Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Attack End-to-End Autonomous Driving through Module-Wise Noise

Lu Wang, Tianyuan Zhang, Yikai Han, Muyang Fang, Ting Jin, Jiaqi Kang

TL;DR

This paper thoroughly considers the potential vulnerabilities in the model inference process and design a universal attack scheme through module-wise noise injection for the first time on the modular end-to-end autonomous driving model and demonstrates that the attack method outperforms previous attack methods.

Abstract

With recent breakthroughs in deep neural networks, numerous tasks within autonomous driving have exhibited remarkable performance. However, deep learning models are susceptible to adversarial attacks, presenting significant security risks to autonomous driving systems. Presently, end-to-end architectures have emerged as the predominant solution for autonomous driving, owing to their collaborative nature across different tasks. Yet, the implications of adversarial attacks on such models remain relatively unexplored. In this paper, we conduct comprehensive adversarial security research on the modular end-to-end autonomous driving model for the first time. We thoroughly consider the potential vulnerabilities in the model inference process and design a universal attack scheme through module-wise noise injection. We conduct large-scale experiments on the full-stack autonomous driving model and demonstrate that our attack method outperforms previous attack methods. We trust that our research will offer fresh insights into ensuring the safety and reliability of autonomous driving systems.

Attack End-to-End Autonomous Driving through Module-Wise Noise

TL;DR

This paper thoroughly considers the potential vulnerabilities in the model inference process and design a universal attack scheme through module-wise noise injection for the first time on the modular end-to-end autonomous driving model and demonstrates that the attack method outperforms previous attack methods.

Abstract

With recent breakthroughs in deep neural networks, numerous tasks within autonomous driving have exhibited remarkable performance. However, deep learning models are susceptible to adversarial attacks, presenting significant security risks to autonomous driving systems. Presently, end-to-end architectures have emerged as the predominant solution for autonomous driving, owing to their collaborative nature across different tasks. Yet, the implications of adversarial attacks on such models remain relatively unexplored. In this paper, we conduct comprehensive adversarial security research on the modular end-to-end autonomous driving model for the first time. We thoroughly consider the potential vulnerabilities in the model inference process and design a universal attack scheme through module-wise noise injection. We conduct large-scale experiments on the full-stack autonomous driving model and demonstrate that our attack method outperforms previous attack methods. We trust that our research will offer fresh insights into ensuring the safety and reliability of autonomous driving systems.
Paper Structure (13 sections, 6 equations, 2 figures, 1 table)

This paper contains 13 sections, 6 equations, 2 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related Work
  3. End-to-End Autonomous Driving
  4. Adversarial Attack
  5. Methodology
  6. Problem Definition
  7. Module-Wise Adversarial Noise
  8. Attack Strategy
  9. Experiments
  10. Experimental Setup
  11. Robust Evaluation
  12. Conclusions
  13. Acknowledgment

Figures (2)

  • Figure 1: Adversarial attacks in autonomous driving. There are a considerable number of mature attack algorithms targeting the perception of autonomous driving (a). There is a limited amount of research focusing on adversarial security for end-to-end regression-based decision models (b). We propose the module-wise attack targeting end-to-end autonomous driving models (c).
  • Figure 2: The framework of our module-wise noise attack method. We meticulously inject adversarial noise into the interaction process of all modules in the end-to-end autonomous driving model and synchronize the optimization of all noise using the losses from all modules.