Black-Box Universal Adversarial Attack for DNN-Based Models of SAR Automatic Target Recognition

Abstract

Synthetic aperture radar automatic target recognition (SAR-ATR) models based on deep neural networks (DNNs) are vulnerable to attacks of adversarial examples. Universal adversarial attack algorithms can help evaluate and improve the robustness of the SAR-ATR models and have become a research hotspot. However, current universal adversarial attack algorithms have limitations. First, considering the difficulty in obtaining information on the attacking SAR-ATR models, there is an urgent need to design a universal adversarial attack algorithm under a black-box scenario. Second, given the difficulty of acquiring synthetic aperture radar images, the effectiveness of attacks under small-sample conditions requires improvement. To address these limitations, this study proposed a black-box universal adversarial attack algorithm: transferable universal adversarial network (TUAN). Based on the idea of the generative adversarial network, we implemented the game of generator and attenuator to improve the transferability of universal adversarial perturbation (UAP). We designed loss functions for the generator and the attenuator, respectively, which can effectively improve the success rate of black-box attacks and the stealthiness of attacks. In addition, U-Net was used as a network structure of the generator and the attenuator to fully learn the distribution of examples, thereby enhancing the attack success rate under small-sample conditions. The TUAN attained a higher black-box attack success rate and superior stealthiness than up-to-date UAP algorithms in non-targeted and targeted attacks.