摘要: |
深度学习模型依赖大量带类标的数据作为训练数据,实际应用的各种无线电环境中收集并标记无线电信号需要消耗大量的人力物力,极大地限制了深度学习模型在无线电信号识别中的应用。目前针对数据量不足带来的问题,研究者们主要采用数据增强的方法,即根据一些先验知识,在保持已知信息的前提下,对原始数据进行适当变换达到扩充数据集的效果。具体到分类任务,在保持数据类别不变的前提下,可以对训练集中的每个样本进行变换,如在一定程度内的随机旋转、缩放、裁剪、左右翻转等,这些变换对应着同一个目标在不同角度的观察结果,并且增强效果有限。此外,深度学习作为一个非常复杂的方法,会面对各种安全问题。深度神经网络很容易受到对抗样本的攻击,攻击者可以通过向良性数据中添加特定的扰动,生成对抗样本,使DNN模型出错。虽然这些伪造的样本对人类的判断没有影响,但是对于深度学习模型来说是一个致命性的误导。聚焦到深度学习领域,本论文提出一种针对无线电信号分类的对抗增强方法,将对抗训练方法引入信号领域,通过控制eps、iteration参数,在数据集中添加算法精心设计的细微扰动生成靠近决策边界面的边界样本实现数据增强,将边界样本与训练样本混合,重新训练识别模型,在提升模型识别精度的同时,提升模型的防御能力。最终在多个分类模型、多个实际无线电信号数据集上的分类性能都有显著的提高,同时防御性能也显著增强,验证了本文提出的信号增强识别方法的有效性。关键词深度学习;对抗训练;调制识别;数据增强 |
关键词: 深度学习 对抗训练 调制识别 数据增强 |
DOI:10.19363/J.cnki.cn10-1380/tn.2022.05.10 |
Received:March 16, 2021Revised:May 26, 2021 |
基金项目:本课题得到国家自然科学基金(No.U19B2016)资助。 |
|
An Adversarial Enhancement Method for Radio Signal Classification |
XUAN Qi,CUI Hui,XU Xinjie,CHEN Zhuangzhi,ZHENG Shilian,WANG Wei,YANG Xiaoniu |
Department of Cyberspace Security, Zhejiang University of Technology, Hangzhou 310012, China;Department of the Science and Technology on Communication Information Security Control Laboratory, Jiaxing 314033, China |
Abstract: |
Deep learning models have relied on a large number of labeled data as training data. Collecting and labeling radio signals in various environments require a lot of manpower and material resources, which will limit the application of deep learning models in radio signal modulation recognition. At present, in view of the problem caused by insufficient data quantity, researchers mainly use the method of data enhancement, that is, according to some prior knowledge, the original data is maintained with known information to achieve the effect of expanding the data set. Specifically for the classification task, on the premise of keeping the data category unchanged, each sample in the training set can be transformed, such as random rotation, zoom, cutting, left and right flipping to a certain extent. These transformations correspond to the observations of the same target at different angles, and the enhancement effect is limited. In addition, as a complex method, deep learning has faced various security problems. Deep neural networks are vulnerable to adversarial samples, and attackers can make the deep neural networks model wrong by adding specific perturbations to the benign data. Although these forged samples have no effect on human judgment, they are a fatal and misleading effect for deep learning models. Considering the importance of the problem, the adversarial enhancement method for radio signal classification was proposed. Adversarial training methods are introduced into the radio signal modulation recognition, by controlling the eps, iteration parameters, the data augmentation is achieved by adding subtle perturbations designed by the algorithm to generate the boundary sample near the decision boundary, the boundary sample was mixed with the training sample, retraining the radio signal classification model, which can improve the model's performance of defense while ensure the modulation recognition accuracy. Finally, the recognition accuracy are improved on multiple radio signal modulation recognition models and multiple radio signal data sets, and the defense performance is also significantly enhanced, which verifies the effectiveness of the signal data augmentation method proposed in this paper. |
Key words: deep learning adversarial training modulation recognition data augmentation |