We investigate the vulnerability of computer-vision-based signal classifiers to adversarial perturbations of their inputs, where the signals and perturbations are subject to physical constraints. We consider a scenario in which a source and interferer emit signals that propagate as waves to a detector, which attempts to classify the source by analyzing the spectrogram of the signal it receives using a pre-trained neural network. By solving PDE-constrained optimization problems, we construct interfering signals that cause the detector to misclassify the source even though the perturbations to the spectrogram of the received signal are nearly imperceptible. Though such problems can have millions of decision variables, we introduce methods to solve them efficiently. Our experiments demonstrate that one can compute effective and physically realizable adversarial perturbations for a variety of machine learning models under various physical conditions.

翻译：我们研究了基于计算机视觉的信号分类器在其输入受到物理约束的对抗扰动时的脆弱性。考虑一个场景：源信号和干扰信号以波动形式传播至探测器，该探测器通过预训练神经网络分析接收信号的频谱图，试图对源信号进行分类。通过求解偏微分方程约束的优化问题，我们构造出干扰信号，使得即使接收信号频谱图的扰动几乎不可察觉，探测器仍会错误分类源信号。尽管此类问题可能涉及数百万个决策变量，本文提出了高效求解的方法。实验表明，在不同物理条件下，针对多种机器学习模型均可计算出有效且物理可实现的对抗扰动。