Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

RED: Robust Environmental Design

Jinghan Yang

Abstract

The classification of road signs by autonomous systems, especially those reliant on visual inputs, is highly susceptible to adversarial attacks. Traditional approaches to mitigating such vulnerabilities have focused on enhancing the robustness of classification models. In contrast, this paper adopts a fundamentally different strategy aimed at increasing robustness through the redesign of road signs themselves. We propose an attacker-agnostic learning scheme to automatically design road signs that are robust to a wide array of patch-based attacks. Empirical tests conducted in both digital and physical environments demonstrate that our approach significantly reduces vulnerability to patch attacks, outperforming existing techniques.

RED: Robust Environmental Design

Abstract

The classification of road signs by autonomous systems, especially those reliant on visual inputs, is highly susceptible to adversarial attacks. Traditional approaches to mitigating such vulnerabilities have focused on enhancing the robustness of classification models. In contrast, this paper adopts a fundamentally different strategy aimed at increasing robustness through the redesign of road signs themselves. We propose an attacker-agnostic learning scheme to automatically design road signs that are robust to a wide array of patch-based attacks. Empirical tests conducted in both digital and physical environments demonstrate that our approach significantly reduces vulnerability to patch attacks, outperforming existing techniques.

Paper Structure

This paper contains 14 sections, 4 equations, 5 figures, 5 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. RED-Robust Environmental Design
  4. Experiments
  5. Datasets and Road Sign Classification Models
  6. Robustness
  7. Evaluation Across Different Attacks
  8. Physical Experiment
  9. Social Impact Statement
  10. Methodology
  11. Enhance Class Information within a Road Sign
  12. Training
  13. Special Case: Attacker-Aware Robust Environmental Design (AA-RED)
  14. Experiments

Figures (5)

  • Figure 1: Redesigned speed limit sign (left) with attacks on redesigned (middle) and original (right).
  • Figure 2: Visualization of ablation sampling for LISA (left) and RED applied to LISA (right), with predicted class and ablation size percentage (bottom).
  • Figure 3: Physical examples of patterns selected by RED.
  • Figure 4: Training Pipeline Via Differentiable Image Compositing
  • Figure 5: Visualization of road signs with different grid pattern sizes: left (grid size 3), middle (grid size 5), and right (grid size 10)