Channel-Robust Class-Universal Spectrum-Focused Frequency Adversarial Attacks on Modulated Classification Models

With the improvement of basic designs and the evolution of key algorithms, artificial intelligence (AI) has been considered by both industry and academia as the most promising solution for many electromagnetic space problems, such as automatic modulation classification (AMC). However, the fact that AI-based AMC models are vulnerable to adversarial examples mystifies the optimism. Adversarial attacks help researchers to reexamine AI-based AMC models and promote safe applications. In this paper, we study the frequency leakage and glitch problems caused by high frequency components in the adversarial perturbations of existing attack algorithms. We propose a Spectrum-focused Frequency Adversarial Attack (SFAA) algorithm to suppress the high frequency components to alleviate such problems. Next, we leverage meta-learning to improve the transferability of the proposed algorithm for black-box attacks. We also train a Channel-robust Class-universal Spectrum-focused Frequency Adversarial Attack (CrCu-SFAA) generative model using the generative adversarial network framework. Finally, extensive experiments using qualitative and quantitative indicators demonstrate that the proposed algorithm achieves an improved attack performance, and our proposed approach of reducing out-of-band high frequency components of the adversarial perturbations improves the concealment and adversarial signal quality.