Adversarial attack method based on time shift transformation

• 1、Cyberspace Security School, Beijing University of Posts and Telecommunications, Beijing 100876

Abstract：The automatic modulation recognition model based on deep neural network has the advantages of autonomous analysis and automatic feature extraction, and is the key technology of cognitive radio in non-cooperative communication. However, related studies have shown that deep neural networks are very fragile and are extremely vulnerable to attacks from adversarial examples. This paper starts with black-box attack, studies the transferability of adversarial samples, and proposes an adversarial attack method based on time-shift transformation. In the process of adversarial sample generation, the original input signal is randomly time-shifted by the method to alleviate the overfitting of the adversarial samples and the model. Experimental results on public datasets show that compared with traditional gradient-based attack methods, the proposed method has similar attack effects in the case of white-box attacks, but higher attack success rate in the case of black-box attacks, the generated adversarial examples have better transferability.

Keywords： deep neural network adversarial attack modulation recognition transferability