We consider a communication scenario, in which an intruder tries to determine the modulation scheme of the intercepted signal. Our aim is to minimize the accuracy of the intruder, while guaranteeing that the intended receiver can still recover the underlying message with the highest reliability. This is achieved by perturbing channel input symbols at the encoder, similarly to adversarial attacks against classifiers in machine learning. In image classification, the perturbation is limited to be imperceptible to a human observer, while in our case the perturbation is constrained so that the message can still be reliably decoded by the legitimate receiver, which is oblivious to the perturbation. Simulation results demonstrate the viability of our approach to make wireless communication secure against state-of-the-art intruders (using deep learning or decision trees) with minimal sacrifice in the communication performance. On the other hand, we also demonstrate that using diverse training data and curriculum learning can significantly boost the accuracy of the intruder.

中文翻译：

---

最好的防御就是好的进攻：避免调制检测的对抗性攻击


我们考虑一种通信场景，其中入侵者试图确定截获信号的调制方案。我们的目标是最大限度地降低入侵者的准确性，同时保证目标接收者仍然能够以最高的可靠性恢复底层消息。这是通过扰乱编码器处的通道输入符号来实现的，类似于机器学习中针对分类器的对抗性攻击。在图像分类中，扰动被限制为人类观察者无法察觉，而在我们的例子中，扰动受到限制，以便合法接收者仍然可以可靠地解码消息，而合法接收者不会注意到扰动。仿真结果证明了我们的方法的可行性，可以使无线通信安全地抵御最先进的入侵者（使用深度学习或决策树），同时将通信性能的牺牲降到最低。另一方面，我们还证明，使用多样化的训练数据和课程学习可以显着提高入侵者的准确性。