Adversarial Defense Method Based on Latent Representation Guidance for Remote Sensing Image Scene Classification

Deep neural networks have made great achievements in remote sensing image analyses; however, previous studies have shown that deep neural networks exhibit incredible vulnerability to adversarial examples, which raises concerns about regional safety and production safety. In this paper, we propose an adversarial denoising method based on latent representation guidance for remote sensing image scene classification. In the training phase, we train a variational autoencoder to reconstruct the data using only the clean dataset. At test time, we first calculate the normalized mutual information between the reconstructed image using the variational autoencoder and the reference image as denoised by a discrete cosine transform. The reconstructed image is selectively utilized according to the result of the image quality assessment. Then, the latent representation of the current image is iteratively updated according to the reconstruction loss so as to gradually eliminate the influence of adversarial noise. Because the training of the denoiser only involves clean data, the proposed method is more robust against unknown adversarial noise. Experimental results on the scene classification dataset show the effectiveness of the proposed method. Furthermore, the method achieves better robust accuracy compared with state-of-the-art adversarial defense methods in image classification tasks.

[1]  Wei Jiang,et al.  FAD: Fine-Grained Adversarial Detection by Perturbation Intensity Classification , 2023, Entropy.

[2]  Shaohui Mei,et al.  Benchmarking Adversarial Patch Against Aerial Detection , 2022, IEEE Transactions on Geoscience and Remote Sensing.

[3]  Jie Han,et al.  Improving Adversarial Robustness with Self-Paced Hard-Class Pair Reweighting , 2022, AAAI.

[4]  Bo Peng,et al.  Energy-Based Adversarial Example Detection for SAR Images , 2022, Remote. Sens..

[5]  Wei Yang,et al.  Integrating Adversarial Generative Network with Variational Autoencoders towards Cross-Modal Alignment for Zero-Shot Remote Sensing Image Scene Classification , 2022, Remote. Sens..

[6]  Pedram Ghamisi,et al.  Universal Adversarial Examples in Remote Sensing: Methodology and Benchmark , 2022, IEEE Transactions on Geoscience and Remote Sensing.

[7]  Haifeng Li,et al.  Scale-Adaptive Adversarial Patch Attack for Remote Sensing Image Aircraft Detection , 2021, Remote. Sens..

[8]  Bo Du,et al.  Assessing the Threat of Adversarial Examples on Deep Neural Networks for Remote Sensing Scene Classification: Attacks and Defenses , 2021, IEEE Transactions on Geoscience and Remote Sensing.

[9]  Jan Kautz,et al.  NVAE: A Deep Hierarchical Variational Autoencoder , 2020, NeurIPS.

[10]  Sung Ju Hwang,et al.  Adversarial Self-Supervised Contrastive Learning , 2020, NeurIPS.

[11]  Chengye Zhang,et al.  A Review of Remote Sensing for Environmental Monitoring in China , 2020, Remote. Sens..

[12]  K. Plataniotis,et al.  Size and Shape Filtering of Malignant Cell Clusters within Breast Tumors Identifies Scattered Individual Epithelial Cells as the Most Valuable Histomorphological Clue in the Prognosis of Distant Metastasis Risk , 2019, Cancers.

[13]  Haiyan Liu,et al.  Spear and Shield: Attack and Detection for CNN-Based High Spatial Resolution Remote Sensing Images Identification , 2019, IEEE Access.

[14]  Wojciech Czaja,et al.  Adversarial examples in remote sensing , 2018, SIGSPATIAL/GIS.

[15]  Hao Chen,et al.  MagNet: A Two-Pronged Defense against Adversarial Examples , 2017, CCS.

[16]  David Wagner,et al.  Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods , 2017, AISec@CCS.

[17]  Yoshua Bengio,et al.  Denoising Criterion for Variational Auto-Encoding Framework , 2015, AAAI.

[18]  Shawn D. Newsam,et al.  Bag-of-visual-words and spatial extensions for land-use classification , 2010, GIS '10.

[19]  C. Feng,et al.  SAR-AD-BagNet: An Interpretable Model for SAR Image Recognition Based on Adversarial Defense , 2023, IEEE Geoscience and Remote Sensing Letters.

[20]  Pengfei Xie,et al.  Conditional Prior Probabilistic Generative Model With Similarity Measurement for ISAR Imaging , 2022, IEEE Geoscience and Remote Sensing Letters.

[21]  J. Benediktsson,et al.  Spatial–Spectral Attention Network Guided With Change Magnitude Image for Land Cover Change Detection Using Remote Sensing Images , 2022, IEEE Transactions on Geoscience and Remote Sensing.

[22]  Lei Guo,et al.  Perturbation-Seeking Generative Adversarial Networks: A Defense Framework for Remote Sensing Image Scene Classification , 2022, IEEE Transactions on Geoscience and Remote Sensing.

[23]  Mohamed Yaseen Jabarulla,et al.  Evolving fusion-based visibility restoration model for hazy remote sensing images using dynamic differential evolution , 2022, IEEE Transactions on Geoscience and Remote Sensing.

[24]  Haifeng Li,et al.  Lie to Me: A Soft Threshold Defense Method for Adversarial Examples of Remote Sensing Images , 2022, IEEE Geoscience and Remote Sensing Letters.

[25]  Guohua Wu,et al.  Adversarial Examples for CNN-Based SAR Image Classification: An Experience Study , 2021, IEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing.