Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
175 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Uncertainty-Aware SAR ATR: Defending Against Adversarial Attacks via Bayesian Neural Networks (2403.18318v1)

Published 27 Mar 2024 in cs.CV

Abstract: Adversarial attacks have demonstrated the vulnerability of Machine Learning (ML) image classifiers in Synthetic Aperture Radar (SAR) Automatic Target Recognition (ATR) systems. An adversarial attack can deceive the classifier into making incorrect predictions by perturbing the input SAR images, for example, with a few scatterers attached to the on-ground objects. Therefore, it is critical to develop robust SAR ATR systems that can detect potential adversarial attacks by leveraging the inherent uncertainty in ML classifiers, thereby effectively alerting human decision-makers. In this paper, we propose a novel uncertainty-aware SAR ATR for detecting adversarial attacks. Specifically, we leverage the capability of Bayesian Neural Networks (BNNs) in performing image classification with quantified epistemic uncertainty to measure the confidence for each input SAR image. By evaluating the uncertainty, our method alerts when the input SAR image is likely to be adversarially generated. Simultaneously, we also generate visual explanations that reveal the specific regions in the SAR image where the adversarial scatterers are likely to to be present, thus aiding human decision-making with hints of evidence of adversarial attacks. Experiments on the MSTAR dataset demonstrate that our approach can identify over 80% adversarial SAR images with fewer than 20% false alarms, and our visual explanations can identify up to over 90% of scatterers in an adversarial SAR image.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (22)
  1. M. Zhang, J. An, D. H. Yu, L. D. Yang, L. Wu, and X. Q. Lu, “Convolutional neural network with attention mechanism for sar automatic target recognition,” Geoscience and Remote Sensing Letters, vol. 19, 2022.
  2. D. A. E. Morgan, “Deep convolutional neural networks for ATR from SAR imagery,” in Algorithms for Synthetic Aperture Radar Imagery XXII, ser. SPIE Conference Series, May 2015.
  3. J. Pei, Y. Huang, W. Huo, Y. Zhang, J. Yang, and T.-S. Yeo, “Sar automatic target recognition based on multiview deep learning framework,” IEEE Transactions on Geoscience and Remote Sensing, vol. 56, 2018.
  4. Z. Ying, C. Xuan, Y. Zhai, B. Sun, J. Li, W. Deng, C. Mai, F. Wang, R. D. Labati, V. Piuri, and F. Scotti, “Tai-sarnet: Deep transferred atrous-inception cnn for small samples sar atr,” Sensors, vol. 20, no. 6, 2020.
  5. B. Zhang, R. Kannan, V. Prasanna, and C. Busart, “Accurate, low-latency, efficient sar automatic target recognition on fpga,” in FPL, 2022.
  6. A. Madry, A. Makelov, L. Schmidt, D. Tsipras, and A. Vladu, “Towards deep learning models resistant to adversarial attacks,” in International Conference on Learning Representations, 2018.
  7. B. Peng, B. Peng, J. Zhou, J. Xie, and L. Liu, “Scattering model guided adversarial examples for SAR target recognition: Attack and defense,” IEEE Transactions on Geoscience and Remote Sensing, vol. 60, 2022.
  8. T. Ye, R. Kannan, V. Prasanna, C. Busart, and L. Kaplan, “Realistic scatterer based adversarial attacks on sar image classifiers,” in 2023 IEEE International Radar Conference (RADAR), 2023, pp. 1–6.
  9. D. M. Titterington, “Bayesian methods for neural networks and related models,” Statistical science, pp. 128–139, 2004.
  10. E. Goan and C. Fookes, “Bayesian neural networks: An introduction and survey,” Case Studies in Applied Bayesian Data Science: CIRM Jean-Morlet Chair, Fall 2018, pp. 45–87, 2020.
  11. J. Springenberg, A. Dosovitskiy, T. Brox, and M. Riedmiller, “Striving for simplicity: The all convolutional net,” in ICLR (workshop), 2015.
  12. I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples,” 2015.
  13. A. Kurakin, I. Goodfellow, and S. Bengio, “Adversarial examples in the physical world,” 2017.
  14. Y. Dong, F. Liao, T. Pang, H. Su, J. Zhu, X. Hu, and J. Li, “Boosting adversarial attacks with momentum,” 2018.
  15. T. Huang, Q. Zhang, J. Liu, R. Hou, X. Wang, and Y. Li, “Adversarial attacks on deep-learning-based sar image target recognition,” Journal of Network and Computer Applications, vol. 162, p. 102632, 2020.
  16. C. Du and L. Zhang, “Adversarial attack for sar target recognition based on unet-generative adversarial network,” Remote Sensing, vol. 13, 2021.
  17. B. Peng, B. Peng, J. Zhou, J. Xia, and L. Liu, “Speckle-variant attack: Toward transferable adversarial attack to sar target recognition,” IEEE Geoscience and Remote Sensing Letters, vol. 19, pp. 1–5, 2022.
  18. L. Smith and Y. Gal, “Understanding measures of uncertainty for adversarial example detection,” arXiv preprint arXiv:1803.08533, 2018.
  19. E. R. Keydel, S. W. Lee, and J. T. Moore, “MSTAR extended operating conditions: a tutorial,” in Algorithms for Synthetic Aperture Radar Imagery III, vol. 2757.   SPIE, 1996, pp. 228 – 242.
  20. S. Chen, H. Wang, F. Xu, and Y.-Q. Jin, “Target classification using the deep convolutional networks for sar images,” IEEE Transactions on Geoscience and Remote Sensing, vol. 54, no. 8, pp. 4806–4817, 2016.
  21. A. Krizhevsky, I. Sutskever, and G. E. Hinton, “Imagenet classification with deep convolutional neural networks,” in NeurIPS, 2012.
  22. D. M. Blei, A. Kucukelbir, and J. D. McAuliffe, “Variational inference: A review for statisticians,” Journal of the American statistical Association, vol. 112, no. 518, pp. 859–877, 2017.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets