Adversarial Examples Detection of Radio Signals Based on Multifeature Fusion

Abstract

In the field of deep learning, deep neural networks (DNNs) have shown good performance on classification applications. However, a DNN model is vulnerable to adversarial examples, which is formed by adding tiny perturbations on a normal example and can mislead the DNN model to make a wrong estimate during the prediction. In this brief, for adversarial attacks in radio signals field, we propose a novel adversarial example detection strategy based on multifeature fusion and provide a framework which includes generating adversarial examples, extracting the local intrinsic dimensionality (LID) features and the constellation diagram (CD) features, detecting adversarial examples. We obtain the output values of normal examples and adversarial examples in each layer of the model respectively, and then, calculate the LID features values of examples by the maximum likelihood estimate based on a certain neighborhood range. Meanwhile, we calculate the CD features values by the range feature and density feature of the constellation diagram distribution. Finally, a logistic regression classifier is trained based on multifeature fusion values to detect adversarial examples. The experimental results across two benchmark datasets demonstrate that the proposed multifeature fusion method could accurately detect adversarial examples of radio signals. The detection accuracy is up to 98.7% when the perturbation reached 10%.