UniAda: Universal Adaptive Multiobjective Adversarial Attack for End-to-End Autonomous Driving Systems

IF 5.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE IEEE Transactions on Reliability Pub Date : 2024-06-03 DOI:10.1109/TR.2024.3394894

Jingyu Zhang;Jacky Wai Keung;Yan Xiao;Yihan Liao;Yishu Li;Xiaoxue Ma

{"title":"UniAda: Universal Adaptive Multiobjective Adversarial Attack for End-to-End Autonomous Driving Systems","authors":"Jingyu Zhang;Jacky Wai Keung;Yan Xiao;Yihan Liao;Yishu Li;Xiaoxue Ma","doi":"10.1109/TR.2024.3394894","DOIUrl":null,"url":null,"abstract":"Adversarial attacks play a pivotal role in testing and improving the reliability of deep learning (DL) systems. Existing literature has demonstrated that subtle perturbations to the input can elicit erroneous outcomes, thereby substantially compromising the security of DL systems. This has emerged as a critical concern in the development of DL-based safety–critical systems like autonomous driving systems (ADSs). The focus of existing adversarial attack methods on end-to-end (E2E) ADSs has predominantly centered on misbehaviors of steering angle, which overlooks speed-related controls or imperceptible perturbations. To address these challenges, we introduce UniAda–a multiobjective white-box attack technique with a core function that revolves around crafting an image-agnostic adversarial perturbation capable of simultaneously influencing both steering and speed controls. UniAda capitalizes on an intricately designed multiobjective optimization function with the adaptive weighting scheme (AWS), enabling the concurrent optimization of diverse objectives. Validated with both simulated and real-world driving data, UniAda outperforms five benchmarks across two metrics, inducing steering and speed deviations from 3.54\n<inline-formula><tex-math>$^{\\circ }$</tex-math></inline-formula>\n to 29\n<inline-formula><tex-math>$^{\\circ }$</tex-math></inline-formula>\n and 11 to 22 km/h on average. This systematic approach establishes UniAda as a proven technique for adversarial attacks on modern DL-based E2E ADSs.","PeriodicalId":56305,"journal":{"name":"IEEE Transactions on Reliability","volume":"73 4","pages":"1892-1906"},"PeriodicalIF":5.7000,"publicationDate":"2024-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Reliability","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10546476/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Adversarial attacks play a pivotal role in testing and improving the reliability of deep learning (DL) systems. Existing literature has demonstrated that subtle perturbations to the input can elicit erroneous outcomes, thereby substantially compromising the security of DL systems. This has emerged as a critical concern in the development of DL-based safety–critical systems like autonomous driving systems (ADSs). The focus of existing adversarial attack methods on end-to-end (E2E) ADSs has predominantly centered on misbehaviors of steering angle, which overlooks speed-related controls or imperceptible perturbations. To address these challenges, we introduce UniAda–a multiobjective white-box attack technique with a core function that revolves around crafting an image-agnostic adversarial perturbation capable of simultaneously influencing both steering and speed controls. UniAda capitalizes on an intricately designed multiobjective optimization function with the adaptive weighting scheme (AWS), enabling the concurrent optimization of diverse objectives. Validated with both simulated and real-world driving data, UniAda outperforms five benchmarks across two metrics, inducing steering and speed deviations from 3.54

$^{\circ }$

to 29

$^{\circ }$

and 11 to 22 km/h on average. This systematic approach establishes UniAda as a proven technique for adversarial attacks on modern DL-based E2E ADSs.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

UniAda：端到端自动驾驶系统的通用自适应多目标对抗攻击

对抗性攻击在测试和提高深度学习（DL）系统的可靠性方面发挥着关键作用。现有文献表明，输入的细微扰动可能导致错误的结果，从而大大损害深度学习系统的安全性。这已经成为自动驾驶系统（ads）等基于dl的安全关键系统开发中的一个关键问题。现有的端到端ads对抗性攻击方法的重点主要集中在转向角度的不当行为上，忽略了与速度相关的控制或不可察觉的扰动。为了应对这些挑战，我们引入了uniada -一种多目标白盒攻击技术，其核心功能围绕着制作一个图像不可知的对抗性扰动，能够同时影响转向和速度控制。UniAda利用复杂设计的多目标优化函数和自适应加权方案（AWS），实现了多个目标的并行优化。经过模拟和真实驾驶数据的验证，UniAda在两个指标上优于五个基准，包括转向和速度偏差从3.54$^{\circ}$到29$^{\circ}$以及平均11到22 km/h。这种系统的方法使UniAda成为一种经过验证的针对现代基于dl的E2E ads的对抗性攻击技术。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Transactions on Reliability 工程技术-工程：电子与电气

CiteScore

12.20

自引率

8.50%

发文量

153

审稿时长

7.5 months

期刊介绍： IEEE Transactions on Reliability is a refereed journal for the reliability and allied disciplines including, but not limited to, maintainability, physics of failure, life testing, prognostics, design and manufacture for reliability, reliability for systems of systems, network availability, mission success, warranty, safety, and various measures of effectiveness. Topics eligible for publication range from hardware to software, from materials to systems, from consumer and industrial devices to manufacturing plants, from individual items to networks, from techniques for making things better to ways of predicting and measuring behavior in the field. As an engineering subject that supports new and existing technologies, we constantly expand into new areas of the assurance sciences.