噪声感知动态自适应联邦防御框架用于SAR图像目标识别 (Noise-Aware and Dynamically Adaptive Federated Defense Framework for SAR Image Target Recognition)

from arxiv, This work was supported in part by the National Key Research and Development Program of China under Grant 2021YFB3101100, in part by the National Natural Science Foundation of China under Grant 62272123, 42371470, and 42461057, in part by the Fundamental Research Program of Shanxi Province under Grant 202303021212164. Corresponding authors: Zhongliang Guo and Junhao Dong

As a critical application of computational intelligence in remote sensing, deep learning-based synthetic aperture radar (SAR) image target recognition facilitates intelligent perception but typically relies on centralized training, where multi-source SAR data are uploaded to a single server, raising privacy and security concerns. Federated learning (FL) provides an emerging computational intelligence paradigm for SAR image target recognition, enabling cross-site collaboration while preserving local data privacy. However, FL confronts critical security risks, where malicious clients can exploit SAR's multiplicative speckle noise to conceal backdoor triggers, severely challenging the robustness of the computational intelligence model. To address this challenge, we propose NADAFD, a noise-aware and dynamically adaptive federated defense framework that integrates frequency-domain, spatial-domain, and client-behavior analyses to counter SAR-specific backdoor threats. Specifically, we introduce a frequency-domain collaborative inversion mechanism to expose cross-client spectral inconsistencies indicative of hidden backdoor triggers. We further design a noise-aware adversarial training strategy that embeds $Γ$-distributed speckle characteristics into mask-guided adversarial sample generation to enhance robustness against both backdoor attacks and SAR speckle noise. In addition, we present a dynamic health assessment module that tracks client update behaviors across training rounds and adaptively adjusts aggregation weights to mitigate evolving malicious contributions. Experiments on MSTAR and OpenSARShip datasets demonstrate that NADAFD achieves higher accuracy on clean test samples and a lower backdoor attack success rate on triggered inputs than existing federated backdoor defenses for SAR target recognition.

翻译：作为计算智能在遥感领域的关键应用，基于深度学习的合成孔径雷达（SAR）图像目标识别促进了智能感知，但通常依赖于集中式训练，即多源SAR数据被上传至单一服务器，从而引发隐私和安全问题。联邦学习（FL）为SAR图像目标识别提供了一种新兴的计算智能范式，能够在保护本地数据隐私的同时实现跨站点协作。然而，FL面临严峻的安全风险，恶意客户端可利用SAR的乘性散斑噪声来隐藏后门触发器，严重挑战计算智能模型的鲁棒性。为应对这一挑战，我们提出了NADAFD，一个噪声感知动态自适应联邦防御框架，它集成了频域、空域和客户端行为分析，以对抗SAR特有的后门威胁。具体而言，我们引入了一种频域协同反演机制，以揭示指示隐藏后门触发器的跨客户端频谱不一致性。我们进一步设计了一种噪声感知对抗训练策略，将$Γ$分布的散斑特性嵌入到掩码引导的对抗样本生成中，以增强对后门攻击和SAR散斑噪声的鲁棒性。此外，我们提出了一个动态健康评估模块，该模块跟踪客户端在训练轮次间的更新行为，并自适应调整聚合权重，以减轻不断演变的恶意贡献。在MSTAR和OpenSARShip数据集上的实验表明，与现有的SAR目标识别联邦后门防御方法相比，NADAFD在干净测试样本上取得了更高的准确率，并在触发输入上实现了更低的后门攻击成功率。