Application of Adversarial Machine learning in Protocol and Modulation Misclassification

Research output: Chapter in Book/Report/Conference proceedingConference contribution


This paper explores the application of adversarial machine learning (AML) in RF communications, and more specifically the impact of intelligently crafted AML perturbations on the accuracy of deep neural network (DNN) based technology (protocol) and modulation-scheme classifiers. For protocol classification, we consider multiple heterogeneous wireless technologies that operate over shared spectrum, exemplified by the coexistence of Wi-Fi, LTE LAA (Licensed Assisted Access), and 5G NR-Unlicensed (5G NR-U) devices in the unlicensed 5 GHz bands. Time-interleaving-based spectrum sharing is assumed. Given a window of received I/Q samples, a legitimate DNN-based classifier (called the defender’s classifier) is often used to identify the underlying protocol/technology. Similarly, DNN classifiers are often used to discern the underlying modulation scheme. For both types of classifiers, we study an attack model in which an adversarial device eavesdrops on ongoing transmissions and uses its own attacker’s classifier to generate low-power AML perturbations that significantly degrade the accuracy of the defender’s classifier. We consider several DNN architectures for protocol and modulation classification (based on recurrent and convolutional neural networks) that normally exhibit high classification accuracy under random noise (i.e., AWGN). By applying AML-generated perturbations, we show how the accuracy of these classifiers degrades significantly, even when the signal-to-perturbation ratio (SPR) is high. Several attack vectors are formulated, depending on how much knowledge the attacker has of the defender’s classifier. On the one extreme, we study a “white-box” attack, whereby the attacker has complete knowledge of the defender’s classifier and its training dataset. We gradually relax this assuming, ultimately considering an almost “black-box” attack. Mitigation techniques based on AML training are presented and are shown to help in countering AML attacks.

Original languageEnglish (US)
Title of host publicationArtificial Intelligence and Machine Learning for Multi-Domain Operations Applications IV
EditorsTien Pham, Latasha Solomon
ISBN (Electronic)9781510651029
StatePublished - 2022
EventArtificial Intelligence and Machine Learning for Multi-Domain Operations Applications IV 2022 - Virtual, Online
Duration: Jun 6 2022Jun 12 2022

Publication series

NameProceedings of SPIE - The International Society for Optical Engineering
ISSN (Print)0277-786X
ISSN (Electronic)1996-756X


ConferenceArtificial Intelligence and Machine Learning for Multi-Domain Operations Applications IV 2022
CityVirtual, Online


  • adversarial machine learning
  • deep learning
  • Shared spectrum
  • signal classification
  • wireless security

ASJC Scopus subject areas

  • Electronic, Optical and Magnetic Materials
  • Condensed Matter Physics
  • Computer Science Applications
  • Applied Mathematics
  • Electrical and Electronic Engineering


Dive into the research topics of 'Application of Adversarial Machine learning in Protocol and Modulation Misclassification'. Together they form a unique fingerprint.

Cite this