Loading [a11y]/accessibility-menu.js
D3R-Net: Denoising Diffusion-Based Defense Restore Network for Adversarial Defense in Remote Sensing Scene Classification | IEEE Journals & Magazine | IEEE Xplore
Scheduled Maintenance: On Monday, 27 January, the IEEE Xplore Author Profile management portal will undergo scheduled maintenance from 9:00-11:00 AM ET (1400-1600 UTC). During this time, access to the portal will be unavailable. We apologize for any inconvenience.

D3R-Net: Denoising Diffusion-Based Defense Restore Network for Adversarial Defense in Remote Sensing Scene Classification


Abstract:

Deep learning models (algorithms) have demonstrated their superior performance in interpreting Earth science and remote sensing data. However, adversarial examples genera...Show More

Abstract:

Deep learning models (algorithms) have demonstrated their superior performance in interpreting Earth science and remote sensing data. However, adversarial examples generated with perturbations imperceptible to humans could render deep learning algorithms ineffective. This significant vulnerability of deep learning models, thus, inspires the exploration of defense methods resistible to adversarial examples. Although numerous countermeasures against adversarial examples have been proposed, the design of a universally applicable defense method across multiple scenarios still remains to be explored. In this study, we propose an effective denoising diffusion-based defense restore network (D3R-Net) based on the denoising diffusion model from the perspective of adversarial restoration, which transforms the adversarial examples into clean samples. Utilizing a highly effective denoising diffusion probabilistic model (DDPM), our D3R-Net transforms input adversarial examples into a state of noise, where diverse forms of adversarial noise transition into Gaussian noise. Subsequently, it captures semantic information through a series of iterative denoising steps. The pixel distribution of adversarial examples is restored in the proposed network to match the original distribution, enabling the classifier to identify adversarial examples correctly. Furthermore, we introduce a combined filtering module to preserve the semantic information of the original image, thereby further enhancing the defensive performance. Instead of modifying the model structure or excluding suspected samples, the proposed method restores the adversarial examples, making it simple yet effective and applicable to a broader range of scenarios. Extensive experiments are conducted on four benchmark datasets, and the results demonstrate that D3R-Net has significant defense capabilities against known and unknown attacks. Our source code is available at https://github.com/SIM-xidian/D3R-Net.
Article Sequence Number: 5214614
Date of Publication: 11 June 2024

ISSN Information:

Funding Agency:


References

References is not available for this document.