Real-World Adversarial Attacks on RF-Based Drone Detectors

Radio frequency (RF) based systems are increasingly used to detect drones by analyzing their RF signal patterns, converting them into spectrogram images which are processed by object detection models. Existing RF attacks against image based models alter digital features, making over-the-air (OTA) implementation difficult due to the challenge of converting digital perturbations to transmittable waveforms that may introduce synchronization errors and interference, and encounter hardware limitations. We present the first physical attack on RF image based drone detectors, optimizing class-specific universal complex baseband (I/Q) perturbation waveforms that are transmitted alongside legitimate communications. We evaluated the attack using RF recordings and OTA experiments with four types of drones. Our results show that modest, structured I/Q perturbations are compatible with standard RF chains and reliably reduce target drone detection while preserving detection of legitimate drones.

Key Contributions

• First physical adversarial attack targeting RF image-based object detection models (YOLO, Faster R-CNN), extending prior work beyond classification tasks
• Novel CUAP optimization directly in the I/Q baseband domain, ensuring OTA physical realizability and compatibility with standard RF hardware without digital-to-RF pixel-space conversion
• Time-shift-invariant, class-specific universal perturbation that suppresses target drone detection while preserving detection of legitimate drones in asynchronous multi-emitter scenarios

🛡️ Threat Analysis

Details

Similar Papers