| MS Seminar

Name of the Speaker: Mr. Deepsayan Sadhukhan (EE20S001)
Guide: Dr. Sheetal Kalyani
Venue: ESB-244 (Seminar Hall)
Date/Time: 22nd April 2025 (Tuesday), 11:00 AM
Title: Towards Enhanced Robustness in Deep Learning: Adversarial Attacks and Defenses for Automatic Modulation Classification

Abstract :

Keywords: Deep Learning, Wireless communication, Automatic Modulation Classification, Binary Neural Network, Ensemble Bagging, Computation and Memory Efficiency, Adversarial Attack, and Golden Ratio Search. This thesis focuses on advancing the field of Deep Learning-based Automatic Modulation Classification (AMC) through two complementary works: adversarial attack strategies and enhancing adversarial robustness for deployment in resource-constrained edge networks. The first work introduces a minimal power white-box adversarial attack designed explicitly for Deep Learning-based AMC systems. Utilizing the Golden Ratio Search (GRS) method, this attack identifies potent adversarial examples while minimizing the power required for their generation. The efficacy of the proposed attack is benchmarked against existing adversarial techniques, and its impact is assessed across various state-of-the-art AMC architectures, including models equipped with defense mechanisms like adversarial training, binarization, and ensemble methods. Experimental results show that the proposed attack is not only effective but also computationally efficient, posing a significant challenge to the robustness of current AMC models. In contrast, the second work addresses the vulnerability of DNN-based AMC systems to adversarial attacks, especially in resource-limited environments. A novel Rotated Binary Large ResNet (RBLResNet) architecture is proposed, offering both low computational complexity and enhanced adversarial robustness. The RBLResNet is tailored for edge network deployment due to its low memory and processing requirements. Through the ensemble method of Lipschitz bagging multiple RBLResNets, the performance of this model approaches that of conventional architectures with floating-point weights and activations. Moreover, RBLResNet exhibits superior adversarial robustness, maintaining high classification accuracy across varying Signal-to-Noise Ratios (SNRs) and outperforming existing models and defense mechanisms. Together, these works provide a holistic view of both adversarial attack strategies and robust defense techniques, contributing to the future of secure and efficient AMC in edge networks.