Adversarial Sample Detection Method for Intelligent Modulation Recognition of Electromagnetic Signals Based on Decision Boundary Sensitivity and Wavelet Transform

‍ ‍Deep learning， renowned for its exceptional accomplishments， has demonstrated remarkable success in various human-related tasks， encompassing image classification， segmentation， object detection and tracking， medical applications， translation， and speech recognition. Leveraging intricate algorithms and sophisticated neural networks， deep learning has emerged as a powerful tool for unraveling complex patterns， pushing the boundaries of what is achievable in the realms of technology and artificial intelligence. It excels at handling vast， complex datasets and autonomously extracting features for accurate predictions. With advancements in deep learning models and the increased availability of data and computational power， the accuracy of these applications continues to rise. Recently， deep learning has found extensive application in the field of electromagnetic signals， including signal classification based on frequency and time domain features using neural networks. However， neural networks are susceptible to adversarial samples， which can lead to misclassifications. Successfully detecting adversarial samples is crucial for enhancing the application of neural networks to electromagnetic signals. Therefore， research on generating， detecting， and defending against adversarial samples is of paramount importance. To address the effectiveness of existing single detection methods， this paper proposes a novel approach that utilizes decision boundary sensitivity and wavelet transform reconstruction for detecting adversarial samples. It leverages the sensitivity discrepancy between adversarial and normal samples at the model’s decision boundary for detection. For adversarial samples not initially detected， a wavelet transform is employed for sample reconstruction， and detection is based on disparities in model predictions before and after sample denoising. Ensuring a comprehensive and robust detection process， this multi-step method， marked by its intricate design and meticulous execution， incorporates various stages， each contributing distinct layers of scrutiny and analysis within the neural network architecture. In contrast to the single-step detection processes employed by existing methods， the proposed method introduces a multifaceted approach that effectively addresses the pervasive issue of incomplete detection. By incorporating a two-step detection mechanism， this novel methodology strategically identifies and rectifies the limitations of conventional single-step procedures. Adversarial samples， which might otherwise elude detection in the initial step， undergo re-examination and scrutiny during the second step of detection， aligning seamlessly with the overarching goal articulated in this article： a substantial enhancement of the detection success rate. This innovative two-step strategy not only rectifies the deficiencies observed in single-step methodologies but also contributes to the method’s robustness and overall efficacy in identifying and mitigating adversarial samples within the neural network framework. Experimental analyses were conducted on two modulation signal datasets to evaluate the proposed method. The results demonstrated the superiority of this approach over baseline detection methods. Not only did it improve the success rate of detection， but it also significantly contributed to enhancing the security performance of the model in the presence of adversarial samples. In conclusion， the application of deep learning in electromagnetic signal processing has shown great promise， but the susceptibility to adversarial samples poses a significant challenge. The proposed method， leveraging decision boundary sensitivity and wavelet transform reconstruction， provides an effective solution to this problem. It not only advances the field of deep learning in electromagnetic signals but also highlights the importance of research in detecting and defending against adversarial samples in various applications.