当前位置:
X-MOL 学术
›
Int. J. Appl. Earth Obs. Geoinf.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Universal adversarial defense in remote sensing based on pre-trained denoising diffusion models
International Journal of Applied Earth Observation and Geoinformation ( IF 7.6 ) Pub Date : 2024-09-06 , DOI: 10.1016/j.jag.2024.104131 Weikang Yu, Yonghao Xu, Pedram Ghamisi
International Journal of Applied Earth Observation and Geoinformation ( IF 7.6 ) Pub Date : 2024-09-06 , DOI: 10.1016/j.jag.2024.104131 Weikang Yu, Yonghao Xu, Pedram Ghamisi
Deep neural networks (DNNs) have risen to prominence as key solutions in numerous AI applications for earth observation (AI4EO). However, their susceptibility to adversarial examples poses a critical challenge, compromising the reliability of AI4EO algorithms. This paper presents a novel Universal Adversarial Defense approach in Remote Sensing Imagery (UAD-RS), leveraging pre-trained diffusion models to protect DNNs against various adversarial examples exhibiting heterogeneous adversarial patterns. Specifically, a universal adversarial purification framework is developed utilizing pre-trained diffusion models to mitigate adversarial perturbations through the introduction of Gaussian noise and subsequent purification of the perturbations from adversarial examples. Additionally, an Adaptive Noise Level Selection (ANLS) mechanism is introduced to determine the optimal noise level for the purification framework with a task-guided Fréchet Inception Distance (FID) ranking strategy, thereby enhancing purification performance. Consequently, only a single pre-trained diffusion model is required for purifying various adversarial examples with heterogeneous adversarial patterns across each dataset, significantly reducing training efforts for multiple attack settings while maintaining high performance without prior knowledge of adversarial perturbations. Experimental results on four heterogeneous RS datasets, focusing on scene classification and semantic segmentation, demonstrate that UAD-RS outperforms state-of-the-art adversarial purification approaches, providing universal defense against seven commonly encountered adversarial perturbations. Codes and the pre-trained models are available online (https://github.com/EricYu97/UAD-RS ).
中文翻译:
基于预训练去噪扩散模型的遥感通用对抗防御
深度神经网络 (DNN) 已成为众多地球观测 AI 应用 (AI4EO) 的关键解决方案。然而,它们对对抗性示例的敏感性构成了关键挑战,损害了 AI4EO 算法的可靠性。本文提出了一种新的遥感图像通用对抗防御方法 (UAD-RS),利用预先训练的扩散模型来保护 DNN 免受表现出异构对抗模式的各种对抗性示例的影响。具体来说,利用预先训练的扩散模型开发了一个通用的对抗性净化框架,通过引入高斯噪声并随后从对抗性示例中净化扰动来减轻对抗性扰动。此外,还引入了自适应噪声水平选择 (ANLS) 机制,通过任务引导的 Fréchet 起始距离 (FID) 排序策略确定纯化框架的最佳噪声水平,从而提高纯化性能。因此,只需要一个预先训练的扩散模型来净化每个数据集中具有异构对抗模式的各种对抗性样本,从而显著减少多种攻击设置的训练工作,同时保持高性能,而无需事先了解对抗性扰动。在四个异构 RS 数据集上的实验结果,专注于场景分类和语义分割,表明 UAD-RS 优于最先进的对抗性纯化方法,为七种常见的对抗性扰动提供了普遍防御。代码和预训练模型可在线获取 (https://github.com/EricYu97/UAD-RS)。
更新日期:2024-09-06
中文翻译:
基于预训练去噪扩散模型的遥感通用对抗防御
深度神经网络 (DNN) 已成为众多地球观测 AI 应用 (AI4EO) 的关键解决方案。然而,它们对对抗性示例的敏感性构成了关键挑战,损害了 AI4EO 算法的可靠性。本文提出了一种新的遥感图像通用对抗防御方法 (UAD-RS),利用预先训练的扩散模型来保护 DNN 免受表现出异构对抗模式的各种对抗性示例的影响。具体来说,利用预先训练的扩散模型开发了一个通用的对抗性净化框架,通过引入高斯噪声并随后从对抗性示例中净化扰动来减轻对抗性扰动。此外,还引入了自适应噪声水平选择 (ANLS) 机制,通过任务引导的 Fréchet 起始距离 (FID) 排序策略确定纯化框架的最佳噪声水平,从而提高纯化性能。因此,只需要一个预先训练的扩散模型来净化每个数据集中具有异构对抗模式的各种对抗性样本,从而显著减少多种攻击设置的训练工作,同时保持高性能,而无需事先了解对抗性扰动。在四个异构 RS 数据集上的实验结果,专注于场景分类和语义分割,表明 UAD-RS 优于最先进的对抗性纯化方法,为七种常见的对抗性扰动提供了普遍防御。代码和预训练模型可在线获取 (https://github.com/EricYu97/UAD-RS)。
京公网安备 11010802027423号