Adversarial robustness analysis of LiDAR-included models in autonomous driving

IF 3.2 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS High-Confidence Computing Pub Date : 2024-03-01 DOI:10.1016/j.hcc.2024.100203
Bo Yang , Zizhi Jin , Yushi Cheng , Xiaoyu Ji , Wenyuan Xu
{"title":"Adversarial robustness analysis of LiDAR-included models in autonomous driving","authors":"Bo Yang ,&nbsp;Zizhi Jin ,&nbsp;Yushi Cheng ,&nbsp;Xiaoyu Ji ,&nbsp;Wenyuan Xu","doi":"10.1016/j.hcc.2024.100203","DOIUrl":null,"url":null,"abstract":"<div><p>In autonomous driving systems, perception is pivotal, relying chiefly on sensors like LiDAR and cameras for environmental awareness. LiDAR, celebrated for its detailed depth perception, is being increasingly integrated into autonomous vehicles. In this article, we analyze the robustness of four LiDAR-included models against adversarial points under physical constraints. We first introduce an attack technique that, by simply adding a limited number of physically constrained adversarial points above a vehicle, can make the vehicle undetectable by the LiDAR-included models. Experiments reveal that adversarial points adversely affect the detection capabilities of both LiDAR-only and LiDAR–camera fusion models, with a tendency for more adversarial points to escalate attack success rates. Notably, voxel-based models are more susceptible to deception by these adversarial points. We also investigated the impact of the distance and angle of the added adversarial points on the attack success rate. Typically, the farther the victim object to be hidden and the closer to the front of the LiDAR, the higher the attack success rate. Additionally, we have experimentally proven that our generated adversarial points possess good cross-model adversarial transferability and validated the effectiveness of our proposed optimization method through ablation studies. Furthermore, we propose a new plug-and-play, model-agnostic defense method based on the concept of point smoothness. The ROC curve of this defense method shows an AUC value of approximately 0.909, demonstrating its effectiveness.</p></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"4 1","pages":"Article 100203"},"PeriodicalIF":3.2000,"publicationDate":"2024-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2667295224000060/pdfft?md5=7e68638f7a7e1d0186a514efa45060f4&pid=1-s2.0-S2667295224000060-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"High-Confidence Computing","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2667295224000060","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

In autonomous driving systems, perception is pivotal, relying chiefly on sensors like LiDAR and cameras for environmental awareness. LiDAR, celebrated for its detailed depth perception, is being increasingly integrated into autonomous vehicles. In this article, we analyze the robustness of four LiDAR-included models against adversarial points under physical constraints. We first introduce an attack technique that, by simply adding a limited number of physically constrained adversarial points above a vehicle, can make the vehicle undetectable by the LiDAR-included models. Experiments reveal that adversarial points adversely affect the detection capabilities of both LiDAR-only and LiDAR–camera fusion models, with a tendency for more adversarial points to escalate attack success rates. Notably, voxel-based models are more susceptible to deception by these adversarial points. We also investigated the impact of the distance and angle of the added adversarial points on the attack success rate. Typically, the farther the victim object to be hidden and the closer to the front of the LiDAR, the higher the attack success rate. Additionally, we have experimentally proven that our generated adversarial points possess good cross-model adversarial transferability and validated the effectiveness of our proposed optimization method through ablation studies. Furthermore, we propose a new plug-and-play, model-agnostic defense method based on the concept of point smoothness. The ROC curve of this defense method shows an AUC value of approximately 0.909, demonstrating its effectiveness.

Abstract Image

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
自动驾驶中包含激光雷达模型的对抗鲁棒性分析
在自动驾驶系统中,感知至关重要,主要依靠激光雷达和摄像头等传感器来感知环境。激光雷达因其细致的深度感知而闻名,正被越来越多地集成到自动驾驶汽车中。在本文中,我们分析了四种包含激光雷达的模型在物理约束条件下对抗对抗点的鲁棒性。我们首先介绍了一种攻击技术,只需在车辆上方添加数量有限的物理约束对抗点,就能使包含激光雷达的模型无法探测到车辆。实验表明,对抗点会对纯激光雷达模型和激光雷达与相机融合模型的探测能力产生不利影响,对抗点越多,攻击成功率越高。值得注意的是,基于体素的模型更容易受到这些对抗点的欺骗。我们还研究了新增对抗点的距离和角度对攻击成功率的影响。通常情况下,要隐藏的受害对象越远,离激光雷达的前端越近,攻击成功率就越高。此外,我们还通过实验证明了我们生成的对抗点具有良好的跨模型对抗转移性,并通过烧蚀研究验证了我们提出的优化方法的有效性。此外,我们还提出了一种基于点平滑度概念的即插即用、模型无关的新防御方法。该防御方法的 ROC 曲线显示 AUC 值约为 0.909,证明了其有效性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
4.70
自引率
0.00%
发文量
0
期刊最新文献
Identity-based threshold (multi) signature with private accountability for privacy-preserving blockchain Navigating the Digital Twin Network landscape: A survey on architecture, applications, privacy and security Erratum to “An effective digital audio watermarking using a deep convolutional neural network with a search location optimization algorithm for improvement in Robustness and Imperceptibility” [High-Confid. Comput. 3 (2023) 100153] On Building Automation System security SoK: Decentralized Storage Network
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1