On the Adversarial Vulnerabilities of Transfer Learning in Remote Sensing

TL;DR

This paper introduces a novel adversarial attack method that manipulates neurons in pretrained models to expose vulnerabilities in remote sensing transfer learning, highlighting security risks and the need for robust defenses.

Contribution

It proposes a domain-agnostic, efficient adversarial neuron manipulation technique that outperforms existing methods in attacking transfer learning models in remote sensing.

Findings

Effective transferability of perturbations across models and datasets

Revealed critical vulnerabilities in deep learning models for remote sensing

Highlights security risks in transfer learning applications

Abstract

The use of pretrained models from general computer vision tasks is widespread in remote sensing, significantly reducing training costs and improving performance. However, this practice also introduces vulnerabilities to downstream tasks, where publicly available pretrained models can be used as a proxy to compromise downstream models. This paper presents a novel Adversarial Neuron Manipulation method, which generates transferable perturbations by selectively manipulating single or multiple neurons in pretrained models. Unlike existing attacks, this method eliminates the need for domain-specific information, making it more broadly applicable and efficient. By targeting multiple fragile neurons, the perturbations achieve superior attack performance, revealing critical vulnerabilities in deep learning models. Experiments on diverse models and remote sensing datasets validate the effectiveness of the proposed method. This low-access adversarial neuron manipulation technique highlights a significant security risk in transfer learning models, emphasizing the urgent need for more robust defenses in their design when addressing the safety-critical remote sensing tasks.