ML Security PapersOn the Vulnerability of Deep Automatic Modulation Classifiers to Explainable Backdoor Threats
Published on arXiv
2603.25310
Model Poisoning
OWASP ML Top 10 — ML10
Key Finding
Achieves high backdoor success rates for wide range of SNR values with small poisoning ratio across multiple DL-based AMC models
XAI-Guided Physical Backdoor Attack
Novel technique introduced
Deep learning (DL) has been widely studied for assisting applications of modern wireless communications. One of the applications is automatic modulation classification (AMC). However, DL models are found to be vulnerable to adversarial machine learning (AML) threats. One of the most persistent and stealthy threats is the backdoor (Trojan) attack. Nevertheless, most studied threats originate from other AI domains, such as computer vision (CV). Therefore, in this paper, a physical backdoor attack targeting the wireless signal before transmission is studied. The adversary is considered to be using explainable AI (XAI) to guide the placement of the trigger in the most vulnerable parts of the signal. Then, a class prototype combined with principal components is used to generate the trigger. The studied threat was found to be efficient in breaching multiple DL-based AMC models. The attack achieves high success rates for a wide range of SNR values and a small poisoning ratio.
Key Contributions
- Uses explainable AI (XAI) to identify vulnerable signal regions for optimal trigger placement
- Generates triggers using class prototypes combined with principal components
- Achieves high attack success rates across wide SNR range with small poisoning ratio
🛡️ Threat Analysis
Paper proposes a backdoor (Trojan) attack on DL-based automatic modulation classifiers, embedding triggers during training that activate at inference to cause targeted misclassification.