poster

Adversarial examples in remote sensing

Authors:

Wojciech Czaja,

Michael Pekala,

Christopher Ratto,

I-Jeng WangAuthors Info & Claims

SIGSPATIAL '18: Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems

Pages 408 - 411

https://doi.org/10.1145/3274895.3274904

Published: 06 November 2018 Publication History

Abstract

This paper considers attacks against machine learning algorithms used in remote sensing applications. The remote sensing domain presents a suite of challenges that are not fully addressed by current research focused on natural image data. In this paper we present a new study of adversarial examples in the context of satellite image classification problems. Using a recently curated data set and associated classifier, we provide a preliminary analysis of adversarial examples in settings where the targeted classifier is permitted multiple observations of the same location over time. While our experiments to date are purely digital, our problem setup incorporates a number of practical considerations that an attacker would need to take into account when mounting physical attacks.

References

[1]

Anish Athalye and Nicholas Carlini. 2018. On the Robustness of the CVPR 2018 White-Box Adversarial Example Defenses. arXivpreprint arXiv:1804.03286 (2018).

[2]

Anish Athalye, Nicholas Carlini, and David Wagner. 2018. Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. arXiv preprint arXiv:1802.00420 (2018).

[3]

Anish Athalye and Ilya Sutskever. 2017. Synthesizing robust adversarial examples. arXiv preprint arXiv:1707.07397 (2017).

[4]

Tom B Brown, Dandelion Mané, Aurko Roy, Martín Abadi, and Justin Gilmer. 2017. Adversarial patch. arXiv preprint arXiv:1712.09665 (2017).

[5]

Nicholas Carlini and David Wagner. 2017. Adversarial examples are not easily detected: Bypassing ten detection methods. In Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security. ACM, 3-14.

Digital Library

[6]

Shang-Tse Chen, Cory Cornelius, Jason Martin, and Duen Horng Chau. 2018. Robust Physical Adversarial Attack on Faster R-CNN Object Detector. arXiv preprint arXiv:1804.05810 (2018).

[7]

Gordon Christie, Neil Fendley, James Wilson, and Ryan Mukherjee. 2017. Functional Map of the World. arXiv preprint arXiv:1711.07846 (2017).

[8]

Wojciech Czaja, Neil Fendley, Michael Pekala, Christopher Ratto, and I-Jeng Wang. 2018. Adversarial Examples in Remote Sensing. arXiv:1805.10997 (2018).

[9]

DigitalGlobe. 2013. IKONOS: Data Sheet. (2013). https://dg-cms-uploads-production.s3.amazonaws.com/uploads/document/file/96/DG_IKONOS_DS.pdf {Online; accessed 11-May-2018}.

[10]

Ivan Evtimov, Kevin Eykholt, Earlence Fernandes, Tadayoshi Kohno, Bo Li, Atul Prakash, Amir Rahmati, and Dawn Song. 2017. Robust Physical-World Attacks on Deep Learning Models. arXiv preprint arXiv:1707.08945 1 (2017).

[11]

Fartash Faghri, Ian Goodfellow, Justin Gilmer, Luke Metz, Maithra Raghu, and Sam Schoenholz. 2018. Adversarial Spheres. (2018).

[12]

Alhussein Fawzi, Seyed-Mohsen Moosavi-Dezfooli, and Pascal Frossard. 2016. Robustness of classifiers: from adversarial to random noise. In Advances in Neural Information Processing Systems. 1632-1640.

Digital Library

[13]

Alhussein Fawzi, Seyed-Mohsen Moosavi-Dezfooli, and Pascal Frossard. 2017. The Robustness of Deep Networks: A Geometrical Perspective. IEEE Signal Processing Magazine 34, 6 (2017), 50-62.

[14]

Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).

[15]

Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533 (2016).

[16]

Jiajun Lu, Hussein Sibai, Evan Fabry, and David Forsyth. 2017. No need to worry about adversarial examples in object detection in autonomous vehicles. arXiv preprint arXiv:1707.03501 (2017).

[17]

Volodymyr Mnih and Geoffrey E Hinton. 2010. Learning to detect roads in high-resolution aerial images. In European Conference on Computer Vision. Springer.

Digital Library

[18]

Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z Berkay Celik, and Ananthram Swami. 2016. Practical black-box attacks against deep learning systems using adversarial examples. arXiv preprint (2016).

[19]

Nicolas Papernot, Patrick McDaniel, Somesh Jha, Matt Fredrikson, Z Berkay Celik, and Ananthram Swami. 2016. The limitations of deep learning in adversarial settings. In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on. IEEE, 372-387.

[20]

Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013).

Cited By

Islam KWu HXin CNing RZhu LLi J(2024)Sub-Band Backdoor Attack in Remote Sensing ImageryAlgorithms10.3390/a1705018217:5(182)Online publication date: 28-Apr-2024
https://doi.org/10.3390/a17050182
Li YLi ZSu AWang KWang ZYu Q(2024)Semisupervised Cross-Domain Remote Sensing Scene Classification via Category-Level Feature Alignment NetworkIEEE Transactions on Geoscience and Remote Sensing10.1109/TGRS.2024.339298462(1-14)Online publication date: 2024
https://doi.org/10.1109/TGRS.2024.3392984
Zhou YSun SJiang XXu GHu FZhang ZLiu X(2024)DGA: Direction-Guided Attack Against Optical Aerial Detection in Camera Shooting Direction-Agnostic ScenariosIEEE Transactions on Geoscience and Remote Sensing10.1109/TGRS.2024.338748662(1-22)Online publication date: 2024
https://doi.org/10.1109/TGRS.2024.3387486
Show More Cited By

Index Terms

Adversarial examples in remote sensing
1. Computing methodologies
  1. Artificial intelligence
    1. Computer vision
      1. Computer vision problems
        Object recognition
  2. Machine learning
    1. Machine learning approaches
      1. Neural networks

Recommendations

Adversarial perturbation in remote sensing image recognition
Abstract
Recent works have demonstrated that current deep neural networks suffer from small but intentional perturbation during the testing phase of the model. Such perturbations aiming at misclassifying the model’s inputs produce adversarial ...
Highlights
- Machine learning models exhibit vulnerabilities along the machine learning pipeline.
Adversarial examples: A survey of attacks and defenses in deep learning-enabled cybersecurity systems
Abstract
Over the last few years, the adoption of machine learning in a wide range of domains has been remarkable. Deep learning, in particular, has been extensively used to drive applications and services in specializations such as computer vision, ...
Highlights
- A taxonomy of cybersecurity applications is established.
- Adversarial machine learning is systematically overviewed.
- An extensive, curated list of cybersecurity-related datasets is provided.
- Methods for generating adversarial ...
DeepMTD: Moving Target Defense for Deep Visual Sensing against Adversarial Examples
Deep learning-based visual sensing has achieved attractive accuracy but is shown vulnerable to adversarial attacks. Specifically, once the attackers obtain the deep model, they can construct adversarial examples to mislead the model to yield wrong ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGSPATIAL '18: Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems

November 2018

655 pages

ISBN:9781450358897

DOI:10.1145/3274895

General Chairs:
Farnoush Banaei-Kashani
University of Colorado, Denver
,
Erik Hoel
Esri
,
Program Chairs:
Ralf Hartmut Güting
FernUniversität in Hagen, Germany
,
Roberto Tamassia
Brown University
,
Li Xiong
Emory University

Copyright © 2018 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGSPATIAL: ACM Special Interest Group on Spatial Information

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2018

Check for updates

Author Tags

Qualifiers

Poster

Conference

SIGSPATIAL '18

Sponsor:

SIGSPATIAL

SIGSPATIAL '18: 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems

November 6 - 9, 2018

Washington, Seattle

Acceptance Rates

SIGSPATIAL '18 Paper Acceptance Rate 30 of 150 submissions, 20%;

Overall Acceptance Rate 220 of 1,116 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

48
Total Citations
View Citations
464
Total Downloads

Downloads (Last 12 months)84
Downloads (Last 6 weeks)9

Reflects downloads up to 26 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Islam KWu HXin CNing RZhu LLi J(2024)Sub-Band Backdoor Attack in Remote Sensing ImageryAlgorithms10.3390/a1705018217:5(182)Online publication date: 28-Apr-2024
https://doi.org/10.3390/a17050182
Li YLi ZSu AWang KWang ZYu Q(2024)Semisupervised Cross-Domain Remote Sensing Scene Classification via Category-Level Feature Alignment NetworkIEEE Transactions on Geoscience and Remote Sensing10.1109/TGRS.2024.339298462(1-14)Online publication date: 2024
https://doi.org/10.1109/TGRS.2024.3392984
Zhou YSun SJiang XXu GHu FZhang ZLiu X(2024)DGA: Direction-Guided Attack Against Optical Aerial Detection in Camera Shooting Direction-Agnostic ScenariosIEEE Transactions on Geoscience and Remote Sensing10.1109/TGRS.2024.338748662(1-22)Online publication date: 2024
https://doi.org/10.1109/TGRS.2024.3387486
Wang XMei SLian JLu Y(2024)Fooling Aerial Detectors by Background Attack via Dual-Adversarial-Induced Error IdentificationIEEE Transactions on Geoscience and Remote Sensing10.1109/TGRS.2024.338653362(1-16)Online publication date: 2024
https://doi.org/10.1109/TGRS.2024.3386533
Xu YXu YJiao HGao ZZhang L(2024) S 3 ANet: Spatial-Spectral Self-Attention Learning Network for Defending Against Adversarial Attacks in Hyperspectral Image Classification IEEE Transactions on Geoscience and Remote Sensing10.1109/TGRS.2024.3381824(1-1)Online publication date: 2024
https://doi.org/10.1109/TGRS.2024.3381824
Bai TCao YXu YWen B(2024)Stealthy Adversarial Examples for Semantic Segmentation in Remote SensingIEEE Transactions on Geoscience and Remote Sensing10.1109/TGRS.2024.337700962(1-17)Online publication date: 2024
https://doi.org/10.1109/TGRS.2024.3377009
Zhang YChen JLiu LChen KShi ZZou Z(2024)Generating Imperceptible and Cross-Resolution Remote Sensing Adversarial Examples Based on Implicit Neural RepresentationsIEEE Transactions on Geoscience and Remote Sensing10.1109/TGRS.2023.334937362(1-15)Online publication date: 2024
https://doi.org/10.1109/TGRS.2023.3349373
Zhu RMa SLian JHe LMei S(2024)Generating Adversarial Examples Against Remote Sensing Scene Classification via Feature ApproximationIEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing10.1109/JSTARS.2024.339978017(10174-10187)Online publication date: 2024
https://doi.org/10.1109/JSTARS.2024.3399780
Peng XShi JZhou DHu Y(2024)IOPA-FracAT: Research on Improved One-pixel Adversarial Attack and Fractional Defense in Hyperspectral Image Classification2024 36th Chinese Control and Decision Conference (CCDC)10.1109/CCDC62350.2024.10588229(1527-1532)Online publication date: 25-May-2024
https://doi.org/10.1109/CCDC62350.2024.10588229
Huang RChen LZheng JZhang QYu X(2024)Adversarial Attacks Against Object Detection in Remote Sensing ImagesArtificial Intelligence Security and Privacy10.1007/978-981-99-9785-5_25(358-367)Online publication date: 4-Feb-2024
https://doi.org/10.1007/978-981-99-9785-5_25
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents