A Novel and Efficient Multi-Target Backdoor Attack for Deep Learning-Based Wireless Signal Classifiers
Copyright policy )A Novel and Efficient Multi-Target Backdoor Attack for Deep Learning-Based Wireless Signal Classifiers
Deep learning (DL)-based wireless signal classification is increasingly becoming important and deployed on edge devices (e.g., IoT, smartphones, etc.) to enhance communication reliability and efficiency. However, these DL models are vulnerable to security threats due to the broadcast nature of radio frequency (RF) signals. This work proposes a novel and practical backdoor attack on DL models for automatic modulation classification of RF signals after deployment in wireless devices. Our attack method is practically realizable and does not require access to the target model’s training data or architecture, which is a less explored area in DL-based wireless systems. We propose an efficient method to design multiple backdoor triggers based on Hadamard matrices that are orthogonal to each other, which can be easily injected into the received RF signals. Further, the attack mechanism utilizes a model named BackdoorNet that includes a denoising autoencoder to extract multiple triggers and a fully-connected deep neural network to generate misclassification signals based on the extracted triggers. The BackdoorNet is a lightweight model that can be injected into various target DL models without resource-intensive training, making the attack computationally efficient. We thoroughly investigate the attack’s effectiveness based on modulation classification accuracy (MCA), attack success rate (ASR), trigger false alarm rate (FAR), effect on signal characteristics, and generalization of attack performance across different target DL models. The results suggest that, across the investigated target DL models, our method can achieve an ASR of 99% on multiple target labels without affecting the MCA and the FAR on clean signals, emphasizing the method’s multi-target attack capability, stealthiness, and computational efficiency compared to recent backdoor attacks. Furthermore, we analyze defense techniques against the proposed backdoor attack and show the effectiveness of activation clustering in distinguishing between clean and triggered signals. The extensive experimentation and detailed analysis of the proposed backdoor attack mechanism show a significant security threat to the DL-based wireless classifiers, necessitating further research on other DL-based wireless applications.
backdoor attack, Activation clustering, deep learning, edge devices, Hadamard matrices, Electrical engineering. Electronics. Nuclear engineering, modulation classification, TK1-9971
backdoor attack, Activation clustering, deep learning, edge devices, Hadamard matrices, Electrical engineering. Electronics. Nuclear engineering, modulation classification, TK1-9971
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).0 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Average influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Average impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Average
Citations provided by BIP!Popularity provided by BIP!