Adversarial attacks on deep-learning-based SAR image target recognition

Abstract Synthetic aperture radar (SAR) image target recognition has consistently been a research hotspot in the field of radar image interpretation. Compared with traditional target recognition algorithms, SAR target recognition algorithms based on deep learning offer end-to-end feature learning, which can effectively improve the target recognition rate, making them an important method for radar target recognition. However, recent research shows that optical image recognition methods based on deep learning are vulnerable to adversarial examples. In SAR image target recognition, whether adversarial examples exist for deep learning algorithms is still an open question. This paper uses three mainstream algorithms to generate adversarial examples to attack three classical deep learning algorithms for SAR image target recognition. The experiments involve publicly real SAR images for white-box and black-box attacks. The results show that SAR target recognition algorithms based on deep learning are potentially vulnerable to adversarial examples.

[1]  H. T. Kung,et al.  Improving Sar Automatic Target Recognition Using Simulated Images Under Deep Residual Refinements , 2018, 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[2]  A.K. Mishra,et al.  Validation of PCA and LDA for SAR ATR , 2008, TENCON 2008 - 2008 IEEE Region 10 Conference.

[3]  Mingyan Liu,et al.  Generating Adversarial Examples with Adversarial Networks , 2018, IJCAI.

[4]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[5]  Matthias Bethge,et al.  Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models , 2017, ICLR.

[6]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[7]  G. Anagnostopoulos SVM-based target recognition from synthetic aperture radar images using target region outline descriptors , 2009 .

[8]  Seung Ho Doo,et al.  Target classification performance as a function of measurement uncertainty , 2015, 2015 IEEE 5th Asia-Pacific Conference on Synthetic Aperture Radar (APSAR).

[9]  Mubashir Husain Rehmani,et al.  A comprehensive survey on multichannel routing in wireless sensor networks , 2017, J. Netw. Comput. Appl..

[10]  Yue Zhang,et al.  High Resolution SAR Image Classification with Deeper Convolutional Neural Network , 2018, IGARSS 2018 - 2018 IEEE International Geoscience and Remote Sensing Symposium.

[11]  Nina Narodytska,et al.  Simple Black-Box Adversarial Attacks on Deep Neural Networks , 2017, 2017 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW).

[12]  Nabil Aouf,et al.  SAR automatic target recognition based on convolutional neural networks , 2017 .

[13]  D. Turgay Altilar,et al.  Self adaptive routing for dynamic spectrum access in cognitive radio networks , 2013, J. Netw. Comput. Appl..

[14]  Samy Bengio,et al.  Adversarial examples in the physical world , 2016, ICLR.

[15]  Jianwei Li,et al.  A performance analysis of convolutional neural network models in SAR target recognition , 2017, 2017 SAR in Big Data Era: Models, Methods and Applications (BIGSARDATA).

[16]  Jun Zhu,et al.  Boosting Adversarial Attacks with Momentum , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[17]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[18]  Yoshua Bengio,et al.  Gradient-based learning applied to document recognition , 1998, Proc. IEEE.

[19]  Erik G. Larsson,et al.  Physical Adversarial Attacks Against End-to-End Autoencoder Communication Systems , 2019, IEEE Communications Letters.

[20]  Duen Horng Chau,et al.  ShapeShifter: Robust Physical Adversarial Attack on Faster R-CNN Object Detector , 2018, ECML/PKDD.

[21]  Jin Li,et al.  The security of machine learning in an adversarial setting: A survey , 2019, J. Parallel Distributed Comput..

[22]  Tong Li,et al.  NPMML: A Framework for Non-Interactive Privacy-Preserving Multi-Party Machine Learning , 2020, IEEE Transactions on Dependable and Secure Computing.

[23]  Ping Li,et al.  An Efficient Outsourced Privacy Preserving Machine Learning Scheme With Public Verifiability , 2019, IEEE Access.

[24]  Wojciech Czaja,et al.  Adversarial examples in remote sensing , 2018, SIGSPATIAL/GIS.

[25]  Jin Li,et al.  Privacy-preserving machine learning with multiple data providers , 2018, Future Gener. Comput. Syst..

[26]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[27]  Jayaraman J. Thiagarajan,et al.  Sparse representations for automatic target classification in SAR images , 2010, 2010 4th International Symposium on Communications, Control and Signal Processing (ISCCSP).

[28]  Fan Zhang,et al.  Small Sample Learning Optimization for Resnet Based Sar Target Recognition , 2018, IGARSS 2018 - 2018 IEEE International Geoscience and Remote Sensing Symposium.

[29]  Erik G. Larsson,et al.  Adversarial Attacks on Deep-Learning Based Radio Signal Classification , 2018, IEEE Wireless Communications Letters.

[30]  Yan Xu,et al.  Sea ice and open water classification of sar imagery using cnn-based transfer learning , 2017, 2017 IEEE International Geoscience and Remote Sensing Symposium (IGARSS).