A Multi-Scale Isolation Forest Approach for Real-Time Detection and Filtering of FGSM Adversarial Attacks in Video Streams of Autonomous Vehicles

TL;DR

This work tackles the real-time detection and filtering of FGSM adversarial perturbations in video streams from autonomous-vehicle perception. It introduces a multi-scale Isolation Forest-based framework complemented by statistical analysis and OC-SVM, evaluated on a dataset of 60,000 images (10,000 originals plus five perturbation levels up to $ε=0.2$). The proposed pipeline achieves high detection performance (Precision $98.2\%$, Recall $97.5\%$, Accuracy $98.7\%$) and scales efficiently with parallel processing, showing strong viability for deployment in real-time perception systems. The approach demonstrates robust discrimination across perturbation strengths, with near-perfect ROC-AUC ($0.995$) and favorable comparisons to prior defenses, while providing visual and decorative tools to interpret results. Practical impact includes enhanced resilience of autonomous-vehicle perception against FGSM attacks, enabling safer and more reliable real-time decision-making.

Abstract

Deep Neural Networks (DNNs) have demonstrated remarkable success across a wide range of tasks, particularly in fields such as image classification. However, DNNs are highly susceptible to adversarial attacks, where subtle perturbations are introduced to input images, leading to erroneous model outputs. In today's digital era, ensuring the security and integrity of images processed by DNNs is of critical importance. One of the most prominent adversarial attack methods is the Fast Gradient Sign Method (FGSM), which perturbs images in the direction of the loss gradient to deceive the model. This paper presents a novel approach for detecting and filtering FGSM adversarial attacks in image processing tasks. Our proposed method evaluates 10,000 images, each subjected to five different levels of perturbation, characterized by $ε$ values of 0.01, 0.02, 0.05, 0.1, and 0.2. These perturbations are applied in the direction of the loss gradient. We demonstrate that our approach effectively filters adversarially perturbed images, mitigating the impact of FGSM attacks. The method is implemented in Python, and the source code is publicly available on GitHub for reproducibility and further research.

Figures (7)

• Figure 1: Adversarial Image Detection Pipeline. The flowchart illustrates the step-by-step process of detecting adversarial images, starting from video input and frame extraction to final classification and aggregation. Processes (pink), data (light blue), and decision points (yellow) are color-coded for clarity.
• Figure 2: Visualization of FGSM adversarial attacks with varying perturbation magnitudes ($\epsilon$). The top image shows the original unperturbed sample, while subsequent images demonstrate the progressive impact of increasing $\epsilon$ values on the input image. Larger $\epsilon$ values result in more visible perturbations while maintaining the general structure of the original image, though image quality significantly degrades at higher perturbation levels.
• Figure 3: Distribution of Attack Detection Results on a sample 20-second video with 10 frames per second.
• Figure 4: Timeline of Detected Attacks
• Figure 5: Actual vs Detected Attacks