Adversarial learning for wireless communications
Deep learning algorithms have been shown to be powerful in many communication network design problems, including that in automatic modulation classification and power allocation in massive MIMO network. However, they are vulnerable to carefully crafted attacks called adversarial examples. Hence, the reliance of wireless networks on deep learning algorithms poses a serious threat to the security and operation of wireless networks. It is of great importance to develop defenses against adversarial attacks in these wireless communication tasks.
In this thesis, several countermeasures are proposed against adversarial attacks in automatic modulation classification and power allocation in massive MIMO network.
A neural rejection technique is first proposed against adversarial attacks generated using fast gradient method and universal adversarial perturbations in modulation classification. Then three countermeasures are proposed based on neural rejection to further enhance the performance. The first defense is based on distillation and an ensemble model, and the second considers label smoothing and Gaussian noise augmentation technique. The third one integrates the adversarial training and label smoothing. The proposed methods can protect DNN from any impact caused by the white-box projected gradient descent attacks. Furthermore, a novel compact transformer is proposed which transfers the adversarial attention map from the robustly trained large transformer to a compact transformer. The proposed compact transformer method outperforms the state-of-the-art techniques for the considered white-box scenarios. Finally, a defense system called noise-augmented neural network is investigated to mitigate the effect of adversarial attacks in power allocation problems in massive multiple-input and multiple-output networks. Its performance against white-box fast gradient sign attacks and projected gradient descent attacks is evaluated.
- Mechanical, Electrical and Manufacturing Engineering
Rights holder© Lu Zhang
NotesA Doctoral Thesis. Submitted in partial fulfilment of the requirements for the award of the degree of Doctor of Philosophy of Loughborough University.
Supervisor(s)Sangarapillai Lambotharan ; Gan Zheng
This submission includes a signed certificate in addition to the thesis file(s)
- I have submitted a signed certificate