电磁频谱人工智能模型的对抗安全威胁综述  被引量：1

作　　者：张思成 张建廷 杨研蝶 杨凇麟 姜航 宣琦 林云[1] ZHANG Sicheng;ZHANG Jianting;YANG Yandie;YANG Songlin;JIANG Hang;XUAN Qi;LIN Yun(School of Information and Communication,Harbin Engineering University,Harbin 150001,China;Naval Research Institute of PLA,Beijing 100036,China;Binjiang Cyberspace Security Institute of ZJUT,Hangzhou 310056,China;College of Information Engineering,Zhejiang University of Technology,Hangzhou 310023,China)

机构地区：[1]哈尔滨工程大学信息与通信工程,黑龙江哈尔滨150001 [2]中国人民解放军海军研究院,北京100036 [3]杭州市滨江区浙工大网络空间安全创新研究院,浙江杭州310056 [4]浙江工业大学信息工程学院,浙江杭州310023

出　　处：《无线电通信技术》2024年第1期1-13,共13页Radio Communications Technology

基　　金：国家自然科学基金面上项目(62201172);中央高校基本科研业务(3072023CFJ0801);哈尔滨工程大学先进船舶通信与信息技术工业和信息化部重点实验室项目。

摘　　要：电磁频谱在现代社会中扮演着至关重要的角色,是国家战略资源,为通信、导航、科学研究和国防等领域提供关键支持。为应对电磁频谱高效管理与利用中的诸多挑战,人工智能(Artificial Intelligence, AI)技术在物理层中被广泛应用。然而,研究发现AI模型对于数据的依赖导致其在训练和测试阶段容易受到恶意攻击。为推动针对电磁频谱AI模型的攻击与防御相关研究的发展,保障AI模型的安全应用,提升电磁安全能力,对电磁频谱物理层AI模型的对抗攻击方法进行了回顾,包括在训练阶段和测试阶段的攻击原理与方法。从数据、模型以及电磁信号特性的角度回顾了对抗攻击的评测工作。展望了攻击、评测和系统研发三个具有潜力的研究方向,并做出了总结。Electromagnetic spectrum plays a crucial role in modern society,forming the foundation of national strategic resources and providing key support in fields such as communication,navigation,scientific research,and national defense.To address myriad challenges in efficient management and utilization of electromagnetic spectrum,Artificial Intelligence(AI)technologies are widely a pplied at the physical layer.However,studies have found that AI models reliance on data makes them vulnerable to malicious attacks during both training and testing phases.To advance research on attacks and defenses related to AI models of electromagnetic spectrum,and to ensure secure application of AI models,thereby enhancing electromagnetic security capabilities,this paper reviews adversarial attack methods on AI models of physical layer.This includes principles and methods of attacks during training and testing phases.A review is given from the perspectives of data,model,and specific characteristics of the electromagnetic signal domain.Finally,the p aper identifies three potential research directions attacks,evaluation,and system development,and concludes with a summary.

关 键 词：电磁频谱安全 人工智能模型 数据投毒 后门攻击 对抗样本 

分 类 号：TN918.91[电子电信—通信与信息系统]