TL;DR
This paper introduces a novel black-box attack method for remote sensing neural networks, demonstrating high transferability of universal adversarial examples and providing a benchmark dataset for future robustness research.
Contribution
The study proposes Mixup-Attack and Mixcut-Attack methods for generating transferable adversarial examples in remote sensing, and releases the UAE-RS dataset for benchmarking defenses.
Findings
High success rates in fooling state-of-the-art models
Universal adversarial examples transfer across different networks
UAE-RS dataset enables robustness evaluation
Abstract
Deep neural networks have achieved great success in many important remote sensing tasks. Nevertheless, their vulnerability to adversarial examples should not be neglected. In this study, we systematically analyze the universal adversarial examples in remote sensing data for the first time, without any knowledge from the victim model. Specifically, we propose a novel black-box adversarial attack method, namely Mixup-Attack, and its simple variant Mixcut-Attack, for remote sensing data. The key idea of the proposed methods is to find common vulnerabilities among different networks by attacking the features in the shallow layer of a given surrogate model. Despite their simplicity, the proposed methods can generate transferable adversarial examples that deceive most of the state-of-the-art deep neural networks in both scene classification and semantic segmentation tasks with high success…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
