On the benefits of robust models in modulation recognition

Deep Neural Networks (DNNs) using convolutional layers are state-of-the-art in many tasks in communications. However, in other domains, like image classification, DNNs have been shown to be vulnerable to adversarial perturbations, which consist of imperceptible crafted noise that when added to the data fools the model into misclassification. This puts into question the security of using DNNs in communication tasks, and in particular in modulation recognition. We propose a novel framework to test the robustness of current state-of-the-art models. We show that they are susceptible to these perturbations. We use the constellation space to analyze these vulnerable models and found that they do not base their decisions on signal statistics that are important for the Bayes-optimal modulation recognition model, but spurious correlations in the training data. Our feature analysis and proposed framework can help in the task of finding better models for communication systems.

À propos de ce résultat

Cette page est générée automatiquement et peut contenir des informations qui ne sont pas correctes, complètes, à jour ou pertinentes par rapport à votre recherche. Il en va de même pour toutes les autres pages de ce site. Veillez à vérifier les informations auprès des sources officielles de l'EPFL.

Concepts associés

Chargement

Publications associées

Chargement

Pascal Frossard, Javier Alejandro Maroto Morales
2021
Article de conférence

Résumé

Official source

https://infoscience.epfl.ch/record/284655?ln=fr

À propos de ce résultat

Concepts associés (14)

Concepts associés

Chargement

Publications associées (20)

Publications associées

Chargement

A geometry-inspired decision-based attack

Pascal Frossard, Yujia Liu, Seyed Mohsen Moosavi Dezfooli

Deep neural networks have recently achieved tremen-dous success in image classification. Recent studies havehowever shown that they are easily misled into incorrectclassification decisions by adversarial examples. Adver-saries can even craft attacks by querying the model in black-box settings, where no information about the model is re-leased except its final decision. Such decision-based at-tacks usually require lots of queries, while real-world imagerecognition systems might actually restrict the number ofqueries. In this paper, we propose qFool, a novel decision-based attack algorithm that can generate adversarial exam-ples using a small number of queries. The qFool method candrastically reduce the number of queries compared to pre-vious decision-based attacks while reaching the same qual-ity of adversarial examples. We also enhance our methodby constraining adversarial perturbations in low-frequencysubspace, which can make qFool even more computation-ally efficient. Altogether, we manage to fool commercialimage recognition systems with a small number of queries,which demonstrates the actual effectiveness of our new al-gorithm in practice.

2019

Chargement

A Geometry-Inspired Decision-Based Attack

Pascal Frossard, Yujia Liu, Seyed Mohsen Moosavi Dezfooli

Deep neural networks have recently achieved tremendous success in image classification. Recent studies have however shown that they are easily misled into incorrect classification decisions by adversarial examples. Adversaries can even craft attacks by querying the model in black-box settings, where no information about the model is released except its final decision. Such decision-based attacks usually require lots of queries, while real-world image recognition systems might actually restrict the number of queries. In this paper, we propose qFool, a novel decision-based attack algorithm that can generate adversarial examples using a small number of queries. The qFool method can drastically reduce the number of queries compared to previous decision-based attacks while reaching the same quality of adversarial examples. We also enhance our method by constraining adversarial perturbations in low-frequency subspace, which can make qFool even more computationally efficient. Altogether, we manage to fool commercial image recognition systems with a small number of queries, which demonstrates the actual effectiveness of our new algorithm in practice.

IEEE COMPUTER SOC2019

Chargement

Impulsive noise removal via a blind CNN enhanced by an iterative post-processing

Hatef Otroshi Shahreza, Seyedeh Sahar Sadrizadeh

In digital imaging, especially in the process of data acquisition and transmission, images are often affected by impulsive noise. Therefore, it is essential to remove impulsive noise from images before any further processing. Due to the remarkable performance of deep neural networks in different applications of image processing and computer vision, we present an end-to-end fully convolutional neural network to remove impulsive noise from images. To train our network, we generate a customized dataset with various noise densities in which the highly corrupted images are more frequent. Hence, our convolutional neural network is blind since the percentage of impulsive noise is not required as prior knowledge. Moreover, we define a multi-term loss function to train our network. In particular, we define a novel term to impose the sparsity nature of impulsive noise. Experimental results indicate that our deep learning approach significantly outperforms other state-of-the-art methods in terms of reconstruction quality and speed on a system equipped with GPU. Meanwhile, we introduce a fast iterative method, as a post-processing stage, to further improve the reconstruction quality of our neural network. The proposed post-processing algorithm improves the reconstruction quality in only a fraction of a second. (c) 2021 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY license ( http://creativecommons.org/licenses/by/4.0/ )

ELSEVIER2022

Chargement

Modulation du signal

En télécommunications, le signal transportant une information doit passer par un moyen de transmission entre un émetteur et un récepteur. Le signal est rarement adapté à la transmission directe par

Communication

La communication est l'ensemble des interactions avec un tiers humain ou animal qui véhiculent une ou plusieurs informations. En dehors de la communication animale, on distingue chez l'être humain,

Réseau neuronal convolutif

En apprentissage automatique, un réseau de neurones convolutifs ou réseau de neurones à convolution (en anglais CNN ou ConvNet pour convolutional neural networks) est un type de réseau de neurones a