Scattering Model Guided Adversarial Examples for SAR Target Recognition: Attack and Defense

Deep Neural Networks (DNNs) based Synthetic Aperture Radar (SAR) Automatic Target Recognition (ATR) systems have shown to be highly vulnerable adversarial perturbations that are deliberately designed yet almost imperceptible but can bias DNN inference when added targeted objects. This leads serious safety concerns applying DNNs high-stake SAR ATR applications. Therefore, enhancing the robustness of is essential for implementing modern real-world systems. Toward building more robust DNN-based models, this article explores domain knowledge imaging process and proposes a novel Scattering Model Guided Adversarial Attack (SMGAA) algorithm which generate in form electromagnetic scattering response (called scatterers). The proposed SMGAA consists two parts: 1) parametric model corresponding method 2) customized gradient-based optimization algorithm. First, we introduce effective Attributed Center (ASCM) general describe behavior typical geometric structures process. By further devising several strategies take target images into account relax greedy search procedure, does not need prudentially finetuned, efficiently find ASCM parameters fool classifiers facilitate training. Comprehensive evaluations on MSTAR dataset show scatterers generated by transformations processing chain than currently studied attacks, construct defensive against malicious scatterers.