An Electromagnetic Signal Adversarial Examples Generation Method Based on Saliency Map

ZHOU Xia; ZHANG Jian; LI Ning-an

doi:10.12263/DZXB.20230125

您当前的位置：

首页 >

文章列表页 >

An Electromagnetic Signal Adversarial Examples Generation Method Based on Saliency Map

PAPERS | 更新时间：2025-12-08

- An Electromagnetic Signal Adversarial Examples Generation Method Based on Saliency Map
- ACTA ELECTRONICA SINICA Vol. 51, Issue 7, Pages: 1917-1928(2023)
- 作者机构：
  
  武汉数字工程研究所，湖北武汉 430205
- 作者简介：
- 基金信息：
  
  National Defense Science and Technology 173 Program Technology Field Foundation of China (Category A)(A24011)
- DOI：10.12263/DZXB.20230125
  CLC： TP183
- Received：13 February 2023，
  
  Revised：2023-05-08，
  
  Published：25 July 2023
- 稿件说明：
移动端阅览
周侠,张剑,李宁安.基于显著图的电磁信号对抗样本生成方法[J].电子学报,2023,51(07):1917-1928.

ZHOU Xia,ZHANG Jian,LI Ning-an.An Electromagnetic Signal Adversarial Examples Generation Method Based on Saliency Map[J].ACTA ELECTRONICA SINICA,2023,51(07):1917-1928.
周侠,张剑,李宁安.基于显著图的电磁信号对抗样本生成方法[J].电子学报,2023,51(07):1917-1928. DOI： 10.12263/DZXB.20230125.

ZHOU Xia,ZHANG Jian,LI Ning-an.An Electromagnetic Signal Adversarial Examples Generation Method Based on Saliency Map[J].ACTA ELECTRONICA SINICA,2023,51(07):1917-1928. DOI： 10.12263/DZXB.20230125.

摘要

基于深度学习的电磁信号识别模型具有高效、准确和人工干预少的优点，然而其与传统神经网络模型一样容易受到对抗样本的影响.研究对抗样本对测试和提升模型的安全性和鲁棒性有着重要意义.为生成高质量电磁信号对抗样本，本文提出了基于雅可比显著图批量特征点攻击算法（Batch Points Jacobian-based Saliency Map Attack， BP-JSMA）.与传统雅可比显著图的攻击方法相比，BP-JSMA通过批量选取关键特征点能够更快生成对抗样本.此外，针对电磁信号数据的特点，增加自适应扰动限制，使得生成的对抗样本更具隐蔽性.在公开数据集的实验结果表明，与雅可比显著图攻击方法相比，BP-JSMA在生成速度方面提升了11倍，隐蔽性提升了10%；而与传统快速梯度符号攻击算法相比，攻击成功率提升了24%，隐蔽性提升了20%.

Abstract

The electromagnetic signal recognition model based on deep learning has the advantages of high efficiency

high accuracy

and less manual intervention. However

it is as susceptible to adversarial examples as traditional neural network models. Studying adversarial examples is important for testing and improving the security and robustness of neural network models. In order to generate high-quality electromagnetic signal adversarial examples

this paper proposed a batch feature points Jacobian-based saliency map attack method (BP-JSMA). Compared with the traditional Jacobian saliency map attack method

BP-JSMA can generate adversarial examples faster by selecting key feature points in a batch. In addition

according to the characteristics of electromagnetic signal data

adaptive disturbance limitation is proposed to make the generated adversarial examples more covert. Experimental results on public datasets show that compared to the Jacobian saliency map attack method

BP-JSMA improves generation speed by 11 times and concealment by 10%. Compared with traditional fast gradient sign attack method

the attack success rate has been improved by 24%

and the concealment has been improved by 20%.

关键词

Keywords

references

KRIZHEVSKY A , SUTSKEVER I , HINTON G E . ImageNet classification with deep convolutional neural networks [J]. Communications of the ACM , 2017 , 60 ( 6 ): 84 - 90 .

O'SHEA T J , CORGAN J , CLANCY T C . Convolutional radio modulation recognition networks [M]// Engineering Applications of Neural Networks . Cham : Springer International Publishing , 2016 : 213 - 226 .

O'SHEA T J , ROY T , CLANCY T C . Over-the-air deep learning based radio signal classification [J]. IEEE Journal of Selected Topics in Signal Processing , 2018 , 12 ( 1 ): 168 - 179 .

李钦 , 刘伟 , 牛朝阳 , 等 . 低信噪比下基于分裂EfficientNet网络的雷达信号调制方式识别 [J]. 电子学报 , 2023 , 51 ( 3 ): 675 - 686 .

LI Q , LIU W , NIU C Y , et al . Radar signal modulation recognition based on split EfficientNet under low signal-to-noise ratio [J]. Acta Electronica Sinica , 2023 , 51 ( 3 ): 675 - 686 . (in Chinese)

周鑫 , 何晓新 , 郑昌文 . 基于图像深度学习的无线电信号识别 [J]. 通信学报 , 2019 , 40 ( 7 ): 114 - 125 .

ZHOU X , HE X X , ZHENG C W . Radio signal recognition based on image deep learning [J]. Journal on Communications , 2019 , 40 ( 7 ): 114 - 125 . (in Chinese)

SZEGEDY C , ZAREMBA W , SUTSKEVER I , et al . Intriguing properties of neural networks [C]// 2014 the 2nd International Conference on Learning Representations . Banff : Conference Track Proceedings , 2014 : 1 - 10 .

GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples [C]// 2015 the 3rd International Conference on Learning Representations . San Diego : Conference Track Proceedings , 2015 : 1 - 11 .

DONG Y P , LIAO F Z , PANG T Y , et al . Boosting adversarial attacks with momentum [C]// 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition . Piscataway : IEEE , 2018 : 9185 - 9193 .

MADRY A , MAKELOV A , SCHMIDT L , et al . Towards deep learning models resistant to adversarial attacks [C]// 2018 the 6th International Conference on Learning Representations . Vancouver : Conference Track Proceedings , 2018 : 1 - 28 .

邹军华 , 段晔鑫 , 任传伦 , 等 . 基于噪声初始化、Adam-Nesterov方法和准双曲动量方法的对抗样本生成方法 [J]. 电子学报 , 2022 , 50 ( 1 ): 207 - 216 .

ZOU J H , DUAN Y X , REN C L , et al . Perturbation initialization, Adam-Nesterov and quasi-hyperbolic momentum for adversarial examples [J]. Acta Electronica Sinica , 2022 , 50 ( 1 ): 207 - 216 . (in Chinese)

PAPERNOT N , MCDANIEL P , JHA S , et al . The limitations of deep learning in adversarial settings [C]// 2016 IEEE European Symposium on Security and Privacy (EuroS&P) . Piscataway : IEEE , 2016 : 372 - 387 .

COMBEY T , LOISON A , FAUCHER M , et al . Probabilistic Jacobian-based saliency maps attacks [J]. Machine Learning and Knowledge Extraction , 2020 , 2 ( 4 ): 558 - 578 .

LIN Y , ZHAO H J , TU Y , et al . Threats of adversarial attacks in DNN-based modulation recognition [C]// IEEE INFOCOM 2020 - IEEE Conference on Computer Communications . Piscataway : IEEE , 2020 : 2469 - 2478 .

FLOWERS B , BUEHRER R M , HEADLEY W C . Evaluating adversarial evasion attacks in the context of wireless communications [J]. IEEE Transactions on Information Forensics and Security , 2020 , 15 : 1102 - 1113 .

ZHAO H J , LIN Y , GAO S , et al . Evaluating and improving adversarial attacks on DNN-based modulation recognition [C]// GLOBECOM 2020 - 2020 IEEE Global Communications Conference . Piscataway : IEEE , 2021 : 1 - 5 .

王超 , 魏祥麟 , 田青 , 等 . 基于特征梯度的调制识别深度网络对抗攻击方法 [J]. 计算机科学 , 2021 , 48 ( 7 ): 25 - 32 .

WANG C , WEI X L , TIAN Q , et al . Feature gradient-based adversarial attack on modulation recognition-oriented deep neural networks [J]. Computer Science , 2021 , 48 ( 7 ): 25 - 32 . (in Chinese)

HE K M , ZHANG X Y , REN S Q , et al . Deep residual learning for image recognition [C]// 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway : IEEE , 2016 : 770 - 778 .

SADEGHI M , LARSSON E G . Adversarial attacks on deep-learning based radio signal classification [J]. IEEE Wireless Communications Letters , 2019 , 8 ( 1 ): 213 - 216 .

SAINATH T N , VINYALS O , SENIOR A , et al . Convolutional, long short-term memory, fully connected deep neural networks [C]// 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) . Piscataway : IEEE , 2015 : 4580 - 4584 .

HOCHREITER S , SCHMIDHUBER J . Long short-term memory [J]. Neural Computation , 1997 , 9 ( 8 ): 1735 - 1780 .

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

A Quantum Probability Inspired Network for Dialogue Sarcasm Recognition

Variable Horizon Multi-Directional Scanning Method for Time Series Anomaly Detection

Differentially Private with Sparse and Smooth Self-Distillation

Operator Fusion Method and Hardware Architecture Design Based on Non-Standard Operators

Related Author

ZHANG Jian

ZHANG Ya-zhou

YU Yang

ZHU Shao-lin

CHEN Rui

RONG Lu

LIANG Hui

HUANG Yu-zhe

Related Institution

Software Engineering College, Zhengzhou University of Light Industry

School of Computer Science and Engineering, School of Cyber Science and Engineering, Nanjing University of Science and Technology

School of Information, Renmin University of China

College of Information Engineering, Capital Normal University

School of Mathematical Science, Capital Normal University

⁰