Enhancing the Transferability of Adversarial Attacks for End-to-End Autonomous Driving Systems
Adversarial attacks play an important role in testing and enhancing the reliability of deep learning (DL) systems. Most existing attacks for DL-based autonomous driving systems (ADSs) demonstrate strong performance under the white-box setting but struggle with black-box transferability, while black-box attacks are more practical in real-world scenarios as they operate without full model access. Numerous transferability-enhancement techniques have been proposed in other fields (e.g., image classification), however, they remain unexplored for end-to-end (E2E) ADSs.
Our study fills the gap by conducting the first comprehensive empirical analysis of nine transferability-enhancement methods on E2E ADSs, covering two types: three input transformation enhancements and six attack objective enhancements. We evaluate their effectiveness on two datasets with four steering models. Our findings reveal that, out of nine enhancements, Resizing+Translation delivers the best black-box transferability, producing up to 9.39 degrees increase in MAE. Pred+Attn serves as the best objective enhancement, producing a maximum of 5.55 degrees (white-box) and 6.21 degrees (black-box) increase in MAE. Through attention heatmap visualizations, we discover that different models focus on similar regions when predicting, thereby enhancing the transferability of attention-based attacks.
In conclusion, our study provides valuable results and insights into the transferability-enhancement techniques for E2E ADSs, which also serve as a robust benchmark for further advancements in the autonomous driving field.
Thu 5 DecDisplayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change
14:00 - 15:30 | Session (11)Technical Track / ERA - Early Research Achievements at Room 4 (Xianglin Ballroom) Chair(s): Deron Liang National Central University | ||
14:00 30mTalk | Enhancing the Transferability of Adversarial Attacks for End-to-End Autonomous Driving Systems Technical Track Jingyu Zhang City University of Hong Kong, Jacky Keung City University of Hong Kong, Xiaoxue Ma City University of Hong Kong, Yihan Liao City University of Hong Kong, Yishu Li City University of Hong Kong, Yicheng Sun City University of Hong Kong | ||
14:30 30mTalk | Enhancing Reentrancy Vulnerability Detection and Repair with a Hybrid Model Framework Technical Track Mengliang Li Zhejiang University, Xiaoxue Ren Zhejiang University, Han Fu Zhejiang University, Zhuo Li State Street Technology(Zhejiang) Ltd, JianLing Sun Zhejiang University | ||
15:00 20mTalk | BugsInKube: A Collection of Reconciliation Bugs ERA - Early Research Achievements Kabilan Mahathevan University of Moratuwa, Sivakajan Sivaparan University of Moratuwa, Tharsha Sivapalarajah University of Moratuwa, Sunimal Rathnayake University of Moratuwa, Ridwan Salihin Shariffdeen National University of Singapore |