Pre-trained and sample-transferable perturbation based adversarial neuron manipulation: revealing the risks of transfer learning in remote sensing

Pre-trained and sample-transferable perturbation based adversarial neuron manipulation: revealing the risks of transfer learning in remote sensing

The classification of remote sensing images has been revolutionized by the advent of deep learning, particularly through the application of transfer learning techniques. However, the susceptibility of these models to adversarial attacks poses significant challenges. Existing adversarial attacks a...

Full description

Saved in:
Bibliographic Details
Main Author: Tian, Xingjian
Other Authors: Wen Bihan
Format: Thesis-Master by Coursework
Language:English
Published: Nanyang Technological University 2024
Subjects:
Computer and Information Science
Adversarial attack
Transfer learning
Deep learning
Remote sensing
Image classification
Neuron manipulation
Robustness of AI
Online Access:https://hdl.handle.net/10356/180881
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-180881
record_format dspace
spelling sg-ntu-dr.10356-1808812024-11-01T15:45:52Z Pre-trained and sample-transferable perturbation based adversarial neuron manipulation: revealing the risks of transfer learning in remote sensing Tian, Xingjian Wen Bihan School of Electrical and Electronic Engineering Satellite Research Centre bihan.wen@ntu.edu.sg Computer and Information Science Adversarial attack Transfer learning Deep learning Remote sensing Image classification Neuron manipulation Robustness of AI The classification of remote sensing images has been revolutionized by the advent of deep learning, particularly through the application of transfer learning techniques. However, the susceptibility of these models to adversarial attacks poses significant challenges. Existing adversarial attacks against transfer learning- based deep models always require domain-specific data or multiple interactions with the model, which are not always available and are of high computational complexity. This paper proposes a novel Adversarial Neuron Manipulation (ANM) method, which generates pre-trained and sample- transferable perturbations to craft adversarial examples. The pre-training process does not require domain-specific information, and these perturbations can be merged with any image that is not involved in the perturbation generation process to create adversarial examples, hence the adversarial neuron manipulation requires lower accessibility to the victim model and is more computationally efficient for the attacker. Experiments on different models with various remote sensing datasets demonstrate the effectiveness of the proposed attack method. By analyzing the vulnerabilities of deep models, perturbations that can manipulate multiple fragile neurons show better attack performance. This low-demand adversarial neuron manipulation attack reveals another risk of transfer learning models and needs to be addressed with more security and robustness measures. Master's degree 2024-10-31T11:14:30Z 2024-10-31T11:14:30Z 2024 Thesis-Master by Coursework Tian, X. (2024). Pre-trained and sample-transferable perturbation based adversarial neuron manipulation: revealing the risks of transfer learning in remote sensing. Master's thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/180881 https://hdl.handle.net/10356/180881 en application/pdf Nanyang Technological University
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Computer and Information Science
Adversarial attack
Transfer learning
Deep learning
Remote sensing
Image classification
Neuron manipulation
Robustness of AI
spellingShingle Computer and Information Science
Adversarial attack
Transfer learning
Deep learning
Remote sensing
Image classification
Neuron manipulation
Robustness of AI
Tian, Xingjian
Pre-trained and sample-transferable perturbation based adversarial neuron manipulation: revealing the risks of transfer learning in remote sensing
description The classification of remote sensing images has been revolutionized by the advent of deep learning, particularly through the application of transfer learning techniques. However, the susceptibility of these models to adversarial attacks poses significant challenges. Existing adversarial attacks against transfer learning- based deep models always require domain-specific data or multiple interactions with the model, which are not always available and are of high computational complexity. This paper proposes a novel Adversarial Neuron Manipulation (ANM) method, which generates pre-trained and sample- transferable perturbations to craft adversarial examples. The pre-training process does not require domain-specific information, and these perturbations can be merged with any image that is not involved in the perturbation generation process to create adversarial examples, hence the adversarial neuron manipulation requires lower accessibility to the victim model and is more computationally efficient for the attacker. Experiments on different models with various remote sensing datasets demonstrate the effectiveness of the proposed attack method. By analyzing the vulnerabilities of deep models, perturbations that can manipulate multiple fragile neurons show better attack performance. This low-demand adversarial neuron manipulation attack reveals another risk of transfer learning models and needs to be addressed with more security and robustness measures.
author2 Wen Bihan
author_facet Wen Bihan
Tian, Xingjian
format Thesis-Master by Coursework
author Tian, Xingjian
author_sort Tian, Xingjian
title Pre-trained and sample-transferable perturbation based adversarial neuron manipulation: revealing the risks of transfer learning in remote sensing
title_short Pre-trained and sample-transferable perturbation based adversarial neuron manipulation: revealing the risks of transfer learning in remote sensing
title_full Pre-trained and sample-transferable perturbation based adversarial neuron manipulation: revealing the risks of transfer learning in remote sensing
title_fullStr Pre-trained and sample-transferable perturbation based adversarial neuron manipulation: revealing the risks of transfer learning in remote sensing
title_full_unstemmed Pre-trained and sample-transferable perturbation based adversarial neuron manipulation: revealing the risks of transfer learning in remote sensing
title_sort pre-trained and sample-transferable perturbation based adversarial neuron manipulation: revealing the risks of transfer learning in remote sensing
publisher Nanyang Technological University
publishDate 2024
url https://hdl.handle.net/10356/180881
_version_ 1814777767785398272

Similar Items