Optimization of Communication Signal Adversarial Examples by Selectively Preserving Low-Frequency Components of Perturbations

Achieving high attack success rate (ASR) with minimal perturbed distortion has consistently been a prominent and challenging research topic in the field of adversarial examples. In this paper, a novel method to optimize communication signal adversarial examples is proposed by focusing on low-frequency components of perturbations (LFCP). Observations on model attention towards DCT coefficients reveal the crucial role of LFCP within adversarial examples in altering the model's predictions. As a result, selectively preserving LFCP is established as the fundamental concept of the optimization strategy. By utilizing the binary search algorithm, which considers the inconsistency in the model's predictions as a constraint, LFCP can be effectively identified, and the aim of minimizing perturbed distortion while maintaining ASR can be achieved. Experimental results conducted on a publicly available dataset, six adversarial attacks and two DNN models, indicate that the proposed method not only significantly minimizes perturbed distortion for FGSM, BIM, PGD, and MI-FGSM but also achieves a modest improvement in ASR. Notably, even for DeepFool and BS-FGM, which introduce small perturbations and exhibit high ASRs, the proposed method can still deliver feasible performance.