基于掩模提取的SAR图像对抗样本生成方法

章坚武; 能豪; 李杰; 钱建华; 方银锋

doi:10.11959/j.issn.1000-0801.2024081

您当前的位置：

首页 >

文章列表页 >

基于掩模提取的SAR图像对抗样本生成方法

研究与开发 | 更新时间：2024-06-05

- 基于掩模提取的SAR图像对抗样本生成方法
- Adversarial example generation method for SAR images based on mask extraction
- 电信科学 2024年40卷第3期页码：64-74
- 作者机构：
  
  1.杭州电子科技大学，浙江杭州 310018
  2.中国联通（浙江）产业互联网有限公司，浙江杭州 311199
- 作者简介：
  
  [ "章坚武（1961- ），男，杭州电子科技大学教授、博士生导师，中国电子学会、中国通信学会高级会员，浙江省通信学会常务理事，主要研究方向为无线通信与移动通信、通信网络与信息安全。" ]
  [ "能豪（1999- ），男，杭州电子科技大学通信工程学院硕士生，主要研究方向为无线通信与信息安全。" ]
  [ "李杰（1976- ），女，杭州电子科技大学信息工程学院副教授，主要研究方向为无线通信与移动通信。" ]
  [ "钱建华（1971- ），男，中国联通（浙江）产业互联网有限公司总经理、高级工程师，主要研究方向为数据通信。" ]
  [ "方银锋（1986- ），男，杭州电子科技大学校副教授、硕士生导师，主要从事人机接口设计、生物信号处理与分析、模式识别与智能系统等领域的研究。" ]
- 基金信息：
  
  国家自然科学基金资助项目（No.IEC\NSFC\181300）;浙江省自然科学基金重点项目(LZ23F010001)
- DOI：10.11959/j.issn.1000-0801.2024081
  中图分类号： TN957
- 收稿日期：2023-09-30，
  
  修回日期：2024-01-10，
  
  纸质出版日期：2024-03-20
- 稿件说明：
移动端阅览
章坚武,能豪,李杰等.基于掩模提取的SAR图像对抗样本生成方法[J].电信科学,2024,40(03):64-74.

ZHANG Jianwu,NAI Hao,LI Jie,et al.Adversarial example generation method for SAR images based on mask extraction[J].Telecommunications Science,2024,40(03):64-74.
章坚武,能豪,李杰等.基于掩模提取的SAR图像对抗样本生成方法[J].电信科学,2024,40(03):64-74. DOI： 10.11959/j.issn.1000-0801.2024081.

ZHANG Jianwu,NAI Hao,LI Jie,et al.Adversarial example generation method for SAR images based on mask extraction[J].Telecommunications Science,2024,40(03):64-74. DOI： 10.11959/j.issn.1000-0801.2024081.

摘要

合成孔径雷达（synthetic aperture radar，SAR）图像的对抗样本生成在当前已经有很多方法，但仍存在对抗样本扰动量较大、训练不稳定以及对抗样本的质量无法保证等问题。针对上述问题，提出了一种SAR图像对抗样本生成模型，该模型基于AdvGAN模型架构，首先根据SAR图像的特点设计了一种由增强Lee滤波器和最大类间方差法（OTSU）自适应阈值分割等模块组成的掩模提取模块，这种方法产生的扰动量更小，与原始样本的结构相似性（structural similarity，SSIM）值达到0.997以上。其次将改进的相对均值生成对抗网络（relativistic average generative adversarial network，RaGAN）损失引入AdvGAN中，使用相对均值判别器，让判别器在训练中同时依赖于真实数据和生成的数据，提高了训练的稳定性与攻击效果。在MSTAR数据集上与相关方法进行了实验对比，实验表明，此方法生成的SAR图像对抗样本在攻击防御模型时的攻击成功率较传统方法提高了10%～15%。

Abstract

There are many ways to generate adversarial samples for synthetic aperture radar (SAR) images at present

but some problems such as large amount of perturbation of adversarial samples

unstable training

and unguaranteed quality of adversarial samples still exist. To solve the above problems

a SAR image adversarial sample generation model was proposed. The model was based on the AdvGAN model architecture. Firstly

according to the characteristics of the SAR images

an adaptive threshold segmentation method based on the enhanced Lee filter OTSU was designed. The mask extraction module composed of equal modules

this method produced a smaller amount of disturbance

and the structural similarity (SSIM) with the original sample reached that more than 0.997. Secondly

the improved relativistic average GAN (RaGAN) loss was introduced into AdvGAN

and the relative mean discriminator was used to make the discriminator rely on both real data and generated data during training

which improved the stability of training and the attack effect. Experiments were compared with related methods on the MSTAR dataset. Experiments show that the attack success rate of SAR image adversarial samples generated by this method is increased by 10%～15% than that of traditional methods when attacking defense models.

关键词

Keywords

references

XIA W J , LIU Z , LI Y . SAR-PeGA: a generation method of adversarial examples for SAR image target recognition network [J ] . IEEE Transactions on Aerospace and Electronic Systems , 2023 , 59 ( 2 ): 1910 - 1920 .

何涛 , 李大亮 , 曹兰英 . 基于深度学习的机载SAR典型目标识别算法 [J ] . 现代雷达 , 2022 , 44 ( 12 ): 87 - 92 .

HE T , LI D L , CAO L Y . An algorithm of typical target recognition for airborne SAR based on deep learning [J ] . Modern Radar , 2022 , 44 ( 12 ): 87 - 92 .

SHI J . SAR target recognition method of MSTAR data set based on multi-feature fusion [C ] // Proceedings of the 2022 International Conference on Big Data, Information and Computer Network (BDICN) . Piscataway : IEEE Press , 2022 : 626 - 632 .

FANG C , SONG Y M , GUAN F H , et al . A robust complex-valued deep neural network for target recognition of UAV SAR imagery [J ] . IEEE Journal on Miniaturization for Air and Space Systems , 2023 , 4 ( 2 ): 175 - 185 .

王志波 , 王雪 , 马菁菁 , 等 . 面向计算机视觉系统的对抗样本攻击综述 [J ] . 计算机学报 , 2023 , 46 ( 2 ): 436 - 468 .

WANG Z B , WANG X , MA J J , et al . Survey on adversarial example attack for computer vision systems [J ] . Chinese Journal of Computers , 2023 , 46 ( 2 ): 436 - 468 .

赵宏 , 常有康 , 王伟杰 . 深度神经网络的对抗攻击及防御方法综述 [J ] . 计算机科学 , 2022 , 49 ( S2 ): 662 - 672 .

ZHAO H , CHANG Y K , WANG W J . Summary of anti-attack and defense methods of deep neural networks [J ] . Computer Science , 2022 , 49 ( S2 ): 662 - 672 .

WANG X M , LI J , KUANG X H , et al . The security of machine learning in an adversarial setting: a survey [J ] . Journal of Parallel and Distributed Computing , 2019 ( 130 ): 12 - 23 .

HUANG T , ZHANG Q X , LIU J B , et al . Adversarial attacks on deep-learning-based SAR image target recognition [J ] . Journal of Network and Computer Applications , 2020 ( 162 ): 102632 .

MOOSAVI-DEZFOOLI S M , FAWZI A , FROSSARD P . DeepFool: a simple and accurate method to fool deep neural networks [C ] // Proceedings of the 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway : IEEE Press , 2016 : 2574 - 2582 .

CARLINI N , WAGNER D . Towards evaluating the robustness of neural networks [C ] // Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP) . Piscataway : IEEE Press , 2017 : 39 - 57 .

XIAO C W , LI B , ZHU J Y , et al . Generating adversarial examples with adversarial networks [C ] // Proceedings of the Proceedings of the 27th International Joint Conference on Artificial Intelligence . New York : ACM Press , 2018 : 3905 - 3911 .

LIU X Q , HSIEH C J . Rob-GAN: generator, discriminator, and adversarial attacker [C ] // Proceedings of the 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway : IEEE Press , 2019 : 11226 - 11235 .

张高志 , 刘新平 , 邵明文 . 用于白盒目标攻击的GAN对抗样本生成 [J ] . 模式识别与人工智能 , 2020 , 33 ( 9 ): 830 - 838 .

ZHANG G Z , LIU X P , SHAO M W . Generating adversarial example with GAN for white-box target attacks [J ] . Pattern Recognition and Artificial Intelligence , 2020 , 33 ( 9 ): 830 - 838 .

田宇 . 基于GAN的图像对抗样本生成方法研究 [D ] . 北京 : 北京邮电大学 , 2020 .

TIAN Y . Research of method on generating image adversarial samples based on GAN [D ] . Beijing : Beijing University of Posts and Telecommunications , 2020 .

付睢宁 , 路泽忠 , 王舜瑶 . 一种改进的Lee滤波SAR图像去噪算法 [J ] . 计算机与数字工程 , 2019 , 47 ( 8 ): 2018 - 2021 .

FU S N , LU Z Z , WANG S Y . An improved lee filter SAR image denoising algorithm [J ] . Computer & Digital Engineering , 2019 , 47 ( 8 ): 2018 - 2021 .

谢鹏鹤 . 图像阈值分割算法研究 [D ] . 湘潭 : 湘潭大学 , 2012 .

XIE P H . The study on the image thresholding segmentation algorithm [D ] . Xiangtan : Xiangtan University , 2012 .

JOLICOEUR-MARTINEAU A . The relativistic discriminator: a key element missing from standard GAN [EB ] . 2018: arXiv: 1807.00734 .

CARLINI N , WAGNER D . Towards evaluating the robustness of neural networks [C ] // Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP) . Piscataway : IEEE Press , 2017 : 39 - 57 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于时间卷积网络的无监督入侵检测模型

基于生成对抗网络的超宽带数字信道建模

基于多文本描述的图像生成方法

信号增强网络驱动的调制识别

基于复数生成对抗网络的5G OFDM信道估计方法