information Processing Systems, 33, 2316–2326.

    Google Scholar 

  43. Maroto, J., Bovet, G., & Frossard, P. (2022). SafeAMC: Adversarial training for robust modulation classification recognition models. In 30th European signal processing conference (pp. 1636–1640).

Download references

Author information

Authors and Affiliations

  1. People’s Liberation Army Strategic Support Force Information Engineering University, Zhengzhou, China

    Chao Han, Ruoxi Qin, Linyuan Wang, Weijia Cui, Jian Chen & Bin Yan

Authors
  1. Chao Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruoxi Qin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Linyuan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Weijia Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jian Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Bin Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bin Yan.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Han, C., Qin, R., Wang, L. et al. Adversarial defense method based on ensemble learning for modulation signal intelligent recognition. Wireless Netw 29, 2967–2980 (2023). https://doi.org/10.1007/s11276-023-03299-4

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-023-03299-4

Keywords

Search

Navigation