Adversarial Attack Against Image-Based Localization Neural Networks

• URL: http://arxiv.org/abs/2210.06589v1
• Date: Tue, 11 Oct 2022 16:58:19 GMT
• Title: Adversarial Attack Against Image-Based Localization Neural Networks
• Authors: Meir Brand, Itay Naeh, Daniel Teitelman
• Abstract summary: We present a proof of concept for adversarially attacking the image-based localization module of an autonomous vehicle. A database of rendered images allowed us to train a deep neural network that performs a localization task and implement, develop and assess the adversarial pattern.
• Score: 1.911678487931003
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: In this paper, we present a proof of concept for adversarially attacking the image-based localization module of an autonomous vehicle. This attack aims to cause the vehicle to perform a wrong navigational decisions and prevent it from reaching a desired predefined destination in a simulated urban environment. A database of rendered images allowed us to train a deep neural network that performs a localization task and implement, develop and assess the adversarial pattern. Our tests show that using this adversarial attack we can prevent the vehicle from turning at a given intersection. This is done by manipulating the vehicle's navigational module to falsely estimate its current position and thus fail to initialize the turning procedure until the vehicle misses the last opportunity to perform a safe turn in a given intersection.

Related papers

• Neural Semantic Map-Learning for Autonomous Vehicles [85.8425492858912]
  We present a mapping system that fuses local submaps gathered from a fleet of vehicles at a central instance to produce a coherent map of the road environment. Our method jointly aligns and merges the noisy and incomplete local submaps using a scene-specific Neural Signed Distance Field. We leverage memory-efficient sparse feature-grids to scale to large areas and introduce a confidence score to model uncertainty in scene reconstruction.
  arXiv  Detail & Related papers  (2024-10-10T10:10:03Z)
• Transient Adversarial 3D Projection Attacks on Object Detection in Autonomous Driving [15.516055760190884]
  We introduce an adversarial 3D projection attack specifically targeting object detection in autonomous driving scenarios. Our results demonstrate the effectiveness of the proposed attack in deceiving YOLOv3 and Mask R-CNN in physical settings.
  arXiv  Detail & Related papers  (2024-09-25T22:27:11Z)
• Your Car Tells Me Where You Drove: A Novel Path Inference Attack via CAN Bus and OBD-II Data [57.22545280370174]
  On Path Diagnostic - Intrusion & Inference (OPD-II) is a novel path inference attack leveraging a physical car model and a map matching algorithm. We implement our attack on a set of four different cars and a total number of 41 tracks in different road and traffic scenarios.
  arXiv  Detail & Related papers  (2024-06-30T04:21:46Z)
• Robust Autonomous Vehicle Pursuit without Expert Steering Labels [41.168074206046164]
  We present a learning method for lateral and longitudinal motion control of an ego-vehicle for vehicle pursuit. The car being controlled does not have a pre-defined route, rather it reactively adapts to follow a target vehicle while maintaining a safety distance. We extensively validate our approach using the CARLA simulator on a wide range of terrains.
  arXiv  Detail & Related papers  (2023-08-16T14:09:39Z)
• Infrastructure-based End-to-End Learning and Prevention of Driver Failure [68.0478623315416]
  FailureNet is a recurrent neural network trained end-to-end on trajectories of both nominal and reckless drivers in a scaled miniature city. It can accurately identify control failures, upstream perception errors, and speeding drivers, distinguishing them from nominal driving. Compared to speed or frequency-based predictors, FailureNet's recurrent neural network structure provides improved predictive power, yielding upwards of 84% accuracy when deployed on hardware.
  arXiv  Detail & Related papers  (2023-03-21T22:55:51Z)
• Reinforcement Learning based Cyberattack Model for Adaptive Traffic Signal Controller in Connected Transportation Systems [61.39400591328625]
  In a connected transportation system, adaptive traffic signal controllers (ATSC) utilize real-time vehicle trajectory data received from vehicles to regulate green time. This wirelessly connected ATSC increases cyber-attack surfaces and increases their vulnerability to various cyber-attack modes. One such mode is a'sybil' attack in which an attacker creates fake vehicles in the network. An RL agent is trained to learn an optimal rate of sybil vehicle injection to create congestion for an approach(s)
  arXiv  Detail & Related papers  (2022-10-31T20:12:17Z)
• Adversarial Pixel Restoration as a Pretext Task for Transferable Perturbations [54.1807206010136]
  Transferable adversarial attacks optimize adversaries from a pretrained surrogate model and known label space to fool the unknown black-box models. We propose Adversarial Pixel Restoration as a self-supervised alternative to train an effective surrogate model from scratch. Our training approach is based on a min-max objective which reduces overfitting via an adversarial objective.
  arXiv  Detail & Related papers  (2022-07-18T17:59:58Z)
• Bait and Switch: Online Training Data Poisoning of Autonomous Driving Systems [12.867129768057175]
  We show that by controlling parts of a physical environment in which a pre-trained deep neural network (DNN) is being fine-tuned online, an adversary can launch subtle data poisoning attacks.
  arXiv  Detail & Related papers  (2020-11-08T20:04:43Z)
• Finding Physical Adversarial Examples for Autonomous Driving with Fast and Differentiable Image Compositing [33.466413757630846]
  We propose a scalable approach for finding adversarial modifications of a simulated autonomous driving environment. Our approach is significantly more scalable and far more effective than a state-of-the-art approach based on Bayesian Optimization.
  arXiv  Detail & Related papers  (2020-10-17T18:35:32Z)
• Risk-Averse MPC via Visual-Inertial Input and Recurrent Networks for Online Collision Avoidance [95.86944752753564]
  We propose an online path planning architecture that extends the model predictive control (MPC) formulation to consider future location uncertainties. Our algorithm combines an object detection pipeline with a recurrent neural network (RNN) which infers the covariance of state estimates. The robustness of our methods is validated on complex quadruped robot dynamics and can be generally applied to most robotic platforms.
  arXiv  Detail & Related papers  (2020-07-28T07:34:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.