摘要
We propose a novel defensive mechanism based on a generative adversarial network (GAN) framework to defend against adversarial attacks in end-to-end communications systems. Specifically, we utilize a generative network to model a powerful adversary and enable the end-to-end communications system to combat the generative attack network via a minimax game. We show that the proposed system not only works well against white-box and black-box adversarial attacks but also possesses excellent generalization capabilities to maintain good performance under no attacks. We also show that our GAN-based end-to-end system outperforms the conventional communications system and the end-to-end communications system with/without adversarial training.
我们提出了一种基于生成对抗网络(GAN)框架的新型防御机制,以防御端到端通信系统中的对抗性攻击。具体来说,我们利用生成网络来模拟一个强大的对手,并使端到端通信系统能够通过极大极小博弈来对抗生成攻击网络。研究表明,该系统不仅能很好地抵抗白盒和黑盒攻击,而且具有良好的泛化能力,可以在无攻击的情况下保持良好的性能。我们还表明,基于GAN的端到端系统优于传统通信系统和有/没有对抗性训练的端到端通信系统。
关键词
Adversarial networks, 对抗网络
Wireless communications security, 无线通信安全
Adversarial attacks, 对抗攻击
Robust end-to-end learning, 健壮的端到端学习
论文内容
典型的端到端自编码器通信系统如下图所示,其中Channel为additive white Gaussian noise (AWGN) channel。
对抗性攻击示意图如下,使用FGM来制作对抗性扰动。
基于对抗网络的鲁棒性端到端通信系统的方法
文章实现了两个不同的端到端通信系统:
基于多层感知机(MLP)的端到端通信系统
基于卷积神经网络(CNN)的端到端通信系统
编码器和解码器结构参照文献
总结
This paper presents a novel GAN-based defense approach for end-to-end learning of communications systems, which uses a generative network to model powerful adversarial perturbations and jointly train the end-to-end communications system against the generative attack network. Our approach can learn an end-to-end communication system which is robust to various adversarial perturbations including both white-box and black-box attacks, without degrading the generalization performance of the system. In evaluation results, our GANbased communications system shows better performance and defense capability than the classical communications scheme and the end-to-end communications system with regular training and adversarial training.
本文提出了一种基于GAN的通信系统端到端学习防御方法,该方法使用生成网络对强大的对抗性扰动进行建模,并联合训练端到端通信系统对抗生成攻击网络。我们的方法可以学习一个端到端通信系统,该系统对各种对抗性扰动(包括白盒和黑盒攻击)具有鲁棒性,而不会降低系统的泛化性能。在评估结果中,基于GAN的通信系统比经典通信方案和经过常规训练和对抗性训练的端到端通信系统表现出更好的性能和防御能力。
论文和引用论文链接
A Robust Adversarial Network-Based End-to-End Communications System With Strong Generalization
An Introduction to Deep Learning for the Physical Layer
Explaining and harnessing adversarial examples
Physical adversarial attacks against endto-end autoencoder communication systems
Adversarial training and robustness for multiple perturbations
Adversarial training can hurt generalization
Generative adversarial nets
Adversarial examples: Attacks and defenses for deep learning
A direct approach to robust deep learning using adversarial networks
The numerics of GANs
实验复现
TensorFlow Version
代码基于 TensorFlow-GPU 2.0
Main Function Files
“gan_blackbox.py”: 提出的方法在黑盒攻击下的表现
“gan_whitebox.py”: 提出的方法在白盒攻击下的表现
“regular_training_blackbox.py”:黑盒攻击下常规训练方法的BLER表现
“regular_training_whitebox.py”:白盒攻击下常规训练方法的BLER表现
“adversarial_training_blackbox.py”:黑盒攻击下对抗性训练方法的BLER表现
“adversarial_training_whitebox.py”:白盒攻击下对抗训练方法的BLER表现
Class Function Files
"classes/GAN_Classes.py“:为基于 GAN 的端到端系统实现
“classes/Autoencoder_Classes.py”:用于自动编码器端到端系统的实现
“classeshamming.py”:为传统通信系统(BPSK、Hamming)实现
Other Files
“UAP”:用于黑盒攻击的扰动
扫一扫
5399
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
