当前位置:
X-MOL 学术
›
Int. J. Appl. Earth Obs. Geoinf.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Universal adversarial defense in remote sensing based on pre-trained denoising diffusion models
International Journal of Applied Earth Observation and Geoinformation ( IF 7.6 ) Pub Date : 2024-09-06 , DOI: 10.1016/j.jag.2024.104131 Weikang Yu, Yonghao Xu, Pedram Ghamisi
International Journal of Applied Earth Observation and Geoinformation ( IF 7.6 ) Pub Date : 2024-09-06 , DOI: 10.1016/j.jag.2024.104131 Weikang Yu, Yonghao Xu, Pedram Ghamisi
Deep neural networks (DNNs) have risen to prominence as key solutions in numerous AI applications for earth observation (AI4EO). However, their susceptibility to adversarial examples poses a critical challenge, compromising the reliability of AI4EO algorithms. This paper presents a novel Universal Adversarial Defense approach in Remote Sensing Imagery (UAD-RS), leveraging pre-trained diffusion models to protect DNNs against various adversarial examples exhibiting heterogeneous adversarial patterns. Specifically, a universal adversarial purification framework is developed utilizing pre-trained diffusion models to mitigate adversarial perturbations through the introduction of Gaussian noise and subsequent purification of the perturbations from adversarial examples. Additionally, an Adaptive Noise Level Selection (ANLS) mechanism is introduced to determine the optimal noise level for the purification framework with a task-guided Fréchet Inception Distance (FID) ranking strategy, thereby enhancing purification performance. Consequently, only a single pre-trained diffusion model is required for purifying various adversarial examples with heterogeneous adversarial patterns across each dataset, significantly reducing training efforts for multiple attack settings while maintaining high performance without prior knowledge of adversarial perturbations. Experimental results on four heterogeneous RS datasets, focusing on scene classification and semantic segmentation, demonstrate that UAD-RS outperforms state-of-the-art adversarial purification approaches, providing universal defense against seven commonly encountered adversarial perturbations. Codes and the pre-trained models are available online (https://github.com/EricYu97/UAD-RS ).
中文翻译:
基于预训练去噪扩散模型的遥感通用对抗防御
深度神经网络 (DNN) 已成为众多地球观测人工智能应用 (AI4EO) 的关键解决方案。然而,它们对对抗性例子的敏感性提出了严峻的挑战,损害了 AI4EO 算法的可靠性。本文提出了一种新颖的遥感图像通用对抗防御方法(UAD-RS),利用预先训练的扩散模型来保护 DNN 免受表现出异构对抗模式的各种对抗示例的影响。具体来说,利用预先训练的扩散模型开发了通用的对抗性净化框架,通过引入高斯噪声和随后从对抗性示例中净化扰动来减轻对抗性扰动。此外,引入自适应噪声水平选择(ANLS)机制,通过任务引导的 Fréchet 起始距离(FID)排序策略来确定净化框架的最佳噪声水平,从而提高净化性能。因此,只需要一个预训练的扩散模型来纯化每个数据集中具有异构对抗模式的各种对抗示例,从而显着减少多种攻击设置的训练工作,同时在不事先了解对抗性扰动的情况下保持高性能。在四个异构 RS 数据集上的实验结果(重点关注场景分类和语义分割)表明,UAD-RS 优于最先进的对抗性净化方法,可以针对七种常见的对抗性扰动提供通用防御。代码和预训练模型可在线获取(https://github.com/EricYu97/UAD-RS)。
更新日期:2024-09-06
中文翻译:
基于预训练去噪扩散模型的遥感通用对抗防御
深度神经网络 (DNN) 已成为众多地球观测人工智能应用 (AI4EO) 的关键解决方案。然而,它们对对抗性例子的敏感性提出了严峻的挑战,损害了 AI4EO 算法的可靠性。本文提出了一种新颖的遥感图像通用对抗防御方法(UAD-RS),利用预先训练的扩散模型来保护 DNN 免受表现出异构对抗模式的各种对抗示例的影响。具体来说,利用预先训练的扩散模型开发了通用的对抗性净化框架,通过引入高斯噪声和随后从对抗性示例中净化扰动来减轻对抗性扰动。此外,引入自适应噪声水平选择(ANLS)机制,通过任务引导的 Fréchet 起始距离(FID)排序策略来确定净化框架的最佳噪声水平,从而提高净化性能。因此,只需要一个预训练的扩散模型来纯化每个数据集中具有异构对抗模式的各种对抗示例,从而显着减少多种攻击设置的训练工作,同时在不事先了解对抗性扰动的情况下保持高性能。在四个异构 RS 数据集上的实验结果(重点关注场景分类和语义分割)表明,UAD-RS 优于最先进的对抗性净化方法,可以针对七种常见的对抗性扰动提供通用防御。代码和预训练模型可在线获取(https://github.com/EricYu97/UAD-RS)。
京公网安备 11010802027423号