Evaluating the Impact of Adversarial Attacks on Traffic Sign Classification using the LISA Dataset

• URL: http://arxiv.org/abs/2509.06835v1
• Date: Mon, 08 Sep 2025 16:06:41 GMT
• Title: Evaluating the Impact of Adversarial Attacks on Traffic Sign Classification using the LISA Dataset
• Authors: Nabeyou Tadessa, Balaji Iyangar, Mashrur Chowdhury,
• Abstract summary: We train a convolutional neural network to classify 47 different traffic signs and evaluate its robustness against adversarial attacks.<n>Results show a sharp decline in classification accuracy as the perturbation magnitude increases.<n>This study lays the groundwork for future exploration into defense mechanisms tailored for real-world traffic sign recognition systems.
• Score: 3.010893618491329
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Adversarial attacks pose significant threats to machine learning models by introducing carefully crafted perturbations that cause misclassification. While prior work has primarily focused on MNIST and similar datasets, this paper investigates the vulnerability of traffic sign classifiers using the LISA Traffic Sign dataset. We train a convolutional neural network to classify 47 different traffic signs and evaluate its robustness against Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD) attacks. Our results show a sharp decline in classification accuracy as the perturbation magnitude increases, highlighting the models susceptibility to adversarial examples. This study lays the groundwork for future exploration into defense mechanisms tailored for real-world traffic sign recognition systems.

Related papers

• Toward Real-World IoT Security: Concept Drift-Resilient IoT Botnet Detection via Latent Space Representation Learning and Alignment [2.5782420501870296]
  This paper proposes a scalable framework for adaptive IoT threat detection.<n>An alignment model maps incoming traffic to the learned historical latent space prior to classification.<n>To capture inter-instance relationships among attack samples, the low-dimensional latent representations are transformed into a graph-structured format.
  arXiv  Detail & Related papers  (2025-12-27T06:13:19Z)
• Exploiting Edge Features for Transferable Adversarial Attacks in Distributed Machine Learning [54.26807397329468]
  This work explores a previously overlooked vulnerability in distributed deep learning systems.<n>An adversary who intercepts the intermediate features transmitted between them can still pose a serious threat.<n>We propose an exploitation strategy specifically designed for distributed settings.
  arXiv  Detail & Related papers  (2025-07-09T20:09:00Z)
• Explainable Machine Learning for Cyberattack Identification from Traffic Flows [5.834276858232939]
  We simulate cyberattacks in a semi-realistic environment, using a traffic network to analyze disruption patterns.<n>We develop a deep learning-based anomaly detection system, demonstrating that Longest Stop Duration and Total Jam Distance are key indicators of compromised signals.<n>This work enhances AI-driven traffic security, improving both detection accuracy and trustworthiness in smart transportation systems.
  arXiv  Detail & Related papers  (2025-05-02T17:34:14Z)
• Undermining Image and Text Classification Algorithms Using Adversarial Attacks [0.0]
  Our study addresses the gap by training various machine learning models and using GANs and SMOTE to generate additional data points aimed at attacking text classification models. Our experiments reveal a significant vulnerability in classification models. Specifically, we observe a 20 % decrease in accuracy for the top-performing text classification models post-attack, along with a 30 % decrease in facial recognition accuracy.
  arXiv  Detail & Related papers  (2024-11-03T18:44:28Z)
• Transferable Adversarial Attacks on SAM and Its Downstream Models [87.23908485521439]
  This paper explores the feasibility of adversarial attacking various downstream models fine-tuned from the segment anything model (SAM)<n>To enhance the effectiveness of the adversarial attack towards models fine-tuned on unknown datasets, we propose a universal meta-initialization (UMI) algorithm.
  arXiv  Detail & Related papers  (2024-10-26T15:04:04Z)
• Zero Day Threat Detection Using Metric Learning Autoencoders [3.1965908200266173]
  The proliferation of zero-day threats (ZDTs) to companies' networks has been immensely costly. Deep learning methods are an attractive option for their ability to capture highly-nonlinear behavior patterns. The models presented here are also trained and evaluated with two more datasets, and continue to show promising results even when generalizing to new network topologies.
  arXiv  Detail & Related papers  (2022-11-01T13:12:20Z)
• Robust Trajectory Prediction against Adversarial Attacks [84.10405251683713]
  Trajectory prediction using deep neural networks (DNNs) is an essential component of autonomous driving systems. These methods are vulnerable to adversarial attacks, leading to serious consequences such as collisions. In this work, we identify two key ingredients to defend trajectory prediction models against adversarial attacks.
  arXiv  Detail & Related papers  (2022-07-29T22:35:05Z)
• Learning to Learn Transferable Attack [77.67399621530052]
  Transfer adversarial attack is a non-trivial black-box adversarial attack that aims to craft adversarial perturbations on the surrogate model and then apply such perturbations to the victim model. We propose a Learning to Learn Transferable Attack (LLTA) method, which makes the adversarial perturbations more generalized via learning from both data and model augmentation. Empirical results on the widely-used dataset demonstrate the effectiveness of our attack method with a 12.85% higher success rate of transfer attack compared with the state-of-the-art methods.
  arXiv  Detail & Related papers  (2021-12-10T07:24:21Z)
• Adversarial Attacks on Knowledge Graph Embeddings via Instance Attribution Methods [8.793721044482613]
  We study data poisoning attacks against Knowledge Graph Embeddings (KGE) models for link prediction. These attacks craft adversarial additions or deletions at training time to cause model failure at test time. We propose a method to replace one of the two entities in each influential triple to generate adversarial additions.
  arXiv  Detail & Related papers  (2021-11-04T19:38:48Z)
• Explainable Adversarial Attacks in Deep Neural Networks Using Activation Profiles [69.9674326582747]
  This paper presents a visual framework to investigate neural network models subjected to adversarial examples. We show how observing these elements can quickly pinpoint exploited areas in a model.
  arXiv  Detail & Related papers  (2021-03-18T13:04:21Z)
• Graph Backdoor [53.70971502299977]
  We present GTA, the first backdoor attack on graph neural networks (GNNs) GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features. It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
  arXiv  Detail & Related papers  (2020-06-21T19:45:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.