As the research in deep neural networks advances, deep convolutional networks become feasible for automated driving tasks. There is an emerging trend of employing end-to-end models in the automation of driving tasks. However, previous research unveils that deep neural networks are vulnerable to adversarial attacks in classification tasks. While for regression tasks such as autonomous driving, the effect of these attacks remains uncertain. In this research, we devise two white-box targeted attacks against end-to-end autonomous driving systems. The driving model takes an image as input and outputs the steering angle. Our attacks can manipulate the behaviour of the autonomous driving system only by changing the input image. The implementation of both attacks can achieve real-time performance on CPUs. This demo aims to raise concerns over applications of end-to-end models in safety-critical systems.
翻译:随着深层神经网络研究的进展,深层连锁网络成为自动化驾驶任务的可行性。在驾驶任务自动化中采用端到端模式的趋势正在出现。然而,以前的研究揭示,深层神经网络在分类任务中很容易受到对抗性攻击。关于自动驾驶等回归任务,这些攻击的影响仍然不确定。在这项研究中,我们设计了两个针对端到端自动驾驶系统的白箱定向攻击。驱动模型将图像作为输入和输出方向。我们的攻击只能通过改变输入图像来操纵自动驾驶系统的行为。实施这两种攻击都能够实现CPU的实时性能。这种演示的目的是引起人们对在安全临界系统中应用端到端模式的关切。
相关内容
微信扫码咨询专知VIP会员