当前位置:
X-MOL 学术
›
IEEE Trans. Geosci. Remote Sens.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Assessing the Threat of Adversarial Examples on Deep Neural Networks for Remote Sensing Scene Classification: Attacks and Defenses
IEEE Transactions on Geoscience and Remote Sensing ( IF 7.5 ) Pub Date : 2021-02-01 , DOI: 10.1109/tgrs.2020.2999962 Yonghao Xu , Bo Du , Liangpei Zhang
IEEE Transactions on Geoscience and Remote Sensing ( IF 7.5 ) Pub Date : 2021-02-01 , DOI: 10.1109/tgrs.2020.2999962 Yonghao Xu , Bo Du , Liangpei Zhang
Deep neural networks, which can learn the representative and discriminative features from data in a hierarchical manner, have achieved state-of-the-art performance in the remote sensing scene classification task. Despite the great success that deep learning algorithms have obtained, their vulnerability toward adversarial examples deserves our special attention. In this article, we systematically analyze the threat of adversarial examples on deep neural networks for remote sensing scene classification. Both targeted and untargeted attacks are performed to generate subtle adversarial perturbations, which are imperceptible to a human observer but may easily fool the deep learning models. Simply adding these perturbations to the original high-resolution remote sensing (HRRS) images, adversarial examples can be generated, and there are only slight differences between the adversarial examples and the original ones. An intriguing discovery in our study shows that most of these adversarial examples may be misclassified into the wrong category by the state-of-the-art deep neural networks with very high confidence. This phenomenon, undoubtedly, may limit the practical deployment of these deep learning models in the safety-critical remote sensing field. To address this problem, the adversarial training strategy is further investigated in this article, which significantly increases the resistibility of deep models toward adversarial examples. Extensive experiments on three benchmark HRRS image data sets demonstrate that while most of the well-known deep neural networks are sensitive to adversarial perturbations, the adversarial training strategy helps to alleviate their vulnerability toward adversarial examples.
中文翻译:
评估用于遥感场景分类的深度神经网络对抗样本的威胁:攻击和防御
深度神经网络可以以分层方式从数据中学习代表性和判别性特征,在遥感场景分类任务中取得了最先进的性能。尽管深度学习算法取得了巨大的成功,但它们对对抗样本的脆弱性值得我们特别关注。在本文中,我们系统地分析了深度神经网络上对抗样本对遥感场景分类的威胁。执行有针对性和无针对性的攻击以产生微妙的对抗性扰动,这对于人类观察者来说是察觉不到的,但很容易欺骗深度学习模型。只需将这些扰动添加到原始高分辨率遥感 (HRRS) 图像中,就可以生成对抗样本,并且对抗样本和原始样本之间只有细微的差别。我们研究中的一个有趣发现表明,大多数这些对抗性示例可能会被最先进的深度神经网络以非常高的置信度错误分类到错误的类别中。毫无疑问,这种现象可能会限制这些深度学习模型在安全关键遥感领域的实际部署。为了解决这个问题,本文进一步研究了对抗性训练策略,这显着增加了深层模型对对抗性示例的抵抗力。对三个基准 HRRS 图像数据集的大量实验表明,虽然大多数著名的深度神经网络对对抗性扰动很敏感,
更新日期:2021-02-01
中文翻译:
评估用于遥感场景分类的深度神经网络对抗样本的威胁:攻击和防御
深度神经网络可以以分层方式从数据中学习代表性和判别性特征,在遥感场景分类任务中取得了最先进的性能。尽管深度学习算法取得了巨大的成功,但它们对对抗样本的脆弱性值得我们特别关注。在本文中,我们系统地分析了深度神经网络上对抗样本对遥感场景分类的威胁。执行有针对性和无针对性的攻击以产生微妙的对抗性扰动,这对于人类观察者来说是察觉不到的,但很容易欺骗深度学习模型。只需将这些扰动添加到原始高分辨率遥感 (HRRS) 图像中,就可以生成对抗样本,并且对抗样本和原始样本之间只有细微的差别。我们研究中的一个有趣发现表明,大多数这些对抗性示例可能会被最先进的深度神经网络以非常高的置信度错误分类到错误的类别中。毫无疑问,这种现象可能会限制这些深度学习模型在安全关键遥感领域的实际部署。为了解决这个问题,本文进一步研究了对抗性训练策略,这显着增加了深层模型对对抗性示例的抵抗力。对三个基准 HRRS 图像数据集的大量实验表明,虽然大多数著名的深度神经网络对对抗性扰动很敏感,
京公网安备 11010802027423号