Adapt under Attack and Domain Shift: Unified Adversarial Meta-Learning and Domain Adaptation for Robust Automatic Modulation Classification

TL;DR

The paper tackles the dual challenge of adversarial perturbations and data distribution shifts in automatic modulation classification (AMC) by proposing a unified offline-online framework. The offline phase employs meta-learning-based adversarial training to learn a robust initialization that generalizes to unseen attacks, while the online phase applies domain adaptation using a small set of labeled target-domain pilots to align feature representations under domain shift. Empirical results show that adversarial meta-learning improves generalization to unseen attacks (SER ≈ 0.53) and that online domain adaptation reduces error across few-shot target-domain labels, achieving substantial gains in adaptation efficiency. This work provides a practical path toward robust, real-world AMC by jointly addressing attack resilience and environmental nonstationarity, with potential extensions to related wireless tasks such as RF fingerprinting.

Abstract

Deep learning has emerged as a leading approach for Automatic Modulation Classification (AMC), demonstrating superior performance over traditional methods. However, vulnerability to adversarial attacks and susceptibility to data distribution shifts hinder their practical deployment in real-world, dynamic environments. To address these threats, we propose a novel, unified framework that integrates meta-learning with domain adaptation, making AMC systems resistant to both adversarial attacks and environmental changes. Our framework utilizes a two-phase strategy. First, in an offline phase, we employ a meta-learning approach to train the model on clean and adversarially perturbed samples from a single source domain. This method enables the model to generalize its defense, making it resistant to a combination of previously unseen attacks. Subsequently, in the online phase, we apply domain adaptation to align the model's features with a new target domain, allowing it to adapt without requiring substantial labeled data. As a result, our framework achieves a significant improvement in modulation classification accuracy against these combined threats, offering a critical solution to the deployment and operational challenges of modern AMC systems.

Figures (7)

• Figure 1: Differences between the offline phase and the online deployment phase for AMC models. The underlying distribution between the training dataset used in the offline phase and the real-world data encountered during deployment are not the same. During deployment, only few labeled samples are available through pilot signals (if at all), and there are limitations on training time and resources. Lastly, unknown adversarial attacks can be encountered during the online phase.
• Figure 2: Black-box adversarial attack on an AMC model in a wireless communication system. The interferer generates adversarial perturbations using a substitute model and injects them into the transmitted signal to deliberately induce misclassification at the DL-based AMC model incorporated into the receiver. The perturbation is unknown to the AMC model.
• Figure 3: Proposed meta-learning-based adversarial training framework for AMC models. The numbers in the adversarial meta-learning part denote the order of steps. The adversarial meta-learning section is depicted based on MAML, but theoretically, any model-agnostic meta-learning algorithm can be used as well.
• Figure 4: Proposed online adaptation framework.
• Figure 5: Cross-dataset Generalization of AMC baselines measured by SER. Models trained on RML2016 during the offline phase, and tested on RML2018 with unseen adversarial attack in the online phase. No fine-tuning during the online phase.