A physics-orientd method for attacking SAR images using salient regions

The use of deep neural networks in SAR target recognition makes it vulnerable to adversarial attacks. Previous studies have utilized optical image attacks, electromagnetic scattering parameter models, and structural parameter perturbation in generating SAR adversarial example. The imaging process for SAR images in the physical world is dissimilar to that of optical images because SAR imaging is solely regulated by imaging equations rather than the what-you-see-is-what-you-get principle, as a result, generating SAR adversarial samples in the physical world requires considering the changes in SAR imaging equations that happen after deploying physical devices. Thus, this study proposes a physical attack technique reliant on salient regions to add adversarial scatterers in the physical domain, masking the salient regions identified by classifiers in SAR images, and subsequently downgrading the classification capabilities of the classifiers. In contrast to previous algorithms, the proposed algorithm distinguishes itself through two key features: (1) SAR-BagNet is utilized to identify the salient regions of SAR targets recognized by classifiers, allowing for the exact position and size determination of the adversarial scatterers and enhancing interpretability; (2) Dynamic step size optimization, which is based on the difference equation, continuously refines the electromagnetic parameters, structural parameters, and texture parameters of the adversarial scatterers, leading to a higher search efficiency. The simulation experiments demonstrated that the generated adversarial samples, after adding and modifying the design parameters of the adversarial scatterers in the initial physical model, contributed to a decrease in the classification accuracy of classifiers for the simulated images, from 100% to 14.4%，these experimental results indicate that the proposed method has considerable potential for further exploration and research on physical domain adversarial attacks in SAR.