Adversarial Robust Aerial Image Recognition Based on Reactive-Proactive Defense Framework with Deep Ensembles

As a safety-related application, visual systems based on deep neural networks (DNNs) in modern unmanned aerial vehicles (UAVs) show adversarial vulnerability when performing real-time inference. Recently, ensembles with various defensive strategies against samples have drawn much attention due to the increased diversity and reduced variance for their members. Aimed at recognition task of remote sensing images (RSIs), this paper proposes use reactive-proactive ensemble defense framework solve security problem. In reactive defense, we fuse scoring functions several classical detection algorithms hidden features average output confidences from sub-models as second fusion. terms proactive attempt two strategies, including enhancing robustness each sub-model limiting transferability among sub-models. practical applications, RSIs are first input part, which can detect reject RSIs. The accepted ones then passed robust defense. We conduct extensive experiments three benchmark RSI datasets (i.e., UCM, AID, FGSC-23). experimental results that method performs very well gradient-based attacks. analysis applicable attack scenarios is also helpful field. perform case study whole black-box scenario, highest rate reaches 93.25%. Most be rejected advance or correctly recognized by enhanced ensemble. This article one combine defenses attacks context DNN-based UAVs.