Volume 12 Issue 4
Aug.  2023
Turn off MathJax
Article Contents
Article Navigation >  Journal of Radars  > 2023  >  12(4): 696-712
GAO Xunzhang, ZHANG Zhiwei, LIU Mei, et al. Intelligent radar image recognition countermeasures: A review[J]. Journal of Radars, 2023, 12(4): 696–712. doi: 10.12000/JR23098
Citation: GAO Xunzhang, ZHANG Zhiwei, LIU Mei, et al. Intelligent radar image recognition countermeasures: A review[J]. Journal of Radars, 2023, 12(4): 696–712. doi: 10.12000/JR23098
shu

Intelligent Radar Image Recognition Countermeasures: A Review

doi: 10.12000/JR23098

  • College of Electronic Science and Technology, National University of Defense Technology, Changsha 410073, China

Funds:  The National Natural Science Foundation of China (61921001)
More Information
  • Corresponding author: GAO Xunzhang, gaoxunzhang@nudt.edu.cn; ZHANG Zhiwei, 514131141@qq.com
  • Received Date: 2023-05-29
  • Rev Recd Date: 2023-07-13
    • Available Online: 2023-07-17
  • Publish Date: 2023-07-26
    Abstract
  • Intelligent radar image recognition based on Deep Neural Networks (DNN) has become an important topic in radar information processing. However, DNN models are susceptible to adversarial attacks. Malicious attackers can cause intelligent image recognition models to make incorrect predictions, considerably reducing their recognition accuracy and robustness. This article reviews recent research progress on intelligent radar image recognition countermeasures. Then it summarizes the adversarial attack methods on one/two-dimensional radar image recognition models and adversarial defense methods. Finally, it discusses five open questions worthy of in-depth research in intelligent radar image recognition countermeasures.

     

    • FullText(HTML)
  • loading
    • References(109)
  • [1]
    ZHU Xiaoxiang, MONTAZERI S, ALI M, et al. Deep learning meets SAR: Concepts, models, pitfalls, and perspectives[J]. IEEE Geoscience and Remote Sensing Magazine, 2021, 9(4): 143–172. doi: 10.1109/MGRS.2020.3046356
    [2]
    GOODFELLOW I J, SHLENS J, and SZEGEDY C. Explaining and harnessing adversarial examples[J]. arXiv preprint arXiv: 1412. 6572, 2014.
    [3]
    孙浩, 陈进, 雷琳, 等. 深度卷积神经网络图像识别模型对抗鲁棒性技术综述[J]. 雷达学报, 2021, 10(4): 571–594. doi: 10.12000/JR21048

    SUN Hao, CHEN Jin, LEI Lin, et al. Adversarial robustness of deep convolutional neural network-based image recognition models: A review[J]. Journal of Radars, 2021, 10(4): 571–594. doi: 10.12000/JR21048
    [4]
    XU Yonghao, BAI Tao, YU Weikang, et al. AI security for geoscience and remote sensing: Challenges and future trends[J]. IEEE Geoscience and Remote Sensing Magazine, 2023, 11(2): 60–85. doi: 10.1109/MGRS.2023.3272825
    [5]
    CAO Dongsheng, HUANG Jianhua, YAN Jun, et al. Kernel k-nearest neighbor algorithm as a flexible SAR modeling tool[J]. Chemometrics and Intelligent Laboratory Systems, 2012, 114: 19–23. doi: 10.1016/j.chemolab.2012.01.008
    [6]
    袁莉, 刘宏伟, 保铮. 基于中心矩特征的雷达HRRP自动目标识别[J]. 电子学报, 2004, 32(12): 2078–2081. doi: 10.3321/j.issn:0372-2112.2004.12.036

    YUAN Li, LIU Hongwei, and BAO Zheng. Automatic target recognition of radar HRRP based on central moments features[J]. Acta Electronica Sinica, 2004, 32(12): 2078–2081. doi: 10.3321/j.issn:0372-2112.2004.12.036
    [7]
    SAEPULOH A, KOIKE K, and OMURA M. Applying Bayesian decision classification to Pi-SAR polarimetric data for detailed extraction of the geomorphologic and structural features of an active volcano[J]. IEEE Geoscience and Remote Sensing Letters, 2012, 9(4): 554–558. doi: 10.1109/LGRS.2011.2174611
    [8]
    LI Min, ZHOU Gongjian, ZHAO Bin, et al. Sparse representation denoising for radar high resolution range profiling[J]. International Journal of Antennas and Propagation, 2014, 2014: 875895. doi: 10.1155/2014/875895
    [9]
    CHEN Wenchao, CHEN Bo, PENG Xiaojun, et al. Tensor RNN with Bayesian nonparametric mixture for radar HRRP modeling and target recognition[J]. IEEE Transactions on Signal Processing, 2021, 69: 1995–2009. doi: 10.1109/TSP.2021.3065847
    [10]
    CHEN Sizhe, WANG Haipeng, XU Feng, et al. Target classification using the deep convolutional networks for SAR images[J]. IEEE Transactions on Geoscience and Remote Sensing, 2016, 54(8): 4806–4817. doi: 10.1109/TGRS.2016.2551720
    [11]
    ROSS T D, WORRELL S W, VELTEN V J, et al. Standard SAR ATR evaluation experiments using the MSTAR public release data set[C]. SPIE 3370, Algorithms for Synthetic Aperture Radar Imagery, Orlando, USA, 1998: 566–573.
    [12]
    PEI Jifang, HUANG Yulin, HUO Weibo, et al. SAR automatic target recognition based on multiview deep learning framework[J]. IEEE Transactions on Geoscience and Remote Sensing, 2018, 56(4): 2196–2210. doi: 10.1109/TGRS.2017.2776357
    [13]
    SUN Yuanshuang, WANG Yinghua, LIU Hongwei, et al. SAR target recognition with limited training data based on angular rotation generative network[J]. IEEE Geoscience and Remote Sensing Letters, 2020, 17(11): 1928–1932. doi: 10.1109/LGRS.2019.2958379
    [14]
    HUANG Zhongling, PAN Zongxu, and LEI Bin. What, where, and how to transfer in SAR target recognition based on deep CNNs[J]. IEEE Transactions on Geoscience and Remote Sensing, 2020, 58(4): 2324–2336. doi: 10.1109/TGRS.2019.2947634
    [15]
    FU Kun, ZHANG Tengfei, ZHANG Yue, et al. Few-shot SAR target classification via metalearning[J]. IEEE Transactions on Geoscience and Remote Sensing, 2022, 60: 2000314. doi: 10.1109/TGRS.2021.3058249
    [16]
    SZEGEDY C, ZAREMBA W, SUTSKEVER I, et al. Intriguing properties of neural networks[C]. 2nd International Conference on Learning Representations, Banff, Canada, 2014.
    [17]
    GOODFELLOW I J, SHLENS J, and SZEGEDY C. Explaining and harnessing adversarial examples[C]. 3rd International Conference on Learning Representations, San Diego, USA, 2015: 1050.
    [18]
    KURAKIN A, GOODFELLOW I J, and BENGIO S. Adversarial Examples in the Physical World[M]. YAMPOLSKIY R V. Artificial Intelligence Safety and Security. New York: Chapman and Hall/CRC, 2018: 99–112.
    [19]
    MOOSAVI-DEZFOOLI S M, FAWZI A, and FROSSARD P. DeepFool: A simple and accurate method to fool deep neural networks[C]. 2016 IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, USA, 2016: 2574–2582.
    [20]
    CARLINI N and WAGNER D. Towards evaluating the robustness of neural networks[C]. 2017 IEEE Symposium on Security and Privacy (SP), San Jose, USA, 2017: 39–57.
    [21]
    PAPERNOT N, MCDANIEL P, JHA S, et al. The limitations of deep learning in adversarial settings[C]. 2016 IEEE European Symposium on Security and Privacy (EuroS&P), Saarbruecken, Germany, 2016: 372–387.
    [22]
    SU Jiawei, VARGAS D V, and SAKURAI K. One pixel attack for fooling deep neural networks[J]. IEEE Transactions on Evolutionary Computation, 2019, 23(5): 828–841. doi: 10.1109/TEVC.2019.2890858
    [23]
    POURSAEED O, KATSMAN I, GAO Bicheng, et al. Generative adversarial perturbations[C]. 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Salt Lake City, USA, 2018: 4422–4431.
    [24]
    DU Chuan and ZHANG Lei. Adversarial attack for SAR target recognition based on UNet-generative adversarial network[J]. Remote Sensing, 2021, 13(21): 4358. doi: 10.3390/rs13214358
    [25]
    XIAO Chaowei, LI Bo, ZHU Junyan, et al. Generating adversarial examples with adversarial networks[C]. 27th International Joint Conference on Artificial Intelligence, Stockholm, Sweden, 2018: 3905–3911.
    [26]
    ILYAS A, ENGSTROM L, ATHALYE A, et al. Black-box adversarial attacks with limited queries and information[C]. 35th International Conference on Machine Learning, Stockholm, Sweden, 2018: 2142–2151.
    [27]
    GUO Chuan, GARDNER J R, YOU Yurong, et al. Simple black-box adversarial attacks[C]. 36th International Conference on Machine Learning, Long Beach, USA, 2019: 2484–2493.
    [28]
    TASHIRO Y, SONG Y, ERMON S. Diversity can be transferred: Output diversification for white-and black-box attacks[C]. The 34th International Conference on Neural Information Processing Systems. 2020: 4536–4548.
    [29]
    GUO Wei, TONDI B, and BARNI M. A master key backdoor for universal impersonation attack against DNN-based face verification[J]. Pattern Recognition Letters, 2021, 144: 61–67. doi: 10.1016/j.patrec.2021.01.009
    [30]
    GU Tianyu, LIU Kang, DOLAN-GAVITT B, et al. BadNets: Evaluating backdooring attacks on deep neural networks[J]. IEEE Access, 2019, 7: 47230–47244. doi: 10.1109/ACCESS.2019.2909068
    [31]
    BREWER E, LIN J, and RUNFOLA D. Susceptibility & defense of satellite image-trained convolutional networks to backdoor attacks[J]. Information Sciences, 2022, 603: 244–261. doi: 10.1016/j.ins.2022.05.004
    [32]
    ISLAM S, BADSHA S, KHALIL I, et al. A triggerless backdoor attack and defense mechanism for intelligent task offloading in multi-UAV systems[J]. IEEE Internet of Things Journal, 2023, 10(7): 5719–5732. doi: 10.1109/JIOT.2022.3172936
    [33]
    LI Haifeng, HUANG Haikuo, CHEN Li, et al. Adversarial examples for CNN-based SAR image classification: An experience study[J]. IEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing, 2021, 14: 1333–1347. doi: 10.1109/JSTARS.2020.3038683
    [34]
    周隽凡, 孙浩, 雷琳, 等. SAR图像稀疏对抗攻击[J]. 信号处理, 2021, 37(9): 1633–1643. doi: 10.16798/j.issn.1003-0530.2021.09.007

    ZHOU Junfan, SUN Hao, LEI Lin, et al. Sparse adversarial attack of SAR image[J]. Journal of Signal Processing, 2021, 37(9): 1633–1643. doi: 10.16798/j.issn.1003-0530.2021.09.007
    [35]
    WANG Lulu, WANG Xiaolei, MA Shixin, et al. Universal adversarial perturbation of SAR images for deep learning based target classification[C]. 2021 IEEE 4th International Conference on Electronics Technology (ICET), Chengdu, China, 2021: 1272–1276.
    [36]
    DU Chuan, HUO Chaoying, ZHANG Lei, et al. Fast C&W: A fast adversarial attack algorithm to fool SAR target recognition with deep convolutional neural networks[J]. IEEE Geoscience and Remote Sensing Letters, 2022, 19: 4010005. doi: 10.1109/LGRS.2021.3058011
    [37]
    ZHANG Fan, MENG Tianying, XIANG Deliang, et al. Adversarial deception against SAR target recognition network[J]. IEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing, 2022, 15: 4507–4520. doi: 10.1109/JSTARS.2022.3179171
    [38]
    徐延杰, 孙浩, 雷琳, 等. 基于稀疏差分协同进化的多源遥感场景分类攻击[J]. 信号处理, 2021, 37(7): 1164–1170. doi: 10.16798/j.issn.1003-0530.2021.07.005

    XU Yanjie, SUN Hao, LEI Lin, et al. Multi-source remote sensing classification attack based on sparse differential coevolution[J]. Journal of Signal Processing, 2021, 37(7): 1164–1170. doi: 10.16798/j.issn.1003-0530.2021.07.005
    [39]
    RONNEBERGER O, FISCHER P, and BROX T. U-net: Convolutional networks for biomedical image segmentation[C]. 18th International Conference on Medical Image Computing and Computer-Assisted Intervention, Munich, Germany, 2015: 234–241.
    [40]
    PENG Bowen, PENG Bo, YONG Shaowei, et al. An empirical study of fully black-box and universal adversarial attack for SAR target recognition[J]. Remote Sensing, 2022, 14(16): 4017. doi: 10.3390/rs14164017
    [41]
    DANG Xunwang, YAN Hua, HU Liping, et al. SAR image adversarial samples generation based on parametric model[C]. 2021 International Conference on Microwave and Millimeter Wave Technology (ICMMT), Nanjing, China, 2021: 1–3.
    [42]
    DU M, BI D, DU M, et al. Local aggregative attack on SAR image classification models[J]. Authorea Preprints, 2022.
    [43]
    MENG Tianying, ZHANG Fan, and MA Fei. A target-region-based SAR ATR adversarial deception method[C]. 2022 7th International Conference on Signal and Image Processing (ICSIP), Suzhou, China, 2022: 142–146.
    [44]
    PENG Bowen, PENG Bo, ZHOU Jie, et al. Speckle-variant attack: Toward transferable adversarial attack to SAR target recognition[J]. IEEE Geoscience and Remote Sensing Letters, 2022, 19: 4509805. doi: 10.1109/LGRS.2022.3184311
    [45]
    GERRY M J, POTTER L C, GUPTA I J, et al. A parametric model for synthetic aperture radar measurements[J]. IEEE Transactions on Antennas and Propagation, 1999, 47(7): 1179–1188. doi: 10.1109/8.785750
    [46]
    ZHOU Junfan, FENG Sijia, SUN Hao, et al. Attributed scattering center guided adversarial attack for DCNN SAR target recognition[J]. IEEE Geoscience and Remote Sensing Letters, 2023, 20: 4001805. doi: 10.1109/LGRS.2023.3235051
    [47]
    PENG Bowen, PENG Bo, ZHOU Jie, et al. Scattering model guided adversarial examples for SAR target recognition: Attack and defense[J]. IEEE Transactions on Geoscience and Remote Sensing, 2022, 60: 5236217. doi: 10.1109/TGRS.2022.3213305
    [48]
    QIN Weibo, LONG Bo, and WANG Feng. SCMA: A scattering center model attack on CNN-SAR target recognition[J]. IEEE Geoscience and Remote Sensing Letters, 2023, 20: 4003305. doi: 10.1109/LGRS.2023.3253189
    [49]
    LIU Hongwei, JIU Bo, LI Fei, et al. Attributed scattering center extraction algorithm based on sparse representation with dictionary refinement[J]. IEEE Transactions on Antennas and Propagation, 2017, 65(5): 2604–2614. doi: 10.1109/TAP.2017.2673764
    [50]
    SIMONYAN K and ZISSERMAN A. Very deep convolutional networks for large-scale image recognition[C]. 3rd International Conference on Learning Representations, San Diego, USA, 2014.
    [51]
    HE Kaiming, ZHANG Xiangyu, REN Shaoqing, et al. Deep residual learning for image recognition[C]. 2016 IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, USA, 2016: 770–778.
    [52]
    HUANG Gao, LIU Zhuang, VAN DER MAATEN L, et al. Densely connected convolutional networks[C]. 2017 IEEE Conference on Computer Vision and Pattern Recognition, Honolulu, USA, 2017: 2261–2269.
    [53]
    SZEGEDY C, LIU Wei, JIA Yangqing, et al. Going deeper with convolutions[C]. 2015 IEEE Conference on Computer Vision and Pattern Recognition, Boston, USA, 2015: 1–9.
    [54]
    SZEGEDY C, VANHOUCKE V, IOFFE S, et al. Rethinking the inception architecture for computer vision[C]. 2016 IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, USA, 2016: 2818–2826.
    [55]
    SANDLER M, HOWARD A, ZHU Menglong, et al. MobileNetV2: Inverted residuals and linear bottlenecks[C]. 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Salt Lake City, USA, 2018: 4510–4520.
    [56]
    KRIZHEVSKY A, SUTSKEVER I, and HINTON G E. ImageNet classification with deep convolutional neural networks[J]. Communications of the ACM, 2017, 60(6): 84–90. doi: 10.1145/3065386
    [57]
    SZEGEDY C, IOFFE S, VANHOUCKE V, et al. Inception-v4, inception-ResNet and the impact of residual connections on learning[C]. Thirty-First AAAI Conference on Artificial Intelligence, San Francisco, USA, 2017: 4278–4284.
    [58]
    SCHMITT M, HUGHES L H, and ZHU X X. The SEN1–2 dataset for deep learning in Sar-optical data fusion[J]. ISPRS Annals of the Photogrammetry, Remote Sensing and Spatial Information Sciences, 2018, 4: 141–146. doi: 10.5194/isprs-annals-IV-1-141-2018
    [59]
    HUANG Lanqing, LIU Bin, LI Boying, et al. OpenSARShip: A dataset dedicated to Sentinel-1 ship interpretation[J]. IEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing, 2018, 11(1): 195–208. doi: 10.1109/JSTARS.2017.2755672
    [60]
    ZHU Xiaoxiang, HU Jingliang, QIU Chunping, et al. So2Sat LCZ42: A benchmark data set for the classification of global local climate zones [Software and Data Sets][J]. IEEE Geoscience and Remote Sensing Magazine, 2020, 8(3): 76–89. doi: 10.1109/MGRS.2020.2964708
    [61]
    MALMGREN-HANSEN D, KUSK A, DALL J, et al. Improving SAR automatic target recognition models with transfer learning from simulated data[J]. IEEE Geoscience and remote sensing Letters, 2017, 14(9): 1484–1488. doi: 10.1109/LGRS.2017.2717486
    [62]
    MALMGREN-HANSEN D and NOBEL-JØRGENSEN M. Convolutional neural networks for SAR image segmentation[C]. 2015 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), Abu Dhabi, United Arab Emirates, 2015: 231–236.
    [63]
    YUAN Yijun, WAN Jinwei, and CHEN Bo. Robust attack on deep learning based radar HRRP target recognition[C]. 2019 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC), Lanzhou, China, 2019: 704–707.
    [64]
    万锦伟. 基于深度网络的HRRP目标识别与对抗攻击研究[D]. [博士论文], 西安电子科技大学, 2020.

    WAN Jinwei. Research on HRRP target recognition and adversarial attacks based on deep neural networks[D]. [Ph. D. dissertation], Xidian University, 2020.
    [65]
    HUANG Teng, CHEN Yongfeng, YAO Bingjian, et al. Adversarial attacks on deep-learning-based radar range profile target recognition[J]. Information Sciences, 2020, 531: 159–176. doi: 10.1016/j.ins.2020.03.066
    [66]
    DU Chuan, CONG Yulai, ZHANG Lei, et al. A practical deceptive jamming method based on vulnerable location awareness adversarial attack for radar HRRP target recognition[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 2410–2424. doi: 10.1109/TIFS.2022.3170275
    [67]
    GAO Fei, HUANG Teng, WANG Jun, et al. A novel multi-input bidirectional LSTM and HMM based approach for target recognition from multi-domain radar range profiles[J]. Electronics, 2019, 8(5): 535. doi: 10.3390/electronics8050535
    [68]
    YANG Yuzhe, ZHANG Guo, XU Zhi, et al. ME-Net: Towards effective adversarial robustness with matrix estimation[C]. 36th International Conference on Machine Learning, Long Beach, USA, 2019: 7025–7034.
    [69]
    WANG Yutong, ZHANG Wenwen, SHEN Tianyu, et al. Binary thresholding defense against adversarial attacks[J]. Neurocomputing, 2021, 445: 61–71. doi: 10.1016/j.neucom.2021.03.036
    [70]
    LeCun Y. The MNIST database of handwritten digits[EB/OL]. http://yann.lecun.com/exdb/mnist/, 1998.
    [71]
    MUSTAFA A, KHAN S H, HAYAT M, et al. Image super-resolution as a defense against adversarial attacks[J]. IEEE Transactions on Image Processing, 2020, 29: 1711–1724. doi: 10.1109/TIP.2019.2940533
    [72]
    AGARWAL A, SINGH R, VATSA M, et al. Image transformation-based defense against adversarial perturbation on deep learning models[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(5): 2106–2121. doi: 10.1109/TDSC.2020.3027183
    [73]
    孙浩, 徐延杰, 陈进, 等. 基于自监督对比学习的深度神经网络对抗鲁棒性提升[J]. 信号处理, 2021, 37(6): 903–911. doi: 10.16798/j.issn.1003-0530.2021.06.001

    SUN Hao, XU Yanjie, CHEN Jin, et al. Self-supervised contrastive learning for improving the adversarial robustness of deep neural networks[J]. Journal of Signal Processing, 2021, 37(6): 903–911. doi: 10.16798/j.issn.1003-0530.2021.06.001
    [74]
    XU Yanjie, SUN Hao, CHEN Jin, et al. Adversarial self-supervised learning for robust SAR target recognition[J]. Remote Sensing, 2021, 13(20): 4158. doi: 10.3390/rs13204158
    [75]
    SONG Chuanbiao, HE Kun, LIN Jiadong, et al. Robust local features for improving the generalization of adversarial training[C]. 8th International Conference on Learning Representations, Addis Ababa, Ethiopia, 2020.
    [76]
    ZHANG Hongyang, YU Yaodong, JIAO Jiantao, et al. Theoretically principled trade-off between robustness and accuracy[C]. 36th International Conference on Machine Learning, Long Beach, USA, 2019: 7472–7482.
    [77]
    INKAWHICH N, DAVIS E, MAJUMDER U, et al. Advanced techniques for robust SAR ATR: Mitigating noise and phase errors[C]. 2020 IEEE International Radar Conference (RADAR), Washington, USA, 2020: 844–849.
    [78]
    WAGNER S, PANATI C, and BRÜGGENWIRTH S. Fool the COOL-on the robustness of deep learning SAR ATR systems[C]. 2021 IEEE Radar Conference (RadarConf21), Atlanta, USA, 2021: 1–6.
    [79]
    LI Peng, HU Xiaowei, FENG Cunqian, et al. SAR-AD-BagNet: An interpretable model for SAR image recognition based on adversarial defense[J]. IEEE Geoscience and Remote Sensing Letters, 2023, 20: 4000505. doi: 10.1109/LGRS.2022.3230243
    [80]
    LI Peng, FENG Cunqian, HU Xiaowei, et al. SAR-BagNet: An ante-hoc interpretable recognition model based on deep network for SAR image[J]. Remote Sensing, 2022, 14(9): 2150. doi: 10.3390/rs14092150
    [81]
    HENDRYCKS D and GIMPEL K. Early methods for detecting adversarial images[C]. 5th International Conference on Learning Representations, Toulon, France, 2017.
    [82]
    FEINMAN R, CURTIN R R, SHINTRE S, et al. Detecting adversarial samples from artifacts[OL]. https://arxiv.org/abs/1703.00410.
    [83]
    MA Xingjun, LI Bo, WANG Yisen, et al. Characterizing adversarial subspaces using local intrinsic dimensionality[C]. 6th International Conference on Learning Representations, Vancouver, Canada, 2018.
    [84]
    LEE K, LEE K, LEE H, et al. A simple unified framework for detecting out-of-distribution samples and adversarial attacks[C]. 32nd International Conference on Neural Information Processing Systems, Montréal, Canada, 2018: 7167–7177.
    [85]
    ZHAO Chenxiao, FLETCHER P T, YU Mixue, et al. The adversarial attack and detection under the fisher information metric[C]. Thirty-Third AAAI Conference on Artificial Intelligence, Honolulu, USA, 2019: 5869–5876.
    [86]
    COHEN G, SAPIRO G, and GIRYES R. Detecting adversarial samples using influence functions and nearest neighbors[C]. 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Seattle, USA, 2020: 14441–14450.
    [87]
    ZHANG Zhiwei, LIU Shuowei, GAO Xunzhang, et al. An empirical study towards SAR adversarial examples[C]. 2022 International Conference on Image Processing, Computer Vision and Machine Learning (ICICML), Xi’an, China, 2022: 127–132.
    [88]
    ZHANG Zhiwei, LIU Shuowei, GAO Xunzhang, et al. Improving adversarial detection methods for SAR image via joint contrastive cross-entropy training[C]. 4th International Academic Exchange Conference on Science and Technology Innovation (IAECST), Guangzhou, China, 2022: 1107–1110.
    [89]
    ZHANG Zhiwei, GAO Xunzhang, LIU Shuowei, et al. Energy-based adversarial example detection for SAR images[J]. Remote Sensing, 2022, 14(20): 5168. doi: 10.3390/rs14205168
    [90]
    YANG Yi and NEWSAM S. Bag-of-visual-words and spatial extensions for land-use classification[C]. 18th SIGSPATIAL International Conference on Advances in Geographic Information Systems, San Jose, USA, 2010: 270–279.
    [91]
    MADRY A, MAKELOV A, SCHMIDT L, et al. Towards deep learning models resistant to adversarial attacks[C]. 6th International Conference on Learning Representations, Vancouver, Canada, 2018.
    [92]
    CHEN Jianbo, JORDAN M I, and WAINWRIGHT M J. HopSkipJumpAttack: A query-efficient decision-based attack[C]. 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, USA, 2020: 1277–1294.
    [93]
    ANDRIUSHCHENKO M, CROCE F, FLAMMARION N, et al. Square attack: A query-efficient black-box adversarial attack via random search[C]. 16th European Conference on Computer Vision, Glasgow, UK, 2020: 484–501.
    [94]
    MODAS A, MOOSAVI-DEZFOOLI S M, and FROSSARD P. SparseFool: A few pixels make a big difference[C]. 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Long Beach, USA, 2019: 9079–9088.
    [95]
    YUAN Xuejing, CHEN Yuxuan, ZHAO Yue, et al. Commandersong: A systematic approach for practical adversarial voice recognition[C]. 27th USENIX Conference on Security Symposium, Baltimore, USA, 2018: 49–64.
    [96]
    DAS N, SHANBHOGUE M, CHEN S T, et al. ADAGIO: Interactive experimentation with adversarial attack and defense for audio[C]. Joint European Conference on Machine Learning and Knowledge Discovery in Databases, Dublin, Ireland, 2019: 677–681.
    [97]
    DOAN K, LAO Y, and LI P. Backdoor attack with imperceptible input and latent modification[J]. Advances in Neural Information Processing Systems, 2021, 34: 18944–18957.
    [98]
    BAGDASARYAN E and SHMATIKOV V. Blind backdoors in deep learning models[C]. 30th USENIX Security Symposium, 2021: 1505–1521.
    [99]
    DOAN K, LAO Yingjie, ZHAO Weijie, et al. LIRA: Learnable, imperceptible and robust backdoor attacks[C]. 2021 IEEE/CVF International Conference on Computer Vision (ICCV), Montreal, Canada, 2021: 11946–11956.
    [100]
    SAHA A, SUBRAMANYA A, and PIRSIAVASH H. Hidden trigger backdoor attacks[C]. 34th AAAI Conference on Artificial Intelligence, New York, USA, 2020: 11957–11965.
    [101]
    SHUMAILOV I, SHUMAYLOV Z, KAZHDAN D, et al. Manipulating SGD with data ordering attacks[C]. 34th International Conference on Neural Information Processing Systems, 2021: 18021–18032.
    [102]
    SOURI H, FOWL L, CHELLAPPA R, et al. Sleeper agent: Scalable hidden trigger backdoors for neural networks trained from scratch[J]. Advances in Neural Information Processing Systems, 2022, 35: 19165–19178.
    [103]
    DOAN B G, ABBASNEJAD E, and RANASINGHE D C. Februus: Input purification defense against Trojan attacks on deep neural network systems[C]. Annual Computer Security Applications Conference, Austin, USA, 2020: 897–912.
    [104]
    WANG Bolun, YAO Yuanshun, SHAN S, et al. Neural cleanse: Identifying and mitigating backdoor attacks in neural networks[C]. 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, USA, 2019: 707–723.
    [105]
    GIRSHICK R. Fast r-CNN[C]. 2015 IEEE International Conference on Computer Vision, Santiago, Chile, 2015: 1440–1448.
    [106]
    REDMON J, DIVVALA S, GIRSHICK R, et al. You only look once: Unified, real-time object detection[C]. 2016 IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, USA, 2016: 779–788.
    [107]
    CHOW K H, LIU Ling, LOPER M, et al. Adversarial objectness gradient attacks in real-time object detection systems[C]. 2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), Atlanta, USA, 2020: 263–272.
    [108]
    WANG Yajie, LV Haoran, KUANG Xiaohui, et al. Towards a physical-world adversarial patch for blinding object detection models[J]. Information Sciences, 2021, 556: 459–471. doi: 10.1016/j.ins.2020.08.087
    [109]
    张磊, 陈晓晴, 郑熠宁, 等. 电磁超表面与信息超表面[J]. 电波科学学报, 2021, 36(6): 817–828. doi: 10.12265/j.cjors.2021218

    ZHANG Lei, CHEN Xiaoqing, ZHENG Yining, et al. Electromagnetic metasurfaces and information metasurfaces[J]. Chinese Journal of Radio Science, 2021, 36(6): 817–828. doi: 10.12265/j.cjors.2021218
    • Relative Articles
    • Supplements(0)
    • Cited By
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索
    Get Citation
    PDF
    XML
    Article views(1014) PDF downloads(301) Cited by()
    Proportional views
    Related

    京ICP备20021838号-8   Supported by: Beijing Renhe Information Technology Co. Ltd   百度统计

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return