Communications Aware Adversarial Residual Networks for Over the Air Evasion Attacks

Recent work in adversarial radio frequency machine learning has demonstrated the use of untargeted adversarial machine learning techniques for over the air evasion of raw inphase and quadrature based Automatic Modulation Classification Deep Neural Networks. However, most of the proposed methodologies only consider the effect of adversarial machine learning on the underlying transmission as an evaluation metric or don't consider it at all. Furthermore, all of the proposed techniques require gradient computation for each example in order to craft an adversarial perturbation, which makes deployment of these adversarial methodologies to communications hardware difficult. The current work addresses both of these shortcomings. First, methodology is developed that directly accounts for the bit error rate of the underlying transmission in the adversarial optimization problem. Additionally, the learned model for perturbation creation is encapsulated in a fully convolutional adversarial residual network. Once the parameters of this network are learned, it can be easily deployed. The methodology is found to perform equivalently or better than a comparison adversarial evasion attack using the well known Fast Gradient Sign Method.