In [7]:
import os
import sys

import torch
import torch.nn as nn
import numpy as np
import torch.nn.functional as F  
import matplotlib 
import matplotlib.pyplot as plt
from torch.utils.data import Dataset
import torch.utils.data
from torch.utils.data import DataLoader

EPSILON = 0.1       # Max perturbation (for L∞ PGD)
ALPHA = 0.01         # Step size per iteration
ATTACK_ITERATIONS = 40
TARGET_LABEL = 2     # Example target label for the targeted attack

# System/Model parameters
sys.path.append("/home/jfeng/Desktop/jfeng/rf_spoofing/spoofing/models")
DEVICE = torch.device("cuda" if torch.cuda.is_available() else "cpu")
MODEL_PATH = "/home/jfeng/Desktop/jfeng/rf_spoofing/spoofing/weights/best_model_retrained.pth"
#IQ_FILE_PATH = "/home/jfeng/Desktop/jfeng/rf_spoofing/spoofing/1m_2m_replacedPluto4/Pluto_10_windows_runs2_3/Pluto_10_2m_run3.iq"
IQ_FILE_PATH = "May22Test/Pluto10_2m.iq"

from attempt2 import resnet50_1d  # Directly import from attempt2.py
num_classes = 8  # Change this if your model was trained with a different number of classes

# Initialize the model architecture
model = resnet50_1d(num_classes=num_classes).to(DEVICE)

# Load trained weights
print(f"Loading trained model weights from: {MODEL_PATH}")
state_dict = torch.load(MODEL_PATH, map_location=DEVICE)

# Load the state dictionary into the model
model.load_state_dict(state_dict)

# Set the model to evaluation mode
model.eval()


Loading trained model weights from: /home/jfeng/Desktop/jfeng/rf_spoofing/spoofing/weights/best_model_retrained.pth


  state_dict = torch.load(MODEL_PATH, map_location=DEVICE)


ResNet1D(
  (conv1): Conv1d(2, 64, kernel_size=(7,), stride=(2,), padding=(3,), bias=False)
  (bn1): BatchNorm1d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
  (maxpool): MaxPool1d(kernel_size=3, stride=2, padding=1, dilation=1, ceil_mode=False)
  (layer1): Sequential(
    (0): Bottleneck1D(
      (conv1): Conv1d(64, 64, kernel_size=(1,), stride=(1,), bias=False)
      (bn1): BatchNorm1d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (conv2): Conv1d(64, 64, kernel_size=(3,), stride=(1,), padding=(1,), bias=False)
      (bn2): BatchNorm1d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (conv3): Conv1d(64, 256, kernel_size=(1,), stride=(1,), bias=False)
      (bn3): BatchNorm1d(256, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (downsample): Sequential(
        (0): Conv1d(64, 256, kernel_size=(1,), stride=(1,), bias=False)
        (1): BatchNorm1d(256, eps=1e-05, momentum=0.1, affine=True

In [2]:
class IQDataset(Dataset):
    def __init__(self, data, labels):
        self.data = data
        self.labels = labels
    def __len__(self):
        return len(self.data)
    def __getitem__(self, idx):
        sample = self.data[idx]
        label = self.labels[idx]

        sample = torch.from_numpy(sample).float()
        # Normalize data
        magnitude = torch.sqrt(torch.sum(sample**2, dim=1, keepdim=True))
        sample = sample / magnitude

        label_tensors = torch.tensor(label, dtype=torch.long)

        return sample, label_tensors


In [3]:
BATCH_SIZE = 16
WINDOW_SIZE = 10000
HOP_SIZE = 500
START_INDEX = 4800
END_INDEX = 6000

def path_loss(signal, n, d1, d2):
    scaling = (d1 / d2) ** (n / 2)
    return signal * scaling

def apply_rician_fading(signal, K=10.0):
    """
    Apply Rician fading to the signal, which is of shape [2, N] (I and Q).
    Fading is applied using a K-factor (default 10).
    """
    i_window = signal[:, 0, :]
    q_window = signal[:, 1, :]

    device = signal.device
    dtype = signal.dtype
    # Calculate scaling factors
    K = torch.tensor(K, dtype=dtype, device=device)
    scale_LOS = torch.sqrt(K / (K + 1))
    scale_NLOS = torch.sqrt(1 / (K + 1))

    # Generate NLOS (Rayleigh) component
    real_nlos = torch.randn(i_window.shape, device=device) / torch.sqrt(torch.tensor(2.0, dtype=dtype, device=device))
    imag_nlos = torch.randn(i_window.shape, device=device) / torch.sqrt(torch.tensor(2.0, dtype=dtype, device=device))

    # LOS component (typically assumed as 1 + 0j for all samples)
    real_los = torch.ones(i_window.shape, device=device)
    imag_los = torch.zeros(i_window.shape, device=device)

    # Total fading coefficients
    real_fade = scale_LOS * real_los + scale_NLOS * real_nlos
    imag_fade = scale_LOS * imag_los + scale_NLOS * imag_nlos

    # Apply Rician fading
    faded_real = i_window * real_fade - q_window * imag_fade
    faded_imag = i_window * imag_fade + q_window * real_fade

    # Reconstruct the faded signal back into a tensor
    faded_signal = torch.stack((faded_real, faded_imag), dim=1)

    return faded_signal

def apply_awgn(signal, noise_std=0.000001):
    device = signal.device
    dtype = signal.dtype
    # Split noise equally between I and Q (to maintain total variance)
    per_dim_std = noise_std / torch.sqrt(torch.tensor(2.0, dtype=dtype, device=device))
    # Generate i.i.d. Gaussian noise for I and Q
    noise = torch.randn_like(signal, device=device) * per_dim_std
    # Add noise to the signal
    noisy_signal = signal + noise

    return noisy_signal

def transform_channel_effects(x, chosen_distance=2.0, path_loss_exponent=2.0, reference_distance=1.0, noise_std=0.000001, k=10.0):   
    #print("Signal original: ", x)
    signal_path_loss = path_loss(x, path_loss_exponent, reference_distance, chosen_distance)
    #print("Signal Path Loss: ", signal_path_loss)
    signal_rician = apply_rician_fading(signal_path_loss, k)
    #print("Signal Rician: ", signal_rician)
    signal_awgn = apply_awgn(signal_rician, noise_std)
    #print("Signal AWGN: ", signal_awgn)
    return signal_awgn


In [4]:
DEVICE = torch.device("cuda" if torch.cuda.is_available() else "cpu")

def targeted_eot_pgd_attack(
    model,
    x,
    perturb,
    y,
    target_label,
    eps=0.1,
    alpha=0.01,
    num_iter=40,
    num_samples=10,
    min_distance=1.0,
    max_distance=4.0,
    path_loss_exponent=2.0,
    reference_distance=1.0,
    min_noise_std=0.000001,
    max_noise_std=0.0001,
    min_k=10,
    max_k=20
):
    x_adv = perturb.clone().detach().requires_grad_(True).to(DEVICE)
    target = torch.full_like(y, target_label)

    best_x_adv = x_adv.clone().detach()
    best_target_confidence = -float('inf')
    # PGD Iterations
    for i in range(num_iter):
        total_grad = torch.zeros_like(x_adv)
        grads = []
        # EOT Iterations
        for _ in range(num_samples):
            all_logits = []
            # Choose a random distance between min and max, for this EOT iteration
            chosen_distance = torch.empty(1).uniform_(min_distance, max_distance + 0.0000001).item()
            chosen_k = torch.empty(1).uniform_(min_k, max_k + 0.0000001).item()
            chosen_noise_std = torch.empty(1).uniform_(min_noise_std, max_noise_std + 0.0000001).item()
            x_t = transform_channel_effects(
                x_adv,
                chosen_distance=chosen_distance,
                path_loss_exponent=path_loss_exponent,
                reference_distance=reference_distance,
                noise_std=chosen_noise_std,
                k=chosen_k
            )
            x_combined = x_t + x
            logits = model(x_combined)
            all_logits.append(logits)
            loss = F.cross_entropy(logits, target)

            grad = torch.autograd.grad(loss, x_adv, retain_graph=False, create_graph=False)[0]
            grads.append(grad.detach())
            total_grad += grad

        grads_tensor = torch.stack(grads)
        grad_variance = grads_tensor.var(dim=0).mean().item()
        print(f"PGD step {i + 1}/{num_iter}: gradient variance = {grad_variance:.4e}")
        avg_grad = total_grad / num_samples

        with torch.no_grad():
            x_adv -= alpha * avg_grad.sign()
            x_adv = torch.max(torch.min(x_adv, x + eps), x - eps)
            x_adv = x_adv.detach().clone().requires_grad_(True)

        with torch.no_grad():
            avg_logits = torch.stack(all_logits).mean(dim=0)
            target_confidence = F.softmax(avg_logits, dim=1)[:, target_label]  # shape: [batch]
            avg_conf = target_confidence.mean().item()

            if avg_conf > best_target_confidence:
                best_target_confidence = avg_conf
                best_x_adv = x_adv.clone().detach()

        with torch.no_grad():
            # Choose a random distance between min and max, for this EOT iteration
            chosen_distance = torch.empty(1).uniform_(min_distance, max_distance + 0.0000001).item()
            chosen_k = torch.empty(1).uniform_(min_k, max_k + 0.0000001).item()
            chosen_noise_std = torch.empty(1).uniform_(min_noise_std, max_noise_std + 0.0000001).item()
            x_t = transform_channel_effects(
                x_adv,
                chosen_distance=chosen_distance,
                path_loss_exponent=path_loss_exponent,
                reference_distance=reference_distance,
                noise_std=chosen_noise_std,
                k=chosen_k
            )
            x_combined = x_t + x
            pred = model(x_combined).argmax(dim=1)
            success = (pred == target).float().mean().item()
            print(f"Attack success rate: {success * 100:.2f}%")

    return best_x_adv

In [10]:
def generate_eot_pgd_noise():
    print(f"Loading data from: {IQ_FILE_PATH}")
    label = 10
    print(f"True label: {label}, Target label: {TARGET_LABEL}")

    # Load IQ data
    data = np.fromfile(IQ_FILE_PATH, dtype="float32")
    real = data[0::2]
    imag = data[1::2]
    start = (START_INDEX + 1) * HOP_SIZE
    end = start + WINDOW_SIZE
    i_window = real[start:end]
    q_window = imag[start:end]
    combined = np.vstack((i_window, q_window))  # [2, N]

    # Format into dataset
    test_dataset = IQDataset([combined], [label])
    data_tensor, label_tensor = test_dataset[0]
    data_tensor = data_tensor.unsqueeze(0).to(DEVICE)
    #label_tensor = label_tensor.unsqueeze(0).to(DEVICE)
    #----------------------------------------------------------
    perturbation_tensor = torch.empty((1, 2, WINDOW_SIZE), dtype=torch.float32).uniform_(-0.1, 0.1).to(DEVICE)
    label_tensor = torch.tensor([label], dtype=torch.long).to(DEVICE)
    #----------------------------------------------------------
    min_distance=1.0
    max_distance=4.0
    min_k = 20
    max_k = 20
    min_noise_std = 0.000001
    max_noise_std = 0.000001
    path_loss_exponent=2.0
    reference_distance=1.0
    EPSILON = 0.1
    ALPHA = 0.01
    ATTACK_ITERATIONS = 60
    if min_distance >= 5.0:
        EPSILON = 0.6
        ALPHA = 0.021
        ATTACK_ITERATIONS = 100

    # EoT PGD attack
    x_adv = targeted_eot_pgd_attack(
        model=model,
        x=data_tensor,
        perturb=perturbation_tensor,
        y=label_tensor,
        target_label=TARGET_LABEL,
        eps=EPSILON,
        alpha=ALPHA,
        num_iter=ATTACK_ITERATIONS,
        num_samples=10,
        min_distance=min_distance,
        max_distance=max_distance,
        path_loss_exponent=path_loss_exponent,
        reference_distance=reference_distance,
        min_noise_std=min_noise_std,
        max_noise_std=max_noise_std,
        min_k=min_k,
        max_k=max_k
    )

    # Save perturbation only
    original_np = data_tensor.squeeze().cpu().numpy()

    adv_np = x_adv.squeeze().detach().cpu().numpy()

    noise_np = adv_np-original_np

    interleaved_noise = np.empty(noise_np.shape[1] * 2, dtype=np.float32)
    interleaved_noise[0::2] = noise_np[0]
    interleaved_noise[1::2] = noise_np[1]

    # write out the noise file
    save_path = "May22Test/acc2m.iq"
    interleaved_noise.tofile(save_path)
    print(f"Saved EoT PGD *noise* to {save_path}")


generate_eot_pgd_noise()

Loading data from: May22Test/Pluto10_2m.iq
True label: 10, Target label: 2
PGD step 1/60: gradient variance = 1.3956e+01
Attack success rate: 0.00%
PGD step 2/60: gradient variance = 5.5298e+00
Attack success rate: 100.00%
PGD step 3/60: gradient variance = 6.2043e-34
Attack success rate: 0.00%
PGD step 4/60: gradient variance = 2.5961e+01
Attack success rate: 100.00%
PGD step 5/60: gradient variance = 0.0000e+00
Attack success rate: 100.00%
PGD step 6/60: gradient variance = 0.0000e+00
Attack success rate: 100.00%
PGD step 7/60: gradient variance = 0.0000e+00
Attack success rate: 100.00%
PGD step 8/60: gradient variance = 0.0000e+00
Attack success rate: 100.00%
PGD step 9/60: gradient variance = 0.0000e+00
Attack success rate: 100.00%
PGD step 10/60: gradient variance = 0.0000e+00
Attack success rate: 100.00%
PGD step 11/60: gradient variance = 0.0000e+00
Attack success rate: 100.00%
PGD step 12/60: gradient variance = 0.0000e+00
Attack success rate: 100.00%
PGD step 13/60: gradient v

In [10]:
DEVICE = torch.device("cuda" if torch.cuda.is_available() else "cpu")

def targeted_eot_pgd_attack2(
    model,
    x,
    perturb,
    y,
    target_label,
    eps=0.1,
    alpha=0.01,
    num_iter=40,
    num_samples=10,
    min_distance=1.0,
    max_distance=4.0,
    path_loss_exponent=2.0,
    reference_distance=1.0,
    min_noise_std=0.000001,
    max_noise_std=0.0001,
    min_k=10,
    max_k=20
):
    x_acc = perturb.clone().detach().requires_grad_(True).to(DEVICE)
    target = torch.full_like(y, target_label)

    best_x_acc = x_acc.clone().detach()
    best_target_confidence = -float('inf')
    # PGD Iterations
    for i in range(num_iter):
        total_grad = torch.zeros_like(x_acc)
        grads = []
        # EOT Iterations
        for _ in range(num_samples):
            all_logits = []
            # Choose a random distance between min and max, for this EOT iteration
            chosen_distance = torch.empty(1).uniform_(min_distance, max_distance + 0.0000001).item()
            chosen_k = torch.empty(1).uniform_(min_k, max_k + 0.0000001).item()
            chosen_noise_std = torch.empty(1).uniform_(min_noise_std, max_noise_std + 0.0000001).item()
            x_t = transform_channel_effects(
                x_acc,
                chosen_distance=chosen_distance,
                path_loss_exponent=path_loss_exponent,
                reference_distance=reference_distance,
                noise_std=chosen_noise_std,
                k=chosen_k
            )
            d_tx   = float(torch.empty(1).uniform_(min_distance, max_distance))
            sigma_tx   = float(torch.empty(1).uniform_(min_noise_std, max_noise_std))
            k_tx   = float(torch.empty(1).uniform_(min_k, max_k))
            x_tx_t = transform_channel_effects(
                x,
                chosen_distance=d_tx,
                path_loss_exponent=path_loss_exponent,
                reference_distance=reference_distance,
                noise_std=sigma_tx,
                k=k_tx
            )
            x_combined = x_t + x_tx_t
            logits = model(x_combined)
            all_logits.append(logits)
            loss = F.cross_entropy(logits, target)

            grad = torch.autograd.grad(loss, x_acc, retain_graph=False, create_graph=False)[0]
            grads.append(grad.detach())
            total_grad += grad

        grads_tensor = torch.stack(grads)
        grad_variance = grads_tensor.var(dim=0).mean().item()
        print(f"PGD step {i + 1}/{num_iter}: gradient variance = {grad_variance:.4e}")
        avg_grad = total_grad / num_samples

        with torch.no_grad():
            x_acc -= alpha * avg_grad.sign()
            x_acc = torch.max(torch.min(x_acc, x + eps), x - eps)
            x_acc = x_acc.detach().clone().requires_grad_(True)

        with torch.no_grad():
            avg_logits = torch.stack(all_logits).mean(dim=0)
            target_confidence = F.softmax(avg_logits, dim=1)[:, target_label]  # shape: [batch]
            avg_conf = target_confidence.mean().item()

            if avg_conf > best_target_confidence:
                best_target_confidence = avg_conf
                best_x_acc = x_acc.clone().detach()

        with torch.no_grad():
            # Choose a random distance between min and max, for this EOT iteration
            chosen_distance = torch.empty(1).uniform_(min_distance, max_distance + 0.0000001).item()
            chosen_k = torch.empty(1).uniform_(min_k, max_k + 0.0000001).item()
            chosen_noise_std = torch.empty(1).uniform_(min_noise_std, max_noise_std + 0.0000001).item()
            x_t = transform_channel_effects(
                x_acc,
                chosen_distance=chosen_distance,
                path_loss_exponent=path_loss_exponent,
                reference_distance=reference_distance,
                noise_std=chosen_noise_std,
                k=chosen_k
            )
            x_combined = x_t + x
            pred = model(x_combined).argmax(dim=1)
            success = (pred == target).float().mean().item()
            print(f"Attack success rate: {success * 100:.2f}%")

    return best_x_acc