HyperAdv: Dynamic Defense Against Adversarial Radio Frequency Machine Learning Systems

Radio Frequency Machine Learning Systems (RFMLS) have attracted increasing interest over the past few years. However, it has been demonstrated that RFMLS are vulnerable to Adversarial Machine Learning (AML). While AML has been extensively investigated in traditional domains, current state of the art...

Full description

Saved in:
Bibliographic Details
Main Authors: Zhang, Milin, De Lucia, Michael, Swami, Ananthram, Ashdown, Jonathan, Turck, Kurt, Restuccia, Francesco
Format: Conference Proceeding
Language:English
Subjects:
Accuracy
Adversarial machine learning
Artificial neural networks
Ensemble learning
Military communication
Robustness
Training
Wireless communication
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Radio Frequency Machine Learning Systems (RFMLS) have attracted increasing interest over the past few years. However, it has been demonstrated that RFMLS are vulnerable to Adversarial Machine Learning (AML). While AML has been extensively investigated in traditional domains, current state of the art often compromises the performance on benign data or introduces excessive computational overhead. As such, it cannot meet the strict requirements of tactical RFMLS. In this paper, we propose a novel defense approach based on dynamic adaptation of Deep Neural Network (DNN). Specifically, we leverage a hypernetwork to dynamically generate diverse parameters for a target DNN during inference. In addition, an ensemble learning and multi-stage training framework is proposed to train such a hypernetwork. Experimental results show that the proposed defense can increase the accuracy on adversarial examples by 48% and 16% in comparison to naturally trained DNN and defensive training strategies, respectively.
ISSN:2155-7586
DOI:10.1109/MILCOM61039.2024.10773813