Adversarial attack on GNN-based SAR image classifier

Tian Ye; Rajgopal Kannan; Viktor Prasanna; Carl Busart

doi:10.1117/12.2666030

12 June 2023 Adversarial attack on GNN-based SAR image classifier

Tian Ye, Rajgopal Kannan, Viktor Prasanna, Carl Busart

Author Affiliations +

Proceedings Volume 12538, Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications V; 1253812 (2023) https://doi.org/10.1117/12.2666030
Event: SPIE Defense + Commercial Sensing, 2023, Orlando, Florida, United States

Abstract

Synthetic Aperture Radar (SAR) Automatic Target Recognition (ATR) is a key technique in remote-sensing image recognition. The state-of-the-art Graph Neural Network (GNN) has achieved 99.09% accuracy on the MSTAR dataset. However, robustness is a critical concern when an adversary can add carefully crafted noise to the test image and mislead the classifier to give wrong output. In this work, we study the vulnerability of the state-of-the-art GNN-based SAR image classifier and show the feasibility of decreasing its accuracy by manipulating test images using the Fast Gradient Sign Method (FGSM). The intuition is that misclassifications are more likely to occur when the loss is high. For each SAR image, we add noise to every pixel, such that the perturbed image will be misclassified by the GNN model. For each pixel, the noise is determined by the gradient of the loss with respect to the pixel. Also, we guarantee that the noise values are sufficiently small such that the perturbation will be unnoticeable to human eyes. We conduct experiments by applying the attack on the 2425 test images from the MSTAR dataset. In our experiments, the accuracy of the target GNN drastically drops from 99.09% to 11.79% after we change each normalized pixel value (in [0, 1]) of the test images by less than 3/255.

Citation Download Citation

Tian Ye, Rajgopal Kannan, Viktor Prasanna, and Carl Busart "Adversarial attack on GNN-based SAR image classifier", Proc. SPIE 12538, Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications V, 1253812 (12 June 2023); https://doi.org/10.1117/12.2666030

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

;

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
5 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Synthetic aperture radar

Image classification

Automatic target recognition

Defense and security

Machine learning

Neural networks

RELATED CONTENT

PAHD perception action based human decision making using explainable...
Proceedings of SPIE (June 13 2023)

Uncertainty-informed SAR image classification with Bayesian neural networks
Proceedings of SPIE (June 07 2024)

SAR ATR analysis and implications for learning
Proceedings of SPIE (June 07 2024)

Modern approaches in deep learning for SAR ATR
Proceedings of SPIE (May 14 2016)

SAR target recognition and posture estimation using spatial pyramid pooling...
Proceedings of SPIE (January 12 2018)

Generating simulated SAR images using Generative Adversarial Network
Proceedings of SPIE (September 17 2018)

Graph pretraining approach to utilize synthetic data for SAR ATR
Proceedings of SPIE (June 07 2024)

Subscribe to Digital Library

Receive Erratum Email Alert

Keywords/Phrases

Search In:

Publication Years