Recent years have witnessed the great success of deep learning algorithms in the geoscience and remote sensing realm. Nevertheless, the security and robustness of deep learning models deserve special attention when addressing safety-critical remote sensing tasks. In this paper, we provide a systematic analysis of backdoor attacks for remote sensing data, where both scene classification and semantic segmentation tasks are considered. While most of the existing backdoor attack algorithms rely on visible triggers like squared patches with well-designed patterns, we propose a novel wavelet transform-based attack (WABA) method, which can achieve invisible attacks by injecting the trigger image into the poisoned image in the low-frequency domain. In this way, the high-frequency information in the trigger image can be filtered out in the attack, resulting in stealthy data poisoning. Despite its simplicity, the proposed method can significantly cheat the current state-of-the-art deep learning models with a high attack success rate. We further analyze how different trigger images and the hyper-parameters in the wavelet transform would influence the performance of the proposed method. Extensive experiments on four benchmark remote sensing datasets demonstrate the effectiveness of the proposed method for both scene classification and semantic segmentation tasks and thus highlight the importance of designing advanced backdoor defense algorithms to address this threat in remote sensing scenarios. The code will be available online at \url{https://github.com/ndraeger/waba}.

翻译：近年来，深度学习算法在地球科学与遥感领域取得了巨大成功。然而，在处理安全关键的遥感任务时，深度学习模型的安全性和鲁棒性值得特别关注。本文系统分析了针对遥感数据的后门攻击，同时考虑了场景分类和语义分割任务。现有后门攻击算法大多依赖设计有特定图案的方形补丁等可见触发器，我们提出了一种基于小波变换的新型攻击方法（WABA），通过在低频域将触发器图像注入被污染的图像中，实现不可见攻击。该方法可滤除触发器图像中的高频信息，从而完成隐蔽的数据投毒。尽管方法简单，但所提方法能以高攻击成功率显著欺骗当前最先进的深度学习模型。我们进一步分析了不同触发器图像及小波变换超参数对方法性能的影响。在四个基准遥感数据集上的大量实验表明，所提方法在场景分类和语义分割任务中均有效，从而凸显了设计先进后门防御算法以应对遥感场景下这类威胁的重要性。代码将发布于\url{https://github.com/ndraeger/waba}。