In [2]:
import os
import sys

import torch
import torch.nn as nn
import numpy as np
import torch.nn.functional as F  
import matplotlib 
import matplotlib.pyplot as plt
from torch.utils.data import Dataset
import torch.utils.data
from torch.utils.data import DataLoader

EPSILON = 0.1       # Max perturbation (for L∞ PGD)
ALPHA = 0.01         # Step size per iteration
ATTACK_ITERATIONS = 40
TARGET_LABEL = 2     # Example target label for the targeted attack

# System/Model parameters
sys.path.append("/home/jfeng/Desktop/jfeng/rf_spoofing/spoofing/models")
DEVICE = torch.device("cuda" if torch.cuda.is_available() else "cpu")
MODEL_PATH = "/home/jfeng/Desktop/jfeng/rf_spoofing/spoofing/weights/best_model_retrained.pth"
#IQ_FILE_PATH = "/home/jfeng/Desktop/jfeng/rf_spoofing/spoofing/1m_2m_replacedPluto4/Pluto_10_windows_runs2_3/Pluto_10_2m_run3.iq"
IQ_FILE_PATH = "/home/jfeng/Desktop/jfeng/rf_spoofing/spoofing/1m_2m_replacedPluto4/Pluto_10_windows_runs2_3/Pluto_10_2m_run3.iq"

from attempt2 import resnet50_1d  # Directly import from attempt2.py
num_classes = 8  # Change this if your model was trained with a different number of classes

# Initialize the model architecture
model = resnet50_1d(num_classes=num_classes).to(DEVICE)

# Load trained weights
print(f"Loading trained model weights from: {MODEL_PATH}")
state_dict = torch.load(MODEL_PATH, map_location=DEVICE)

# Load the state dictionary into the model
model.load_state_dict(state_dict)

# Set the model to evaluation mode
model.eval()
print("model is loaded")
class IQDataset(Dataset):
    def __init__(self, data, labels):
        self.data = data
        self.labels = labels
    def __len__(self):
        return len(self.data)
    def __getitem__(self, idx):
        sample = self.data[idx]
        label = self.labels[idx]

        sample = torch.from_numpy(sample).float()
        # Normalize data
        magnitude = torch.sqrt(torch.sum(sample**2, dim=1, keepdim=True))
        sample = sample / magnitude

        label_tensors = torch.tensor(label, dtype=torch.long)

        return sample, label_tensors


Loading trained model weights from: /home/jfeng/Desktop/jfeng/rf_spoofing/spoofing/weights/best_model_retrained.pth
model is loaded


  state_dict = torch.load(MODEL_PATH, map_location=DEVICE)


In [3]:
BATCH_SIZE = 16
WINDOW_SIZE = 10000
HOP_SIZE = 500
START_INDEX = 4800
END_INDEX = 6000

def path_loss(signal, n, d1, d2):
    scaling = (d1 / d2) ** (n / 2)
    return signal * scaling

def apply_rician_fading(signal, K=10.0):
    """
    Apply Rician fading to the signal, which is of shape [2, N] (I and Q).
    Fading is applied using a K-factor (default 10).
    """
    i_window = signal[:, 0, :]
    q_window = signal[:, 1, :]

    device = signal.device
    dtype = signal.dtype
    # Calculate scaling factors
    K = torch.tensor(K, dtype=dtype, device=device)
    scale_LOS = torch.sqrt(K / (K + 1))
    scale_NLOS = torch.sqrt(1 / (K + 1))

    # Generate NLOS (Rayleigh) component
    real_nlos = torch.randn(i_window.shape, device=device) / torch.sqrt(torch.tensor(2.0, dtype=dtype, device=device))
    imag_nlos = torch.randn(i_window.shape, device=device) / torch.sqrt(torch.tensor(2.0, dtype=dtype, device=device))

    # LOS component (typically assumed as 1 + 0j for all samples)
    real_los = torch.ones(i_window.shape, device=device)
    imag_los = torch.zeros(i_window.shape, device=device)

    # Total fading coefficients
    real_fade = scale_LOS * real_los + scale_NLOS * real_nlos
    imag_fade = scale_LOS * imag_los + scale_NLOS * imag_nlos

    # Apply Rician fading
    faded_real = i_window * real_fade - q_window * imag_fade
    faded_imag = i_window * imag_fade + q_window * real_fade

    # Reconstruct the faded signal back into a tensor
    faded_signal = torch.stack((faded_real, faded_imag), dim=1)

    return faded_signal

def apply_awgn(signal, noise_std=0.000001):
    device = signal.device
    dtype = signal.dtype
    # Split noise equally between I and Q (to maintain total variance)
    per_dim_std = noise_std / torch.sqrt(torch.tensor(2.0, dtype=dtype, device=device))
    # Generate i.i.d. Gaussian noise for I and Q
    noise = torch.randn_like(signal, device=device) * per_dim_std
    # Add noise to the signal
    noisy_signal = signal + noise

    return noisy_signal

def transform_channel_effects(x, chosen_distance=2.0, path_loss_exponent=2.0, reference_distance=1.0, noise_std=0.000001, k=10.0):   
    #print("Signal original: ", x)
    signal_path_loss = path_loss(x, path_loss_exponent, reference_distance, chosen_distance)
    #print("Signal Path Loss: ", signal_path_loss)
    signal_rician = apply_rician_fading(signal_path_loss, k)
    #print("Signal Rician: ", signal_rician)
    signal_awgn = apply_awgn(signal_rician, noise_std)
    #print("Signal AWGN: ", signal_awgn)
    return signal_awgn


In [10]:
def two_sided_nes_attack(
    model,
    x,                       # clean input (batch size = 1)
    perturb,                 # initial perturbation tensor
    y,                       # original class label (targeted attack target)
    target_label,            # label to spoof as
    eps=0.2,
    alpha=0.02,
    num_iter=40,
    num_queries=20,
    sigma=0.05,
    num_samples=10,
    min_distance=1.0,
    max_distance=4.0,
    path_loss_exponent=2.0,
    reference_distance=1.0,
    min_noise_std=0.000001,
    max_noise_std=0.0001,
    min_k=10,
    max_k=20
):
    DEVICE = x.device
    x_adv = perturb.clone().detach().to(DEVICE)
    best_x_adv = x_adv.clone()
    best_confidence = -float('inf')

    for i in range(num_iter):
        grad_estimate = torch.zeros_like(x_adv)

        for _ in range(num_queries): #NES Loop
            u = torch.randn_like(x_adv)

            # Symmetric perturbations
            plus_logits = 0.0
            minus_logits = 0.0

            for _ in range(num_samples):
                # Random EOT parameters
                dist = torch.empty(1).uniform_(min_distance, max_distance).item()
                k = torch.empty(1).uniform_(min_k, max_k).item()
                noise = torch.empty(1).uniform_(min_noise_std, max_noise_std).item()

                # EOT transformation for +σu and -σu
                x_plus = transform_channel_effects(x_adv + sigma * u, dist, path_loss_exponent, reference_distance, noise, k) + x
                x_minus = transform_channel_effects(x_adv - sigma * u, dist, path_loss_exponent, reference_distance, noise, k) + x

                plus_logits += model(x_plus)
                minus_logits += model(x_minus)

            plus_logits /= num_samples
            minus_logits /= num_samples

            # Probability of target class
            p_plus = F.softmax(plus_logits, dim=1)[0, target_label]
            p_minus = F.softmax(minus_logits, dim=1)[0, target_label]

            grad_estimate += (p_plus - p_minus) * u

        # Final gradient estimate scaling
        grad_estimate /= (2 * sigma * num_queries)
        print(f"Grad norm: {grad_estimate.norm().item():.4f}")

        # Update and clip
        with torch.no_grad():
            x_adv = x_adv - alpha * grad_estimate.sign()
            x_adv = torch.max(torch.min(x_adv, x + eps), x - eps)

        # Evaluate success
        with torch.no_grad():
            eval_logits = 0.0
            for _ in range(num_samples):
                dist = torch.empty(1).uniform_(min_distance, max_distance).item()
                k = torch.empty(1).uniform_(min_k, max_k).item()
                noise = torch.empty(1).uniform_(min_noise_std, max_noise_std).item()

                x_t = transform_channel_effects(x_adv, dist, path_loss_exponent, reference_distance, noise, k) + x
                eval_logits += model(x_t)

            eval_logits /= num_samples
            prob = F.softmax(eval_logits, dim=1)[0, target_label].item()

            if prob > best_confidence:
                best_confidence = prob
                best_x_adv = x_adv.clone().detach()

            pred = eval_logits.argmax(dim=1).item()
            if pred == target_label:
                alpha *= 0.25  # or alpha = 0
            print(f"Iter {i+1}/{num_iter} — Target Prob: {prob:.4f} — Pred: {pred} — Success: {pred == target_label}")

    return best_x_adv

In [12]:
def generate_eot_pgd_noise():
    print(f"Loading data from: {IQ_FILE_PATH}")
    label = 10
    print(f"True label: {label}, Target label: {TARGET_LABEL}")

    # Load IQ data
    data = np.fromfile(IQ_FILE_PATH, dtype="float32")
    real = data[0::2]
    imag = data[1::2]
    start = (START_INDEX + 1) * HOP_SIZE
    end = start + WINDOW_SIZE
    i_window = real[start:end]
    q_window = imag[start:end]
    combined = np.vstack((i_window, q_window))  # [2, N]

    # Format into dataset
    test_dataset = IQDataset([combined], [label])
    data_tensor, label_tensor = test_dataset[0]
    data_tensor = data_tensor.unsqueeze(0).to(DEVICE)
    #label_tensor = label_tensor.unsqueeze(0).to(DEVICE)
    #----------------------------------------------------------
    perturbation_tensor = torch.empty((1, 2, WINDOW_SIZE), dtype=torch.float32).uniform_(-0.1, 0.1).to(DEVICE)
    label_tensor = torch.tensor([label], dtype=torch.long).to(DEVICE)
    #----------------------------------------------------------
    min_distance=1.0
    max_distance=4.0
    min_k = 2
    max_k = 2
    min_noise_std = 0.000000
    max_noise_std = 0.000000
    path_loss_exponent=2.0
    reference_distance=1.0
    EPSILON = 0.1
    ALPHA = 0.01
    ATTACK_ITERATIONS = 40
    if min_distance >= 5.0:
        EPSILON = 0.6
        ALPHA = 0.021
        ATTACK_ITERATIONS = 100

    # EoT PGD attack
    x_adv = two_sided_nes_attack(
    model=model,
    x=data_tensor,
    perturb=perturbation_tensor,
    y=label_tensor,
    target_label=TARGET_LABEL,
    eps=EPSILON,
    alpha=ALPHA,
    num_iter=ATTACK_ITERATIONS,
    num_queries=20,     # Limit queries
    sigma=0.01,         # Perturbation scale
    num_samples=5,      # Smaller number due to query limits
    min_distance=min_distance,
    max_distance=max_distance,
    path_loss_exponent=path_loss_exponent,
    reference_distance=reference_distance,
    min_noise_std=min_noise_std,
    max_noise_std=max_noise_std,
    min_k=min_k,
    max_k=max_k
    )

    # Save perturbation only
    original_np = data_tensor.squeeze().cpu().numpy()

    adv_np = x_adv.squeeze().detach().cpu().numpy()

    noise_np = adv_np-original_np

    interleaved_noise = np.empty(noise_np.shape[1] * 2, dtype=np.float32)
    interleaved_noise[0::2] = noise_np[0]
    interleaved_noise[1::2] = noise_np[1]

    # write out the noise file
    save_path = "May27/oneSide3_justin.iq"
    print("Magnitude: ", np.mean(np.abs(interleaved_noise[0::2] + interleaved_noise[1::2] * 1j)))
    interleaved_noise.tofile(save_path)
    print(f"Saved EoT PGD *noise* to {save_path}")


generate_eot_pgd_noise()

Loading data from: /home/jfeng/Desktop/jfeng/rf_spoofing/spoofing/1m_2m_replacedPluto4/Pluto_10_windows_runs2_3/Pluto_10_2m_run3.iq
True label: 10, Target label: 2
Grad norm: 490.5670
Iter 1/40 — Target Prob: 0.0125 — Pred: 0 — Success: False
Grad norm: 469.2278
Iter 2/40 — Target Prob: 0.6311 — Pred: 2 — Success: True
Grad norm: 548.0929
Iter 3/40 — Target Prob: 0.0321 — Pred: 0 — Success: False
Grad norm: 697.3781
Iter 4/40 — Target Prob: 0.0023 — Pred: 0 — Success: False
Grad norm: 578.1288
Iter 5/40 — Target Prob: 0.5231 — Pred: 2 — Success: True
Grad norm: 458.5024
Iter 6/40 — Target Prob: 0.0003 — Pred: 0 — Success: False
Grad norm: 632.6646
Iter 7/40 — Target Prob: 0.0000 — Pred: 0 — Success: False
Grad norm: 416.3156
Iter 8/40 — Target Prob: 0.0004 — Pred: 0 — Success: False
Grad norm: 740.1902
Iter 9/40 — Target Prob: 0.9166 — Pred: 2 — Success: True
Grad norm: 766.1179
Iter 10/40 — Target Prob: 0.0015 — Pred: 0 — Success: False
Grad norm: 720.0541
Iter 11/40 — Target Prob: 0.

In [None]:
.07