Backdoor Attack Method in Autoencoder End-to-End Communication System
End-to-end communication systems based on auto-encoders do not require an explicit design of communication proto-cols,resulting in lower complexity compared to traditional modular communication systems,as well as higher flexibility and ro-bustness.However,the weak interpretability of the auto-encoder model has brought new security risks to the end-to-end commu-nication system.Experiment shows that,in the scenario of unknown channel and separate training of the decoder,by adding care-fully designed triggers at the channel layer,the originally well-performing decoder can produce misjudgments,without affecting the performance of the decoder when processing samples without triggers,achieving a backdoor attack on the communication sys-tem.This paper designs a trigger generation model and proposes a backdoor attack method that combines the trigger generation model with the auto-encoder model for joint training,realizing the automatic generation of dynamic triggers,increasing the stealthiness of the attack while improving the success rate of the attack.In order to verify the effectiveness of the proposed me-thod,four different auto-encoder models are implemented,and the backdoor attack effects under different signal-to-noise ratios,different poisoning rates,different trigger sizes,and different trigger signal ratios are studied.Experimental results show that un-der a 6dB signal-to-noise ratio,the attack success rate and clean sample recognition rate of our proposal are both greater than 92%for the four different auto-encoder models.
Deep learningBackdoor attackEnd-to-End communicationTriggerAuto-encoder
NETL
NSTL
万方数据
