Adversarial Distillation Defense: A Robust and Lightweight Training Framework for Deep Learning-Based Radar Jamming Recognition
Yifan Peng, Xiaowei Hu, Yiduo Guo, Weike Feng, Jian Gong, Hongbing Li, Cunqian FengDeep learning models have achieved remarkable performance in radar jamming recognition, yet they remain highly vulnerable to adversarial attacks—small, carefully crafted perturbations that cause misclassification—posing a critical threat to intelligent electronic countermeasure systems. Existing adversarial defenses suffer from an inherent accuracy–robustness tradeoff, limited defensive knowledge sources, and poor generalization to unseen attacks, while the additional challenge of model lightweighting for resource-constrained radar platforms remains largely unaddressed. This paper proposes Adversarial Distillation Defense (ADD), a training framework that synergistically integrates adversarial training with knowledge distillation to produce lightweight yet robust jamming recognition models. In ADD, an adversarially pre-trained teacher model simultaneously transfers its classification knowledge on clean samples and defensive knowledge on adversarial samples to a compact student model through four complementary loss terms. Extensive experiments on a simulated dataset comprising seven radar jamming types demonstrate that ADD achieves the strongest defensive performance among the compared defenses under both white-box and black-box attacks across varying perturbation strengths and jamming-to-noise ratios. Feature-space visualization further confirms that ADD enables the student model to maintain well-separated class clusters even under strong adversarial perturbations. These results indicate that ADD offers an effective strategy for building secure and lightweight deep learning models for radar jamming recognition.