Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Uncertainty-Aware SAR ATR: Defending Against Adversarial Attacks via Bayesian Neural Networks

Tian Ye, Rajgopal Kannan, Viktor Prasanna, Carl Busart

TL;DR

A novel uncertainty-aware SAR ATR that leverages the capability of Bayesian Neural Networks in performing image classification with quantified epistemic uncertainty to measure the confidence for each input SAR image and alerts when the input SAR image is likely to be adversarially generated.

Abstract

Adversarial attacks have demonstrated the vulnerability of Machine Learning (ML) image classifiers in Synthetic Aperture Radar (SAR) Automatic Target Recognition (ATR) systems. An adversarial attack can deceive the classifier into making incorrect predictions by perturbing the input SAR images, for example, with a few scatterers attached to the on-ground objects. Therefore, it is critical to develop robust SAR ATR systems that can detect potential adversarial attacks by leveraging the inherent uncertainty in ML classifiers, thereby effectively alerting human decision-makers. In this paper, we propose a novel uncertainty-aware SAR ATR for detecting adversarial attacks. Specifically, we leverage the capability of Bayesian Neural Networks (BNNs) in performing image classification with quantified epistemic uncertainty to measure the confidence for each input SAR image. By evaluating the uncertainty, our method alerts when the input SAR image is likely to be adversarially generated. Simultaneously, we also generate visual explanations that reveal the specific regions in the SAR image where the adversarial scatterers are likely to to be present, thus aiding human decision-making with hints of evidence of adversarial attacks. Experiments on the MSTAR dataset demonstrate that our approach can identify over 80% adversarial SAR images with fewer than 20% false alarms, and our visual explanations can identify up to over 90% of scatterers in an adversarial SAR image.

Uncertainty-Aware SAR ATR: Defending Against Adversarial Attacks via Bayesian Neural Networks

TL;DR

A novel uncertainty-aware SAR ATR that leverages the capability of Bayesian Neural Networks in performing image classification with quantified epistemic uncertainty to measure the confidence for each input SAR image and alerts when the input SAR image is likely to be adversarially generated.

Abstract

Adversarial attacks have demonstrated the vulnerability of Machine Learning (ML) image classifiers in Synthetic Aperture Radar (SAR) Automatic Target Recognition (ATR) systems. An adversarial attack can deceive the classifier into making incorrect predictions by perturbing the input SAR images, for example, with a few scatterers attached to the on-ground objects. Therefore, it is critical to develop robust SAR ATR systems that can detect potential adversarial attacks by leveraging the inherent uncertainty in ML classifiers, thereby effectively alerting human decision-makers. In this paper, we propose a novel uncertainty-aware SAR ATR for detecting adversarial attacks. Specifically, we leverage the capability of Bayesian Neural Networks (BNNs) in performing image classification with quantified epistemic uncertainty to measure the confidence for each input SAR image. By evaluating the uncertainty, our method alerts when the input SAR image is likely to be adversarially generated. Simultaneously, we also generate visual explanations that reveal the specific regions in the SAR image where the adversarial scatterers are likely to to be present, thus aiding human decision-making with hints of evidence of adversarial attacks. Experiments on the MSTAR dataset demonstrate that our approach can identify over 80% adversarial SAR images with fewer than 20% false alarms, and our visual explanations can identify up to over 90% of scatterers in an adversarial SAR image.
Paper Structure (14 sections, 10 equations, 3 figures, 2 tables, 1 algorithm)

This paper contains 14 sections, 10 equations, 3 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Preliminaries and Problem Definition
  3. Bayesian Neural Networks with Uncertainty
  4. Adversarial Attacks on SAR Image Classifiers
  5. Problem Definition
  6. Proposed Method
  7. Detecting Adversarial Inputs by Epistemic Uncertainty
  8. Visual Explanations of Adversarial Attacks
  9. Experiments
  10. Experimental Setup
  11. Metrics
  12. Results for Detection of Adversarial Attacks
  13. Results for Visual Explanation of Adversarial Attacks
  14. Conclusion

Figures (3)

  • Figure 1: Overview of our methods. Left: Classifying an input SAR image and calculating the epistemic uncertainty. (Algorithm 1 is not illustrated.) Right: Visual explanation of adversarial attacks by GBP-BNN.
  • Figure 2: ROC curves of detecting adversarial attacks in SAR images by epistemic uncertainty. The three rows from top to bottom are experiments on AConvNet, AlexNet and LConvNet, respectively. The three columns from left to right are for OTSA-1, OTSA-2 and OTSA-3, respectively. In each subfigure, the solid line is the ROC curve for our method while the dashed line is the ROC curve of no discriminative ability. For each ROC curve, two pairs of (FPR, TPR) are shown as specific examples.
  • Figure 3: Examples of visual explanation of adversarial attacks. Example 1 is for an OTSA-2 attack on LConvNet. Example 2 is for an OTSA-3 attack on LConvNet.