RF Domain Backdoor Attack on Signal Classification via Stealthy Trigger

Document Type

Article

Publication Date

1-1-2024

Abstract

Deep learning (DL) has recently become a key technology supporting radio frequency (RF) signal classification applications. Given the heavy DL training requirement, adopting outsourced training is a practical option for RF application developers. However, the outsourcing process exposes a security vulnerability that enables a backdoor attack. While backdoor attacks have been explored in the vision domain, it is rarely explored in the RF domain. In this work, we present a stealthy backdoor attack that targets DL-based RF signal classification. To realize such an attack, we extensively explore the characteristics of the RF data in different applications, which include RF modulation classification and RF fingerprint-based device identification. Then, we design a training-based backdoor trigger generation approach with different optimization procedures for two backdoor attack scenarios (i.e., poison-label and clean-label). Extensive experiments on two RF signal classification datasets show that the attack success rate is over 99.2%, while its classification accuracy for the clean data remains high (i.e., less than a 0.6% drop compared to the clean model). The low NMSE (less than 0.091) indicates the stealthiness of the attack. Additionally, we demonstrate that our attack can bypass existing defense strategies, such as Neural Cleanse and STRIP.

Identifier

85194088659 (Scopus)

Publication Title

IEEE Transactions on Mobile Computing

External Full Text Location

https://doi.org/10.1109/TMC.2024.3404341

e-ISSN

15580660

ISSN

15361233

First Page

11765

Last Page

11780

Issue

12

Volume

23

Grant

CCF2000480

Fund Ref

National Science Foundation

This document is currently not available here.

Share

COinS