Attention-based Adversarial Robust Distillation in Radio Signal Classifications for Low-Power IoT Devices

Due to great success of transformers in many applications such as natural language processing and computer vision, transformers have been successfully applied in automatic modulation classification. We have shown that transformer-based radio signal classification is vulnerable to imperceptible and c...

Full description

Saved in:
Bibliographic Details
Published inIEEE internet of things journal Vol. 10; no. 3; p. 1
Main Authors Zhang, Lu, Lambotharan, Sangarapillai, Zheng, Gan, Liao, Guisheng, AsSadhan, Basil, Roli, Fabio
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 01.02.2023
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
adversarial attention map
adversarial examples
adversarial training
Computer vision
Distillation
fast gradient method
Internet of Things
low-power IoT devices
Modulation
Natural language processing
Neural networks
Perturbation methods
Power management
projected gradient descent algorithm
Radio signals
Robustness
Signal classification
Training
transformer
Transformers
Online AccessGet full text

Cover

More Information
Summary:Due to great success of transformers in many applications such as natural language processing and computer vision, transformers have been successfully applied in automatic modulation classification. We have shown that transformer-based radio signal classification is vulnerable to imperceptible and carefully crafted attacks called adversarial examples. Therefore, we propose a defense system against adversarial examples in transformer-based modulation classifications. Considering the need for computationally efficient architecture particularly for Internet of Things (IoT)-based applications or operation of devices in environment where power supply is limited, we propose a compact transformer for modulation classification. The advantages of robust training such as adversarial training in transformers may not be attainable in compact transformers. By demonstrating this, we propose a novel compact transformer that can enhance robustness in the presence of adversarial attacks. The new method is aimed at transferring the adversarial attention map from the robustly trained large transformer to a compact transformer. The proposed method outperforms the state-of-the-art techniques for the considered white-box scenarios including fast gradient method and projected gradient descent attacks. We have provided reasoning of the underlying working mechanisms and investigated the transferability of the adversarial examples between different architectures. The proposed method has the potential to protect the transformer from the transferability of adversarial examples.
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2022.3215188