Deep learning (DL) is a powerful technique for many real-time applications, but it is vulnerable to adversarial attacks. Herein, we consider DL-based modulation classification, with the objective to create DL models that are robust against attacks. Specifically, we introduce three defense techniques: i) randomized smoothing, ii) hybrid projected gradient descent adversarial training, and iii) fast adversarial training, and evaluate them under both white-box (WB) and black-box (BB) attacks. We show that the proposed fast adversarial training is more robust and computationally efficient than the other techniques, and can create models that are extremely robust to practical (BB) attacks.

Deep learning (DL), despite its enormous success in many computer vision and language processing applications, is exceedingly vulnerable to adversarial attacks. We consider the use of DL for radio signal (modulation) classification tasks, and present practical methods for the crafting of white-box and universal black-box adversarial attacks in that application. We show that these attacks can considerably reduce the classification performance, with extremely small perturbations of the input. In particular, these attacks are significantly more powerful than classical jamming attacks, which raises significant security and robustness concerns in the use of DL-based algorithms for the wireless physical layer.