TY - GEN
T1 - Road Decals as Trojans
T2 - 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2024
AU - Chen, Wei Jia
AU - Hsu, Chia Yi
AU - Lee, Wei Bin
AU - Yu, Chia Mu
AU - Huang, Chun Ying
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - The emergence of autonomous vehicles (AVs) represents a significant breakthrough in transportation. These vehicles use object detection algorithms to sense and interpret their environment, enabling them to navigate and make decisions autonomously. Therefore, object detection systems are essential to ensure the effectiveness and safety of AV operations. However, recent studies have shown that object detection systems based on deep neural networks are susceptible to interference from intentionally designed objects containing adversarial perturbations. In this paper, we investigate the dependability of AVs by designing physical adversarial patches (APs) to fool object detectors. To ensure that the APs work in the real-world AVs, our APs have the following designs. First, we use the Expectation Over Transformation (EOT) technique to make APs adaptive to environmental challenges such as distance, angle, and shadow. Instead of using colored APs, our APs are monochrome and their shapes are more controllable, making them more stealthy on the road. Most importantly, an object is confirmed by AVs only after the object is detected for consecutive frames; however, most existing APs can only work in static cases. Our APs overcome the above challenges and ensure attack success in dynamic cases. Our experimental results show that our AP can effectively attack YOLOv3-tiny.
AB - The emergence of autonomous vehicles (AVs) represents a significant breakthrough in transportation. These vehicles use object detection algorithms to sense and interpret their environment, enabling them to navigate and make decisions autonomously. Therefore, object detection systems are essential to ensure the effectiveness and safety of AV operations. However, recent studies have shown that object detection systems based on deep neural networks are susceptible to interference from intentionally designed objects containing adversarial perturbations. In this paper, we investigate the dependability of AVs by designing physical adversarial patches (APs) to fool object detectors. To ensure that the APs work in the real-world AVs, our APs have the following designs. First, we use the Expectation Over Transformation (EOT) technique to make APs adaptive to environmental challenges such as distance, angle, and shadow. Instead of using colored APs, our APs are monochrome and their shapes are more controllable, making them more stealthy on the road. Most importantly, an object is confirmed by AVs only after the object is detected for consecutive frames; however, most existing APs can only work in static cases. Our APs overcome the above challenges and ensure attack success in dynamic cases. Our experimental results show that our AP can effectively attack YOLOv3-tiny.
KW - Adversarial Patch
KW - Autonomous Vehicles
KW - DNN
UR - http://www.scopus.com/inward/record.url?scp=85203822235&partnerID=8YFLogxK
U2 - 10.1109/DSN-S60304.2024.00039
DO - 10.1109/DSN-S60304.2024.00039
M3 - Conference contribution
AN - SCOPUS:85203822235
T3 - Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2024
SP - 133
EP - 140
BT - Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2024
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 24 June 2024 through 27 June 2024
ER -