Adversarial Robust Scene Classification based on Proactive-Reactive Deep Ensemble Defenses

As a safety-related application, visual systems based on convolutional neural networks (CNNs) in modern unmanned aerial vehicles (UAVs) show adversarial vulnerability when performing the real-time inference. Aimed at scene classification task of remote sensing images (RSIs), this paper proposes to use ensemble methods for both proactive and reactive defenses in solving the problem. Because of serious adversarial transferability for malicious RSIs crafted against CNNs, we train a robust ensemble by promoting the orthogonality between sub-models’ loss fields and inhibiting the loss fields strength of sub-models for the proactive defense. The adversarial transferability in the ensemble then can be greatly reduced. In terms of reactive defense, we fuse scoring functions of several classical detection algorithms with the hidden features and average output confidences from sub-models as a second fusion. Extensive experiments on two benchmark datasets with multiple scenes demonstrate that both deep ensemble defenses achieve the state-of-the-art performances in most cases and generalize well for non-malicious data, which enhances the adversarial robustness of CNN models for scene classification on UAVs.