基于对抗攻击的SAR舰船识别卷积神经网络鲁棒性研究

The Research for the Robustness of SAR Ship Identification CNN Based on Adversarial Example

  • 摘要: 随着深度学习技术的迅猛发展,卷积神经网络(Convolutional Neural Networks,CNN)在合成孔径雷达(Synthetic Aperture Radar,SAR)舰船分类任务上取得很高的精度。但同时,由于SAR成像存在相干斑噪声等特性以及CNN自身的脆弱性,使得预测结果稳定性较差,在实际应用中存在明显隐患。针对上述CNN在SAR舰船识别分类任务上鲁棒性不足的问题,本文将对抗样本引入到SAR舰船识别鲁棒性的研究之中,通过从梯度、边界、黑盒模拟等多个角度对CNN网络进行全方位的对抗攻击及干扰,实现了对各SAR舰船识别CNN网络的综合评估,并依照评估结果完成针对性的鲁棒性增强方案的制定,为SAR舰船识别鲁棒性研究开拓了新的领域。

     

    Abstract: With the rapid development of deep learning technology, CNN has got great accuracy in SAR ship classification. However, because of the character of SAR picture and the fragility of CNN, the performance of CNN is unstable that causes hidden danger in practical?application. For CNN's insufficient robustness in SAR ship identification task, this paper makes use of adversarial example to research the adversarial robustness of SAR ship identification that represent the ability of maintaining stable input-output relation under small change. This paper use kinds of adversarial attack based on gradient, boundary, block box and so on to fool most common CNN in SAR ship identification task. Then, we use the identification result and network visualization technology to evaluate the CNN’s robustness, finding that most SAR ship identification CNN’s adversarial robustness is weak that would be easily fooled by little change. Finally, we enhance the robustness of CNN targeted based on the evaluation that behaves much better in adversarial robustness. The use of adversarial example and the above research process breaks new ground in the research for the Robustness of SAR Ship identification.

     

/

返回文章
返回