Universal Adversarial Examples in Remote Sensing: Methodology and Benchmark
This work addresses the security risks of adversarial attacks in remote sensing applications, providing a benchmark dataset (UAE-RS) to help improve model robustness, though it is incremental as it builds on existing adversarial attack concepts in a new domain.
The authors tackled the vulnerability of deep neural networks in remote sensing by proposing Mixup-Attack and Mixcut-Attack, black-box adversarial attack methods that generate universal adversarial examples with high success rates in deceiving state-of-the-art models for scene classification and semantic segmentation tasks.
Deep neural networks have achieved great success in many important remote sensing tasks. Nevertheless, their vulnerability to adversarial examples should not be neglected. In this study, we systematically analyze the universal adversarial examples in remote sensing data for the first time, without any knowledge from the victim model. Specifically, we propose a novel black-box adversarial attack method, namely Mixup-Attack, and its simple variant Mixcut-Attack, for remote sensing data. The key idea of the proposed methods is to find common vulnerabilities among different networks by attacking the features in the shallow layer of a given surrogate model. Despite their simplicity, the proposed methods can generate transferable adversarial examples that deceive most of the state-of-the-art deep neural networks in both scene classification and semantic segmentation tasks with high success rates. We further provide the generated universal adversarial examples in the dataset named UAE-RS, which is the first dataset that provides black-box adversarial samples in the remote sensing field. We hope UAE-RS may serve as a benchmark that helps researchers to design deep neural networks with strong resistance toward adversarial attacks in the remote sensing field. Codes and the UAE-RS dataset are available online (https://github.com/YonghaoXu/UAE-RS).