SAR-ATR系统复数对抗样本生成方法

doi:10.3969/j.issn.0255-8297.2024.05.003

应用科学学报 ›› 2024, Vol. 42 ›› Issue (5): 747-756.doi: 10.3969/j.issn.0255-8297.2024.05.003

• 信号与信息处理 • 上一篇

SAR-ATR系统复数对抗样本生成方法

张梦君, 熊邦书

南昌航空大学图像处理与模式识别江西省重点实验室, 江西南昌 330063

收稿日期:2023-12-11 发布日期:2024-09-29
通信作者: 熊邦书，教授，研究方向为模式识别、智能信号处理和图形处理。E-mail:xiongbs@126.com E-mail:xiongbs@126.com
基金资助:
国家自然科学基金（No.61866027）；江西省重点研发计划（No.20212BBE53017）资助

Plural Adversarial Sample Generation Method for SAR-ATR System

ZHANG Mengjun, XIONG Bangshu

Key Laboratory of Image Processing and Pattern Recognition of Jiangxi Province, Nanchang Hangkong University, Nanchang 330063, Jiangxi, China

Received:2023-12-11 Published:2024-09-29

摘要/Abstract

摘要： 针对现有对抗攻击方法只能用于攻击实数卷积神经网络这一限制，提出了一种基于生成对抗网络的复数对抗样本生成方法。首先，设计了一种产生有效对抗样本的复数模型，并引入了复数计算模块；其次，利用残差神经网络作为基本骨架，将预训练的复数网络作为判别器实现对抗训练，以增强对抗样本的攻击能力；最后，通过替代模型实现可迁移的对抗攻击，以此实现了更高的攻击成功率。实验结果表明，所提方法在有目标攻击和无目标攻击任务下的成功率分别达到了76.338%和87.841%，迁移的成功率更高且对抗样本与原始干净样本更为接近。所提方法将对抗攻击扩展到复数神经网络后，避免了合成孔径雷达目标信息和精度的丢失，为实际合成孔径雷达自动目标识别系统的安全性和鲁棒性提供了参考方案。

关键词: 生成对抗网络, 对抗样本, 合成孔径雷达自动目标识别系统, 复数卷积神经网络, 有目标攻击, 无目标攻击

Abstract: Existing adversarial attack methods are limited to real-valued convolutional neural networks. To address this limitation, this paper proposes a complex adversarial sample generation method based on generative adversarial networks. Firstly, a complex model for generating effective adversarial samples is designed by introducing complex computation modules. Secondly, a pre-trained complex network is used as the discriminator in adversarial training, with a residual neural network serving as the basic framework, to enhance the attack capability of adversarial samples. Finally, transferable adversarial attacks are achieved through substitute models, resulting in higher attack success rates. Experimental results demonstrate that the success rates of the proposed method in targeted and untargeted attack tasks reach 76.338% and 87.841%, respectively, with higher transferability and closer resemblance between adversarial and original clean samples. By extending adversarial attacks to complex neural networks, this method preserves synthetic aperture radar (SAR) target information and accuracy, providing a reference solution for the security and robustness of practical synthetic aperture radar automatic target recognition (SAR-ATR) systems.

Key words: generative adversarial networks, adversarial examples, synthetic aperture radar automatic target recognition (SAR-ATR), plural convolutional neural networks, targeted attack, untargeted attack

中图分类号:

TP391

张梦君, 熊邦书. SAR-ATR系统复数对抗样本生成方法[J]. 应用科学学报, 2024, 42(5): 747-756.

ZHANG Mengjun, XIONG Bangshu. Plural Adversarial Sample Generation Method for SAR-ATR System[J]. Journal of Applied Sciences, 2024, 42(5): 747-756.

参考文献

[1] Xu G, Zhang B, Yu H, et al. Sparse synthetic aperture radar imaging from compressed sensing and machine learning: theories, applications, and trends [J]. IEEE Geoscience and Remote Sensing Magazine, 2022, 10(4): 32-69.
[2] Huang T, Zhang Q X, Liu J B, et al. Adversarial attacks on deep-learning-based SAR image target recognition [J]. Journal of Network and Computer Applications, 2020, 162: 102632.
[3] 张帆, 闫敏超, 倪军, 等. 高阶条件随机场引导的多分支极化SAR图像分类[J]. 中国图象图形学报, 2023, 28(10): 3267-3280. Zhang F, Yan M C, Ni J, et al. High-order conditional random fields-relevant multi-branch polarimetric SAR image classification [J]. Journal of Image and Graphics, 2023, 28(10): 3267- 3280. (in Chinese)
[4] Zeng Z Q, Sun J P, Han Z, et al. SAR automatic target recognition method based on multistream complex-valued networks [J]. IEEE Transactions on Geoscience and Remote Sensing, 2022, 60: 5228618.
[5] Dai T, Feng Y, Chen B, et al. Deep image prior based defense against adversarial examples [J]. Pattern Recognition, 2022, 122: 108249.
[6] Yue Z Y, Gao F, Xiong Q X, et al. A novel semi-supervised convolutional neural network method for synthetic aperture radar image recognition [J]. Cognitive Computation, 2021, 13(4): 795-806.
[7] 张世辉, 张晓微, 宋丹丹, 等. 基于逆扰动融合生成对抗网络的对抗样本防御方法[J]. 电子学报, 2023, 51(4): 879-884. Zhang S H, Zhang X W, Song D D, et al. Adversarial example defense method based on inverse perturbation fusing generative adversarial network [J]. Acta Electronica Sinica, 2023, 51(4): 879-884. (in Chinese)
[8] Zhang L B, Leng X G, Feng S J, et al. Domain knowledge powered two-stream deep network for few-shot SAR vehicle recognition [J]. IEEE Transactions on Geoscience and Remote Sensing, 2021, 60: 5215315.
[9] Joriani M, Seifi H, Varjani A Y, et al. An optimization-based approach to recover the detected attacked grid variables after false data injection attack [J]. IEEE Transactions on Smart Grid, 2021, 12(6): 5322-5334.
[10] Li C, Wang H D, Zhang J, et al. An approximated gradient sign method using differential evolution for black-box adversarial attack [J]. IEEE Transactions on Evolutionary Computation, 2022, 26(5): 976-990.
[11] Liu X, Hsieh C J. Rob-GAN: generator, discriminator, and adversarial attacker [C]// IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2019: 11234-11243.
[12] 高勋章, 张志伟, 刘梅, 等. 雷达像智能识别对抗研究进展[J]. 雷达学报, 2023, 12(4): 696-712. Gao X Z, Zhang Z W, Liu M, et al. Intelligent radar image recognition countermeasures: a review [J]. Journal of Radars, 2023, 12(4): 696-712. (in Chinese)
[13] Wang Z, Yang H S, Feng Y H, et al. Towards transferable targeted adversarial examples [C]//IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2023: 20534-20543.
[14] Feng Y, Wu B, et al. CG-ATTACK: modeling the conditional distribution of adversarial perturbations to boost black-box attack [C]//IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2022: 15095-15104.
[15] Zhou M Y, Wu J, Liu Y P, et al. DaST: data-free substitute training for adversarial attacks [C]//IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2020: 231-240.

SAR-ATR系统复数对抗样本生成方法

Plural Adversarial Sample Generation Method for SAR-ATR System

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 9

编辑推荐

Metrics

本文评价

[1]	王娜, 朱会娟, 宋香梅, 冯霞. 一种基于领域自适应的智能合约安全分析框架[J]. 应用科学学报, 2024, 42(4): 585-597.
[2]	秦静, 韩悦, 王立永, 季长清, 刘璐, 汪祖民. 基于GAN和MS-ResNet的房颤自动检测模型[J]. 应用科学学报, 2024, 42(1): 15-26.
[3]	张春森, 朱江乐, 张学芬, 刘旭东, 史书. 融合自注意力机制与生成对抗网络的DEM空洞填充[J]. 应用科学学报, 2023, 41(5): 789-800.
[4]	曾静, 李莹, 戚小莎, 吉根林. 多层记忆增强生成对抗网络二次预测的视频异常检测方法[J]. 应用科学学报, 2023, 41(1): 80-94.
[5]	聂江华, 肖永生, 黄丽贞, 贺丰收. 基于时频分析与深度学习的高分辨距离像雷达目标识别[J]. 应用科学学报, 2022, 40(6): 973-983.
[6]	雷前慧, 潘丽丽, 邵伟志, 胡海鹏, 黄瑶. 基于三重注意力机制的新冠肺炎病灶分割模型[J]. 应用科学学报, 2022, 40(1): 105-115.
[7]	刘星宏, 王英, 王鑫, 兰书梅. 基于生成对抗网络的异质信息网络表征学习[J]. 应用科学学报, 2021, 39(4): 532-544.
[8]	朱翌明, 陈帆, 和红杰, 陈鸿佑. 基于秘密信息驱动的正交GAN信息隐藏模型[J]. 应用科学学报, 2019, 37(5): 721-732.
[9]	刘明明, 张敏情, 刘佳, 高培贤, 张英男. 基于生成对抗网络的无载体信息隐藏[J]. 应用科学学报, 2018, 36(2): 371-382.