On the Adversarial Vulnerabilities of Transfer Learning in Remote Sensing
This reveals a significant security risk for remote sensing applications that rely on transfer learning, potentially compromising safety-critical tasks.
The paper tackled the problem of adversarial vulnerabilities in transfer learning for remote sensing, showing that a novel Adversarial Neuron Manipulation method generates transferable perturbations by manipulating neurons in pretrained models, achieving superior attack performance without needing domain-specific information.
The use of pretrained models from general computer vision tasks is widespread in remote sensing, significantly reducing training costs and improving performance. However, this practice also introduces vulnerabilities to downstream tasks, where publicly available pretrained models can be used as a proxy to compromise downstream models. This paper presents a novel Adversarial Neuron Manipulation method, which generates transferable perturbations by selectively manipulating single or multiple neurons in pretrained models. Unlike existing attacks, this method eliminates the need for domain-specific information, making it more broadly applicable and efficient. By targeting multiple fragile neurons, the perturbations achieve superior attack performance, revealing critical vulnerabilities in deep learning models. Experiments on diverse models and remote sensing datasets validate the effectiveness of the proposed method. This low-access adversarial neuron manipulation technique highlights a significant security risk in transfer learning models, emphasizing the urgent need for more robust defenses in their design when addressing the safety-critical remote sensing tasks.