TY - JOUR
T1 - DE-JSMA:面向 SAR-ATR 模型的稀疏对抗攻击算法
AU - Jin, Xiaying
AU - Li, Yang
AU - Pan, Quan
N1 - Publisher Copyright:
©2023 Journal of Northwestern Polytechnical University.
PY - 2023/12
Y1 - 2023/12
N2 - The vulnerability of DNN makes the SAR-ATR system that uses an intelligent algorithm for recognition also somewhat vulnerable. In order to verify the vulnerability, this paper proposes DE-JSMA, a novel sparse adversarial attack algorithm based on a salient map′s adversarial attack algorithm and differential evolution algorithm, with the synthetic aperture radar (SAR) image feature sparsity considered. After accurately screening out the salient features that have a great impact on the model inference results, the DE-JSMA algorithm optimizes the appropriate feature values for the salient features. In order to verify its effectiveness more comprehensively, a new metric that combines the attack success rate with the average confidence interval of adversarial examples is proposed. The experimental results show that DE-JSMA extends JSMA, which can be used only for targeted attack scenario, to untargeted attack scenario without increasing too much time consumption but ensuring a high attack success rate, thus achieving sparse adversarial attack with higher reliability and better sparsity in both attack scenarios. The pixel perturbations of only 0.31% and 0.85% can achieve the untargeted and targeted attack success rates up to 100% and 78.79% respectively.
AB - The vulnerability of DNN makes the SAR-ATR system that uses an intelligent algorithm for recognition also somewhat vulnerable. In order to verify the vulnerability, this paper proposes DE-JSMA, a novel sparse adversarial attack algorithm based on a salient map′s adversarial attack algorithm and differential evolution algorithm, with the synthetic aperture radar (SAR) image feature sparsity considered. After accurately screening out the salient features that have a great impact on the model inference results, the DE-JSMA algorithm optimizes the appropriate feature values for the salient features. In order to verify its effectiveness more comprehensively, a new metric that combines the attack success rate with the average confidence interval of adversarial examples is proposed. The experimental results show that DE-JSMA extends JSMA, which can be used only for targeted attack scenario, to untargeted attack scenario without increasing too much time consumption but ensuring a high attack success rate, thus achieving sparse adversarial attack with higher reliability and better sparsity in both attack scenarios. The pixel perturbations of only 0.31% and 0.85% can achieve the untargeted and targeted attack success rates up to 100% and 78.79% respectively.
KW - adversarial attack
KW - automatic target recognition
KW - deep learning
KW - sparse attack
KW - synthetic aperture radar
UR - http://www.scopus.com/inward/record.url?scp=85181702638&partnerID=8YFLogxK
U2 - 10.1051/jnwpu/20234161170
DO - 10.1051/jnwpu/20234161170
M3 - 文章
AN - SCOPUS:85181702638
SN - 1000-2758
VL - 41
SP - 1170
EP - 1178
JO - Xibei Gongye Daxue Xuebao/Journal of Northwestern Polytechnical University
JF - Xibei Gongye Daxue Xuebao/Journal of Northwestern Polytechnical University
IS - 6
ER -