defense 2025

Noise-Aware and Dynamically Adaptive Federated Defense Framework for SAR Image Target Recognition

Yuchao Hou ^1,2, Zixuan Zhang ¹, Jie Wang ¹, Wenke Huang ³, Lianhui Liang ⁴, Di Wu ⁵, Zhiquan Liu ⁶, Youliang Tian ², Jianming Zhu ⁷, Jisheng Dang ⁸, Junhao Dong ³, Zhongliang Guo ⁹

¹ Shanxi Normal University

² Guizhou University

³ Nanyang Technological University

⁴ Guangxi University

⁵ La Trobe University

⁶ Jinan University

⁷ Central University of Finance and Economics

⁸ Lanzhou University

⁹ University of St Andrews

0 citations · 50 references · arXiv

Published on arXiv

2601.00900

Model Poisoning

OWASP ML Top 10 — ML10

Key Finding

NADAFD achieves higher clean accuracy and lower backdoor attack success rate than existing federated backdoor defenses on both MSTAR and OpenSARShip SAR datasets.

NADAFD

Novel technique introduced

As a critical application of computational intelligence in remote sensing, deep learning-based synthetic aperture radar (SAR) image target recognition facilitates intelligent perception but typically relies on centralized training, where multi-source SAR data are uploaded to a single server, raising privacy and security concerns. Federated learning (FL) provides an emerging computational intelligence paradigm for SAR image target recognition, enabling cross-site collaboration while preserving local data privacy. However, FL confronts critical security risks, where malicious clients can exploit SAR's multiplicative speckle noise to conceal backdoor triggers, severely challenging the robustness of the computational intelligence model. To address this challenge, we propose NADAFD, a noise-aware and dynamically adaptive federated defense framework that integrates frequency-domain, spatial-domain, and client-behavior analyses to counter SAR-specific backdoor threats. Specifically, we introduce a frequency-domain collaborative inversion mechanism to expose cross-client spectral inconsistencies indicative of hidden backdoor triggers. We further design a noise-aware adversarial training strategy that embeds $Γ$-distributed speckle characteristics into mask-guided adversarial sample generation to enhance robustness against both backdoor attacks and SAR speckle noise. In addition, we present a dynamic health assessment module that tracks client update behaviors across training rounds and adaptively adjusts aggregation weights to mitigate evolving malicious contributions. Experiments on MSTAR and OpenSARShip datasets demonstrate that NADAFD achieves higher accuracy on clean test samples and a lower backdoor attack success rate on triggered inputs than existing federated backdoor defenses for SAR target recognition.

Key Contributions

Frequency-domain collaborative inversion mechanism that exposes cross-client spectral inconsistencies indicative of hidden backdoor triggers in SAR imagery
Noise-aware adversarial training strategy embedding Gamma-distributed speckle characteristics into mask-guided adversarial sample generation to harden models against SAR-specific backdoor attacks
Dynamic health assessment module that tracks client update behaviors across rounds and adaptively adjusts aggregation weights to suppress evolving malicious contributions

🛡️ Threat Analysis

Model Poisoning

The paper directly targets federated learning backdoor attacks where malicious clients inject hidden trigger patterns, and proposes a defense framework (NADAFD) specifically designed to detect and mitigate these trigger-based backdoor threats — the canonical ML10 threat model.

Details

Domains

visionfederated-learning

Model Types

cnnfederated

Threat Tags

training_timetargeteddigital

Datasets

MSTAROpenSARShip

Applications

sar image target recognitionremote sensingfederated learning

Read PDF arXiv DOI

Noise-Aware and Dynamically Adaptive Federated Defense Framework for SAR Image Target Recognition

Key Contributions

🛡️ Threat Analysis

Details

Similar Papers

SafeSplit: A Novel Defense Against Client-Side Backdoor Attacks in Split Learning (Full Version)

Coward: Collision-based Watermark for Proactive Federated Backdoor Detection

MARS: A Malignity-Aware Backdoor Defense in Federated Learning

Hammer and Anvil: A Principled Defense Against Backdoors in Federated Learning

ZORRO: Zero-Knowledge Robustness and Privacy for Split Learning (Full Version)

BAPFL: Exploring Backdoor Attacks Against Prototype-based Federated Learning

DOPA: Stealthy and Generalizable Backdoor Attacks from a Single Client under Challenging Federated Constraints

Exploiting Layer-Specific Vulnerabilities to Backdoor Attack in Federated Learning