首页 > , Vol. , Issue () : -
Deep neural network based multiple source remote sensing image recognition systems have been widely used in many military scenarios such as aerospace intelligence reconnaissance, unmanned aerial vehicle for autonomous environmental cognition and multimode automatic target recognition systems. Deep learning models rely on the assumption that the training data and the testing data are from the same distribution. The performance drops under common corruption or adversarial attacks. In the remote sensing community, the adversarial robustness of deep neural network based recognition models have not received much attention. This raises great risks for many security-sensitive applications. This article evaluates the adversarial robustness of deep neural network based recognition models for multiple source remote sensing images. Firstly, we discuss the incompleteness of deep learning theory and reveal that there exist great security risks. The independent identical distribution assumption is often violated and the system performance cannot be guaranteed under adversarial scenarios. The whole process chain of deep neural network based image recognition system is then analyzed with respect to vulnerabilities. Secondly, we give a detailed introduction of several representative algorithms for adversarial example generation under both white-box settings and black-box settings. Gradient propagation based visualization method is also presented for the analysis of adversarial attacks. We perform a detailed evaluation of nine deep neural networks across two public available remote sensing images datasets. Both optical remote sensing images and SAR remote sensing images are used in our experiments. For each model, seven different perturbations, ranging from gradient based optimization to unsupervised feature distortion, are generated for each testing image. In all cases, we find that there is a significant drop of average classification accuracy between the original clean data and their adversarial images. Besides adversarial average recognition accuracy, feature attribution techniques have also been adopted to analyze the feature diffusion effect of adversarial attacks, which promotes the understanding of vulnerability of deep learning models. Experimental results demonstrate that all the deep neural networks have suffered great loss in terms of classification accuracy when the testing images are adversarial examples. Understanding this adversarial phenomena leads us to better understand the inner workings of deep learning models. Much efforts are needed to increase the adversarial robustness of deep learning models.