基于决策边界敏感性和小波变换的电磁信号调制智能识别对抗样本检测方法  被引量：2

作　　者：徐东伟[1,2] 蒋斌[1,2] 朱慧燕 宣琦 王巍[3] 林云 沈伟国[3] 杨小牛 XU Dongwei;JIANG Bin;ZHU Huiyan;XUAN Qi;WANG Wei;LIN Yun;SHEN Weiguo;YANG Xiaoniu(Institute of Cyberspace Security,Zhejiang University of Technology,Hangzhou,Zhejiang 310023,China;College of Information Engineering,Zhejiang University of Technology,Hangzhou,Zhejiang 310023,China;National Key Laboratory of Electromagnetic Space Security,Jiaxing,Zhejiang 314033,China;College of Information and Communication Engineering,Harbin Engineering University,Harbin,Heilongjiang 150001,China)

机构地区：[1]浙江工业大学网络安全研究院,浙江杭州310023 [2]浙江工业大学信息工程学院,浙江杭州310023 [3]电磁空间安全全国重点实验室,浙江嘉兴314033 [4]哈尔滨工程大学信息与通信工程学院,黑龙江哈尔滨150001

出　　处：《信号处理》2024年第4期625-638,共14页Journal of Signal Processing

基　　金：国家自然科学基金联合重点基金(U21B2001);嘉兴南湖学院校级科研项目(62211ZL)。

摘　　要：深度学习在图像分类和分割、物体检测和追踪、医疗、翻译和语音识别等与人类相关的任务中取得了巨大的成功。它能够处理大量复杂的数据,并自动提取特征进行预测,因此可以更准确地预测结果。随着深度学习模型的不断发展,以及可获得的数据和计算能力的提高,这些应用的准确性不断提升。最近,深度学习也在电磁信号领域得到了广泛应用,例如利用神经网络根据信号的频域和时域特征对其进行分类。但神经网络容易受到对抗样本的干扰,这些对抗样本可以轻易欺骗神经网络,导致分类错误。因此,对抗样本的生成、检测和防护的研究变得尤为重要,这将促进深度学习在电磁信号领域和其他领域的发展。针对现阶段单一的检测方法的有效性不高的问题,提出了基于决策边界敏感性和小波变换重构的对抗样本检测方法。利用了对抗样本与正常样本对模型决策边界的敏感性差异来进行检测,接着针对第一检测阶段中未检测出的对抗样本,本文利用小波变换对样本进行重构,利用样本去噪前后在模型中的预测值差异来进行检测。本文在两种调制信号数据集上进行了实验分析,并与基线检测方法进行对比,此方法更优。这一研究的创新点在于综合考虑了模型决策边界的敏感性和小波变换的重构能力,通过巧妙的组合,提出了一种更为全面、精准的对抗样本检测方法。这为深度学习在电磁信号领域的稳健应用提供了新的思路和方法。Deep learning,renowned for its exceptional accomplishments,has demonstrated remarkable success in vari-ous human-related tasks,encompassing image classification,segmentation,object detection and tracking,medical ap-plications,translation,and speech recognition.Leveraging intricate algorithms and sophisticated neural networks,deep learning has emerged as a powerful tool for unraveling complex patterns,pushing the boundaries of what is achievable in the realms of technology and artificial intelligence.It excels at handling vast,complex datasets and autonomously ex-tracting features for accurate predictions.With advancements in deep learning models and the increased availability of data and computational power,the accuracy of these applications continues to rise.Recently,deep learning has found extensive application in the field of electromagnetic signals,including signal classification based on frequency and time domain features using neural networks.However,neural networks are susceptible to adversarial samples,which can lead to misclassifications.Successfully detecting adversarial samples is crucial for enhancing the application of neural networks to electromagnetic signals.Therefore,research on generating,detecting,and defending against adversarial samples is of paramount importance.To address the effectiveness of existing single detection methods,this paper pro-poses a novel approach that utilizes decision boundary sensitivity and wavelet transform reconstruction for detecting ad-versarial samples.It leverages the sensitivity discrepancy between adversarial and normal samples at the model’s deci-sion boundary for detection.For adversarial samples not initially detected,a wavelet transform is employed for sample reconstruction,and detection is based on disparities in model predictions before and after sample denoising.Ensuring a comprehensive and robust detection process,this multi-step method,marked by its intricate design and meticulous ex-ecution,incorporates various stages,each contributing distinct layers

关 键 词：对抗样本检测 小波重构 决策边界 电磁信号 对抗攻击 

分 类 号：TP18[自动化与计算机技术—控制理论与控制工程]