Adversarial Domain Generalization Defense via Task-Relevant Feature Alignment in Cyber-Physical Systems

作     者：Zhang, Sicheng Liu, Jie Bao, Zhida Yang, Yandie Wang, Meiyu Lin, Yun 

作者机构：Harbin Engn Univ Coll Informat & Commun Engn Harbin 150001 Peoples R China Hangzhou Dianzi Univ Coll Commun Engn Hangzhou 310018 Peoples R China 

出 版 物：《IEEE TRANSACTIONS ON RELIABILITY》 (IEEE Trans Reliab)

年 卷 期：2025年第74卷第2期

页      面：2515-2528页

核心收录：

学科分类：0808[工学-电气工程] 08[工学] 0835[工学-软件工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：National Natural Science Foundation of China National Key Research and Development Program of China [2022YFE0136800] Key Laboratory of Advanced Marine Communication and Information Technology, Ministry of Industry and Information Technology, Harbin Engineering University, Harbin, China 

主　　题：Feature extraction Robustness Task analysis Training Modulation Computational modeling Analytical models Adversarial defense automatic modulation classification (AMC) cyber-physical systems (CPSs) domain generalization (DG) features alignment 

摘      要：Automatic modulation classification (AMC) is a key technology in cyber-physical systems (CPSs), which enables the monitoring and identification of communication signals exchanged between devices. One of the most recognized solutions for the AMC is deep learning (DL), which can automatically learn and extract feature representations in signals. However, data-driven DL models are susceptible to adversarial examples, which can cause significant instability in the CPS. To tackle this issue, in this article, we examine the distribution shift between original signals and adversarial examples from a domain distribution perspective and present a system model for addressing the defense problem. We propose the adversarial domain generalization defense (ADGD) framework. The ADGD framework adopts a dual-stream architecture with the AMC as its central task, and extracts and constrains the maximum mean discrepancy distance between the task-relevant features of original signals and adversarial examples to reduce the distribution shift and improve the adversarial robustness. Comprehensive experiments and ablations were conducted to demonstrate the superiority of the proposed ADGD framework on the RML2016.10a and miniRML2018.01a datasets. The results indicate that the ADGD framework shows promising results in improving the adversarial robustness of AMC systems, which is crucial for the stability of the CPS.