Deep neural networks (DNNs) have achieved tremendous success in many remote sensing (RS) applications, in which DNNs are vulnerable to adversarial perturbations. Unfortunately, current adversarial defense approaches in RS studies usually suffer from performance fluctuation and unnecessary re-training costs due to the need for prior knowledge of the adversarial perturbations among RS data. To circumvent these challenges, we propose a universal adversarial defense approach in RS imagery (UAD-RS) using pre-trained diffusion models to defend the common DNNs against multiple unknown adversarial attacks. Specifically, the generative diffusion models are first pre-trained on different RS datasets to learn generalized representations in various data domains. After that, a universal adversarial purification framework is developed using the forward and reverse process of the pre-trained diffusion models to purify the perturbations from adversarial samples. Furthermore, an adaptive noise level selection (ANLS) mechanism is built to capture the optimal noise level of the diffusion model that can achieve the best purification results closest to the clean samples according to their Frechet Inception Distance (FID) in deep feature space. As a result, only a single pre-trained diffusion model is needed for the universal purification of adversarial samples on each dataset, which significantly alleviates the re-training efforts and maintains high performance without prior knowledge of the adversarial perturbations. Experiments on four heterogeneous RS datasets regarding scene classification and semantic segmentation verify that UAD-RS outperforms state-of-the-art adversarial purification approaches with a universal defense against seven commonly existing adversarial perturbations. Codes and the pre-trained models are available online (https://github.com/EricYu97/UAD-RS).

翻译：深度神经网络（DNN）在众多遥感（RS）应用中取得了巨大成功，但DNN易受对抗性扰动影响。当前遥感研究中的对抗防御方法通常因需要对遥感数据中对抗性扰动的先验知识而面临性能波动和不必要的重训练成本。为解决这些挑战，我们提出了一种遥感影像通用对抗防御方法（UAD-RS），利用预训练扩散模型保护通用DNN免受多种未知对抗攻击。具体而言，首先在不同遥感数据集上预训练生成式扩散模型，以学习各数据域中的泛化表示。随后，利用预训练扩散模型的前向与逆向过程构建通用对抗净化框架，以消除对抗样本中的扰动。此外，建立自适应噪声水平选择（ANLS）机制，根据深度特征空间中的Frechet初始距离（FID）捕捉扩散模型的最优噪声水平，从而获得最接近干净样本的最佳净化结果。因此，每个数据集仅需单个预训练扩散模型即可实现对抗样本的通用净化，显著减轻重训练负担，并在无需对抗扰动先验知识的情况下保持高性能。在四个异构遥感数据集上的场景分类与语义分割实验验证了UAD-RS在通用防御七种常见对抗扰动方面优于现有最先进的对抗净化方法。代码与预训练模型已在线公开（https://github.com/EricYu97/UAD-RS）。