Study of the One-Pixel adversarial attack on neural networks effectiveness in the task of disrupting the classification of radar images


Аuthors

Kupryashkin I. F.

Air force academy named after professor N.E. Zhukovskogo and Y. A. Gagarin, 54a Starye Bolshevikov str., Voronezh, 394064, Voronezh Region

e-mail: ifk78@mail.ru

Abstract

Modern space radar systems are a very informative source of information, and therefore they are of considerable interest to specialists in electronic warfare as an object of active electronic countermeasures. Given that neural networks that are sensitive to adversarial attacks are increasingly used to process radar images, it is likely that approaches to implementing countermeasures using methods based on this new vulnerability will emerge.
The paper is devoted to assessing the possibility of using the vulnerability of neural network radar images processing system to adversarial attacks to improve the effectiveness of active countermeasures to space radars. As a neural network processing system, convolutional networks and transformer networks with different combinations of hyperparameters are considered. The impact considered is a retransmitted signal that ensures the formation of a false point target on a radar image. It has been established that it is possible to implement an effective One-Pixel attack, providing an energy gain of one to two orders.
It is shown that shifting the false point target by just a few resolution elements leads to a significant decrease in the effectiveness of the attack. In addition, it was found that the One-Pixel attack is characterized by low portability, since not only a significant change in architecture (from a convolutional network to a transformer network), but also a not very significant change in hyperparameters led to an almost complete leveling of the effect of the impact.
That is, the condition for an effective adversarial One-Pixel attack is the presence of precise information about the architecture of the neural network used for image processing, and precise information about the characteristics of the radar and the location of its carrier at the time of shooting.
It is possible that some types of adversarial attacks may be less sensitive to changes in the architecture of the attacked network or to spatial displacement of the perturbation. In this regard, the issues of generating interference capable of implementing the effect of a adversarial attack on space radars require further study.

Keywords:

neural network, adversarial attack, radar image

References

  1. Koul A., Gandzhu S., Kazam M. Iskusstvennyi intellekt i komp'yuternoe zrenie. Real'nye proekty na Python, Keras i TensorFlow (Practical Deep Learning for Cloud, Mobile, and Edge). Saint Petersburg: Piter Publ., 2023. 624 p.
  2. Sholle F. Glubokoe obuchenie na Python (Deap Learning with Python). Saint Petersburg: Piter Publ., 2018. 400 p.
  3. Alzubaidi L., Zhang J., Humaidi A.J., Al-Dujaili A., Duan Y., Al-Shamma O., Santamaria J., Fadhel M.A., Al-Amidie M., Farhan L. Review of Deep Learning: Concepts, CNN Architectures, Challenges, Applications, Future Directions. Journal of Big Data. 2021. Vol. 8, No. 53. URL: https://doi.org/10.1186/s40537-021-00444-8
  4. Rawat W., Wang Z. Deep Convolutional Neural Networks for Image Classification: A Comprehensive Review. Neural Computation. 2017. Vol. 29, P. 2352-2449. URL: https://doi.org/10.1162/neco_a_00990
  5. Goodfellow I.J., Shlens J., Szegedy C. Explaining and Harnessing Adversarial Examples. 2015. 11 p. URL: https://arxiv.org/pdf/1412.6572
  6. Guo C., Gardner J.R., You Y., Wilson A.G., Weinberger K.Q. Simple Black-box Adversarial Attacks. 2019. 14 p. URL: https://arxiv.org/abs1905.07121
  7. Uorr K. Nadezhnost' neironnykh setei. Ukreplyaem ustoichivost' II k obmanu Strenghtening (Deep Neural Networks. Making AI Less Susceptible To Adversarial Trickery). Saint Petersburg: Piter Publ., 2021. 272 p.
  8. Zhou S., Liu C., Ye D., Zhu T., Zhou W., Yu P.S. Adversarial Attacks and Defenses in Deep Learning: From a Perspective of Cybersecurity. ACM Computing Surveys. 2022. Vol. 55, No. 8. Article 163. 39 p. URL: https://dl.acm.org/doi/10.1145/3547330
  9. Akhtar N., Mian A. Threat of Adversarial Attacks on DL in Computer Vision: A Survey. IEEE Access 6. 2018. 21 p. URL: https://arxiv.org/pdf/1801.00553
  10. Wang X., Li J., Kuang X., Tan Yu-An, Li J. The security of machine learning in an adversarial setting: A survey. Journal of Parallel and Distributed Computing. 2019. No. 130. P. 12-23. URL: https://doi.org/10.1016/j.jpdc.2019.03.003
  11. Ding D., Zhang M., Feng F., Huang Y., Jiang E., Yang M. Black-Box Adversarial Attack on Time Series Classifcation. Proceedings of the AAAI Conference on Artificial Intelligence. 2023. P. 7358-7368. URL: https://dl.acm.org/doi/abs/10.1609/aaai.v37i6.25896
  12. Gao W., Liu Y., Zeng Y., Liu Q., Li Q. SAR Image Ship Target Detection Adversarial Attack and Defence Generalization Research. Sensors. 2023. No. 23. 12 p. URL: https://doi.org/10.3390/s23042266
  13. Zhang Z., Gao X., Liu S., Peng B., Wang Y. Energy-Based Adversarial Example Detection for SAR Images. Remote Sensing. 2022. No. 14. 19 p. URL: https://doi.org/10.3390/rs14205168
  14. Efimov E.N., Shevgunov T.Ya. Identification of target scatterers in radar images using radial basis function neural networks. Trudy MAI. 2013. No. 68. (In Russ.). URL: https://trudymai.ru/eng/published.php?ID=41959
  15. Zhu X., Montazeri S., Ali M., Hua Yu., Wang Yu., Mou L., Shi Yi., Xu F., Bamler R. Deep Learning Meets SAR. Electrical Engineering and Systems Science. 2021. 26 p. URL: https://arxiv.org/abs/2006.10027
  16. Anas H., Majdoulayne H., Chaimae A., Nabil S.M. Deep Learning for SAR Image Classification. Intelligent Systems and Applications, 2020. P. 890-898. URL: https://doi.org/10.1007/978-3-030-29516-5_67
  17. Coman C., Thaens R. A Deep Learning SAR Target Classification Experiment on MSTAR Dataset. 19th International Radar Symposium (IRS). 2018. P. 1–6. DOI: 10.23919/IRS.2018.8448048
  18. Kechagias-Stamatis O., Aouf N. Automatic Target Recognition on Synthetic Aperture Radar Imagery: A Survey. Computer Science and Engineering 2020. DOI: 10.13140/RG.2.2.16595.20008
  19. Du C., Zhang L. Adversarial Attack for SAR Target Recognition Based on UNet-Generative Adversarial Network. Remote Sensing. 2021. No. 13. 20 p. URL: https://doi.org/10.3390/rs13214358
  20. Li H., Huang H., Chen L., Peng J., Huang H., Cui Zh., Mei X., Wu G. Adversarial Examples for CNN-Based SAR Image Classification: An Experience Study. IEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing. 2021. Vol. 14, P. 1333-1347. DOI: 10.1109/JSTARS.2020.3038683
  21. Peng B., Peng B., Yong S., Liu L. An Empirical Study of Fully Black-Box and Universal Adversarial Attack for SAR Target Recognition. Remote Sensing. 2022. No. 14 (16). URL: https://doi.org/10.3390/rs14164017
  22. Khazov A.S., Ortikov M.Yu., Gusev S.N. A method for estimating the resolution of a space radar with a synthesized antenna aperture, taking into account the compensation of atmospheric distortions. Trudy MAI. 2022. No. 126. (In Russ.). URL: https://trudymai.ru/eng/published.php?ID=169001. DOI: 10.34759/trd-2022-126-15
  23. Zanin K.A. Developing of a model of spacial resolution evaluation of a synthesized aperture space radar. Trudy MAI. 2017. No. 96. (In Russ.). URL: https://trudymai.ru/eng/published.php?ID=85931
  24. Kupryashkin I.F., Likhachev V.P. Kosmicheskaya radiolokatsionnaya s''emka zemnoi poverkhnosti v usloviyakh pomekh (Space radar imaging of the earth's surface under interference conditions). Voronez: Nauchnaya kniga Publ., 2014. 460 p.
  25. Michurin V.V., Shabalkin A.P. Intelligent suppression equipment for protecting objects from space radar monitoring. Radiotekhnika. 2022. Vol. 86, No. 5. P. 28–37. (In Russ.). DOI: 10.18127/j00338486-202205-04
  26. Gusev S.N., Sakhno I.V., Khubbiev R.V. Evaluation technique for virtual objects on radar images formation quality. Trudy MAI. 2019. No. 104. (In Russ.). URL: https://trudymai.ru/eng/published.php?ID=102169
  27. Su J., Vargas D.V., Sakurai K. One Pixel Attack for Fooling DNN. IEEE Transactions on Evolutionary Computation. 2019. 15 p. URL: https://arxiv.org/abs/1710.08864
  28. Kupryashkin I.F. Comparative results of the classification accuracy of radar images of objects from the MSTAR set by convolutional neural networks with different architectures. Zhurnal radioelektroniki. 2021. No. 11. (In Russ.). DOI: 10.30898/1684-1719.2021.11.14
  29. Kupryashkin I.F., Mazin A.S. Classification of military equipment objects using a convolutional neural network on radar images generated in noise interference conditions. Vestnik Kontserna VKO «Almaz – Antei».  2022. No. 1. P. 71–81. (In Russ.). DOI: 10.38013/2542-0542-2022-1-71-81
  30. Price K., Storn R.M. Differential Evolution – A Simple and Efficient Heuristic for Global Optimization over Continuous Spaces. Journal of Global Optimization, 1997. Vol. 11 (4), P. 341-259. URL: https://doi.org/10.1023/A:1008202821328
  31. Kupryashkin I.F. Classification of military equipment objects using a convolutional neural network on radar images generated under relay interference. Vestnik Kontserna VKO «Almaz – Antei».  2022. No. 4. P. 70–79. (In Russ.). DOI: 10.38013/2542-0542-2022-4-70-79
  32. Li K., Zhang M., Xu M., Tang R., Wang L., Wang H. Ship Detection in SAR Images Based on Feature Enhancement Swin Transformer and Adjacent Feature Fusion. Remote Sensing. 2022. No. 14. P. 3186. URL: https://doi.org/10.3390/rs14133186
  33. Wickramasinghe S., Parikh D., Zhang B., Kannan R., Prasanna V., Busart C. VTR: An Optimized Vision Transformer for SAR ATR Acceleration on FPGA. Computer Science. 2024. 16 p. URL: https://arxiv.org/abs/2404.04527
  34. Fein-Ashley J., Ye T., Kannan R., Prasanna V., Busart C. Benchmarking Deep Learning Classifiers for SAR Automatic Target Recognition. 2023 IEEE High Performance Extreme Computing Conference (HPEC). 2023. 6 p. DOI: 10.1109/HPEC58863.2023.10363455
  35. Dosovitskiy A., Beyer L., Kolesnikov A., Weissenborn D., Zhai X., Unterthiner T., Dehghani M., Minderer M., Heigold G., Gelly S., Uszkoreit J., Houlsby N. An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale. Computer Science. 2020. 22 p. URL: https://arxiv.org/abs/2010.11929


Download

mai.ru — informational site MAI

Copyright © 2000-2025 by MAI

 Вход