Enhancing the Transferability of Adversarial Attacks for End-to-End Autonomous Driving Systems

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review

View graph of relations

Related Research Unit(s)

Detail(s)

Original languageEnglish
Title of host publication31st Asia-Pacific Software Engineering Conference (APSEC 2024)
Publication statusAccepted/In press/Filed - 14 Sept 2024

Conference

Title31st Asia-Pacific Software Engineering Conference (APSEC 2024)
Location
PlaceChina
CityChongqing
Period3 - 6 December 2024

Abstract

Adversarial attacks play an important role in testing and enhancing the reliability of deep learning (DL) systems. Most existing attacks for DL-based autonomous driving systems (ADSs) demonstrate strong performance under the white-box setting but struggle with black-box transferability, while black-box attacks are more practical in real-world scenarios as they operate without full model access. Numerous transferability-enhancement techniques have been proposed in other fields (e.g., image classification), however, they remain unexplored for end-to-end (E2E) ADSs.

Our study fills the gap by conducting the first comprehensive empirical analysis of nine transferability-enhancement methods on E2E ADSs, covering two types: three input transformation enhancements and six attack objective enhancements. We evaluate their effectiveness on two datasets with four steering models. Our findings reveal that, out of nine enhancements, Resizing+Translation delivers the best black-box transferability, producing up to 9.39 degrees increase in MAE. Pred+Attn serves as the best objective enhancement, producing a maximum of 5.55 degrees (white-box) and 6.21 degrees (black-box) increase in MAE. Through attention heatmap visualizations, we discover that different models focus on similar regions when predicting, thereby enhancing the transferability of attention-based attacks.

In conclusion, our study provides valuable results and insights into the transferability-enhancement techniques for E2E ADSs, which also serve as a robust benchmark for further advancements in the autonomous driving field.

Bibliographic Note

Research Unit(s) information for this publication is provided by the author(s) concerned.

Citation Format(s)

Enhancing the Transferability of Adversarial Attacks for End-to-End Autonomous Driving Systems. / ZHANG, Jingyu; Keung, Jacky; MA, Kayley Xiaoxue et al.
31st Asia-Pacific Software Engineering Conference (APSEC 2024). 2024.

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review