On the Defense Against Adversarial
Examples Beyond the Visible Spectrum
(A. Ortiz, O. Fuentes, D. Rosario, and C. Kiekintveld)
In IEEE MILCOM 2018.
This is the author's version of the work.
Download
Abstract
Machine learning (ML) models based on
RGB images are vulnerable to adversarial attacks,
representing a potential cyber threat to the computer
vision and artificial intelligence community. Adversarial
examples are inputs maliciously constructed to
induce errors by ML systems at test time. Recently,
researchers also showed that such an attack can be
successfully applied at test time to ML models based
on multispectral imagery, suggesting this threat is
likely to overarch the hyperspectral data space as well.
As military communities across the world continue to
grow their investment portfolios in multispectral and
hyperspectral remote sensing, while expressing their
interest in machine learning based systems, this paper
aims at increasing the military community’s awareness
of the adversarial threat and also in proposing
ML training strategies and resilient solutions for the
state of the art artificial neural networks. Specifically,
the paper introduces an adversarial detection network
that explores domain specific knowledge of material
response in the shortwave infrared spectrum, and a
framework that jointly integrates an automatic band
selection method for multispectral imagery with adversarial
training and adversarial spectral rule based
detection. Experiment results show the effectiveness of
the approach in an automatic semantic segmentation
task using Digital Globe’s WorldView-3 satellite 16-
band imagery.
