Da Qingan, Zhang Guoyin, Wang Wenshan, Zhao Yingnan, Lu Dan, Li Sizhao, Lang Dapeng
College of Computer Science and Technology, Harbin Engineering University, Harbin 150001, China.
Entropy (Basel). 2023 Sep 7;25(9):1306. doi: 10.3390/e25091306.
Deep neural networks have made great achievements in remote sensing image analyses; however, previous studies have shown that deep neural networks exhibit incredible vulnerability to adversarial examples, which raises concerns about regional safety and production safety. In this paper, we propose an adversarial denoising method based on latent representation guidance for remote sensing image scene classification. In the training phase, we train a variational autoencoder to reconstruct the data using only the clean dataset. At test time, we first calculate the normalized mutual information between the reconstructed image using the variational autoencoder and the reference image as denoised by a discrete cosine transform. The reconstructed image is selectively utilized according to the result of the image quality assessment. Then, the latent representation of the current image is iteratively updated according to the reconstruction loss so as to gradually eliminate the influence of adversarial noise. Because the training of the denoiser only involves clean data, the proposed method is more robust against unknown adversarial noise. Experimental results on the scene classification dataset show the effectiveness of the proposed method. Furthermore, the method achieves better robust accuracy compared with state-of-the-art adversarial defense methods in image classification tasks.
深度神经网络在遥感图像分析中取得了巨大成就;然而,先前的研究表明,深度神经网络对对抗样本表现出令人难以置信的脆弱性,这引发了对区域安全和生产安全的担忧。在本文中,我们提出了一种基于潜在表示引导的对抗去噪方法,用于遥感图像场景分类。在训练阶段,我们训练一个变分自编码器,仅使用干净数据集来重建数据。在测试时,我们首先计算使用变分自编码器重建的图像与经离散余弦变换去噪后的参考图像之间的归一化互信息。根据图像质量评估结果选择性地利用重建图像。然后,根据重建损失迭代更新当前图像的潜在表示,以逐步消除对抗噪声的影响。由于去噪器的训练仅涉及干净数据,因此所提出的方法对未知对抗噪声更具鲁棒性。在场景分类数据集上的实验结果表明了所提出方法的有效性。此外,与图像分类任务中的现有对抗防御方法相比,该方法实现了更好的鲁棒准确率。
