Table of Contents
Fetching ...

Noise-Aware and Dynamically Adaptive Federated Defense Framework for SAR Image Target Recognition

Yuchao Hou, Zixuan Zhang, Jie Wang, Wenke Huang, Lianhui Liang, Di Wu, Zhiquan Liu, Youliang Tian, Jianming Zhu, Jisheng Dang, Junhao Dong, Zhongliang Guo

TL;DR

The paper addresses privacy-preserving SAR image target recognition in federated settings, where backdoor attacks are exacerbated by multiplicative Gamma speckle. It introduces NADAFD, a SAR-tailored, closed-loop defense combining frequency-domain cross-client analysis (FDCI), Gamma-speckle-aware adversarial training (NAAT), and dynamic health-based aggregation (DHAT) to mitigate backdoors while preserving clean accuracy. The approach is validated on MSTAR and OpenSARShip, showing higher ACC and lower ASR than baselines, with ablations confirming each component's contribution. The work advances trustworthy distributed SAR intelligence by delivering a robust, adaptable defense suitable for real-world remote sensing deployments, and points to further efficiency optimizations for IoT-CI nodes.

Abstract

As a critical application of computational intelligence in remote sensing, deep learning-based synthetic aperture radar (SAR) image target recognition facilitates intelligent perception but typically relies on centralized training, where multi-source SAR data are uploaded to a single server, raising privacy and security concerns. Federated learning (FL) provides an emerging computational intelligence paradigm for SAR image target recognition, enabling cross-site collaboration while preserving local data privacy. However, FL confronts critical security risks, where malicious clients can exploit SAR's multiplicative speckle noise to conceal backdoor triggers, severely challenging the robustness of the computational intelligence model. To address this challenge, we propose NADAFD, a noise-aware and dynamically adaptive federated defense framework that integrates frequency-domain, spatial-domain, and client-behavior analyses to counter SAR-specific backdoor threats. Specifically, we introduce a frequency-domain collaborative inversion mechanism to expose cross-client spectral inconsistencies indicative of hidden backdoor triggers. We further design a noise-aware adversarial training strategy that embeds $Γ$-distributed speckle characteristics into mask-guided adversarial sample generation to enhance robustness against both backdoor attacks and SAR speckle noise. In addition, we present a dynamic health assessment module that tracks client update behaviors across training rounds and adaptively adjusts aggregation weights to mitigate evolving malicious contributions. Experiments on MSTAR and OpenSARShip datasets demonstrate that NADAFD achieves higher accuracy on clean test samples and a lower backdoor attack success rate on triggered inputs than existing federated backdoor defenses for SAR target recognition.

Noise-Aware and Dynamically Adaptive Federated Defense Framework for SAR Image Target Recognition

TL;DR

The paper addresses privacy-preserving SAR image target recognition in federated settings, where backdoor attacks are exacerbated by multiplicative Gamma speckle. It introduces NADAFD, a SAR-tailored, closed-loop defense combining frequency-domain cross-client analysis (FDCI), Gamma-speckle-aware adversarial training (NAAT), and dynamic health-based aggregation (DHAT) to mitigate backdoors while preserving clean accuracy. The approach is validated on MSTAR and OpenSARShip, showing higher ACC and lower ASR than baselines, with ablations confirming each component's contribution. The work advances trustworthy distributed SAR intelligence by delivering a robust, adaptable defense suitable for real-world remote sensing deployments, and points to further efficiency optimizations for IoT-CI nodes.

Abstract

As a critical application of computational intelligence in remote sensing, deep learning-based synthetic aperture radar (SAR) image target recognition facilitates intelligent perception but typically relies on centralized training, where multi-source SAR data are uploaded to a single server, raising privacy and security concerns. Federated learning (FL) provides an emerging computational intelligence paradigm for SAR image target recognition, enabling cross-site collaboration while preserving local data privacy. However, FL confronts critical security risks, where malicious clients can exploit SAR's multiplicative speckle noise to conceal backdoor triggers, severely challenging the robustness of the computational intelligence model. To address this challenge, we propose NADAFD, a noise-aware and dynamically adaptive federated defense framework that integrates frequency-domain, spatial-domain, and client-behavior analyses to counter SAR-specific backdoor threats. Specifically, we introduce a frequency-domain collaborative inversion mechanism to expose cross-client spectral inconsistencies indicative of hidden backdoor triggers. We further design a noise-aware adversarial training strategy that embeds -distributed speckle characteristics into mask-guided adversarial sample generation to enhance robustness against both backdoor attacks and SAR speckle noise. In addition, we present a dynamic health assessment module that tracks client update behaviors across training rounds and adaptively adjusts aggregation weights to mitigate evolving malicious contributions. Experiments on MSTAR and OpenSARShip datasets demonstrate that NADAFD achieves higher accuracy on clean test samples and a lower backdoor attack success rate on triggered inputs than existing federated backdoor defenses for SAR target recognition.
Paper Structure (32 sections, 27 equations, 9 figures, 6 tables, 1 algorithm)

This paper contains 32 sections, 27 equations, 9 figures, 6 tables, 1 algorithm.

Figures (9)

  • Figure 1: Comparison of three learning paradigms for SAR target recognition. (a) Centralized learning. (b) Federated learning with security risks. (c) Our proposed defence framework.
  • Figure 2: Pipeline of our proposed framework.
  • Figure 3: The DHAT mechanism defends against poisoning attacks by evaluating client reliability and dynamically adjusting aggregation weights.
  • Figure 4: The MSTAR dataset includes ten target categories with SAR images. (a) 2S1, (b) BMP2, (c) BRDM2, (d) BTR60, (e) BTR70, (f) D7, (g) T62, (h) T72, (i) ZIL131, (j) ZSU234.
  • Figure 5: The OpenSARShip dataset includes six target categories with SAR images. (a) Bulk Carrier, (b) Container Ship, (c) Tanker, (d) Cargo Ship, (e) Fishing, (f) General Cargo.
  • ...and 4 more figures