Adversarial defense method based on ensemble learning for modulation signal intelligent recognition

Modulation signal intelligent recognition model based on deep learning is widely used in the field of radio signal intelligent processing, but the adversarial attack has become a huge security threat. In order to promote the safe and reliable application of the modulation recognition intelligent model, it is necessary to study its adversarial defense technology. An adversarial defense method based on ensemble learning for modulation signal intelligent recognition model is proposed in this paper. Specifically, this method is achieved by combining multiple defense models such as adversarial training, defensive distillation, and noise smoothing. Variety of attack algorithms in both the white-box and black-box scenarios under different intensities of perturbation and different signal-to-noise ratios are carried out to verify the robustness performance of the proposed method. Strikingly, the accuracy of the model is improved to over 80% when the SNR is above 0 dB under Carlini and Wagner attack.