ATTA: Adversarial Task-transferable Attacks on Autonomous Driving Systems

Qingjie Zhang; Maosen Zhang; Han Qiu; Tianwei Zhang; Mounira Msahli; Gerard Memmi

doi:10.1109/ICDM58522.2023.00089

ATTA: Adversarial Task-transferable Attacks on Autonomous Driving Systems

Qingjie Zhang
, Maosen Zhang
, Han Qiu
, Tianwei Zhang
, Mounira Msahli
, Gerard Memmi

Tsinghua University
Beijing University of Posts and Telecommunications
Nanyang Technological University

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

Deep learning (DL) based perception models have enabled the possibility of current autonomous driving systems (ADS). However, various studies have pointed out that the DL models inside the ADS perception modules are vulnerable to adversarial attacks which can easily manipulate these DL models' predictions. In this paper, we propose a more practical adversarial attack against the ADS perception module. Particularly, instead of targeting one of the DL models inside the ADS perception module, we propose to use one universal patch to mislead multiple DL models inside the ADS perception module simultaneously which leads to a higher chance of system-wide malfunction. We achieve such a goal by attacking the attention of DL models as a higher level of feature representation rather than traditional gradient-based attacks. We successfully generate a universal patch containing malicious perturbations that can attract multiple victim DL models' attention to further induce their prediction errors. We verify our attack with extensive experiments on a typical ADS perception module structure with five famous datasets and also physical world scenes¹¹We release our code at https://github.com/qingjiesjtu/ATTA

langue originale	Anglais
titre	Proceedings - 23rd IEEE International Conference on Data Mining, ICDM 2023
rédacteurs en chef	Guihai Chen, Latifur Khan, Xiaofeng Gao, Meikang Qiu, Witold Pedrycz, Xindong Wu
Editeur	Institute of Electrical and Electronics Engineers Inc.
Pages	798-807
Nombre de pages	10
ISBN (Electronique)	9798350307887
Les DOIs	https://doi.org/10.1109/ICDM58522.2023.00089
état	Publié - 1 janv. 2023
Evénement	23rd IEEE International Conference on Data Mining, ICDM 2023 - Shanghai, Chine Durée: 1 déc. 2023 → 4 déc. 2023

Série de publications

Nom	Proceedings - IEEE International Conference on Data Mining, ICDM
ISSN (imprimé)	1550-4786

Une conférence

Une conférence	23rd IEEE International Conference on Data Mining, ICDM 2023
Pays/Territoire	Chine
La ville	Shanghai
période	1/12/23 → 4/12/23

Accès au document

10.1109/ICDM58522.2023.00089

Autres fichiers et liens

Lien vers la publication dans Scopus

Contient cette citation

Zhang, Q., Zhang, M., Qiu, H., Zhang, T., Msahli, M., & Memmi, G. (2023). ATTA: Adversarial Task-transferable Attacks on Autonomous Driving Systems. Dans G. Chen, L. Khan, X. Gao, M. Qiu, W. Pedrycz, & X. Wu (eds.), Proceedings - 23rd IEEE International Conference on Data Mining, ICDM 2023 (p. 798-807). (Proceedings - IEEE International Conference on Data Mining, ICDM). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICDM58522.2023.00089

Zhang, Qingjie ; Zhang, Maosen ; Qiu, Han et al. / ATTA : Adversarial Task-transferable Attacks on Autonomous Driving Systems. Proceedings - 23rd IEEE International Conference on Data Mining, ICDM 2023. Editeur / Guihai Chen ; Latifur Khan ; Xiaofeng Gao ; Meikang Qiu ; Witold Pedrycz ; Xindong Wu. Institute of Electrical and Electronics Engineers Inc., 2023. p. 798-807 (Proceedings - IEEE International Conference on Data Mining, ICDM).

@inproceedings{7e5938490faa4252be9dbd0d3c6c745a,

title = "ATTA: Adversarial Task-transferable Attacks on Autonomous Driving Systems",

abstract = "Deep learning (DL) based perception models have enabled the possibility of current autonomous driving systems (ADS). However, various studies have pointed out that the DL models inside the ADS perception modules are vulnerable to adversarial attacks which can easily manipulate these DL models' predictions. In this paper, we propose a more practical adversarial attack against the ADS perception module. Particularly, instead of targeting one of the DL models inside the ADS perception module, we propose to use one universal patch to mislead multiple DL models inside the ADS perception module simultaneously which leads to a higher chance of system-wide malfunction. We achieve such a goal by attacking the attention of DL models as a higher level of feature representation rather than traditional gradient-based attacks. We successfully generate a universal patch containing malicious perturbations that can attract multiple victim DL models' attention to further induce their prediction errors. We verify our attack with extensive experiments on a typical ADS perception module structure with five famous datasets and also physical world scenes11We release our code at https://github.com/qingjiesjtu/ATTA",

keywords = "Deep learning, adversarial attack, autonomous driving system, computer vision",

author = "Qingjie Zhang and Maosen Zhang and Han Qiu and Tianwei Zhang and Mounira Msahli and Gerard Memmi",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 23rd IEEE International Conference on Data Mining, ICDM 2023 ; Conference date: 01-12-2023 Through 04-12-2023",

year = "2023",

month = jan,

day = "1",

doi = "10.1109/ICDM58522.2023.00089",

language = "English",

series = "Proceedings - IEEE International Conference on Data Mining, ICDM",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "798--807",

editor = "Guihai Chen and Latifur Khan and Xiaofeng Gao and Meikang Qiu and Witold Pedrycz and Xindong Wu",

booktitle = "Proceedings - 23rd IEEE International Conference on Data Mining, ICDM 2023",

}

Zhang, Q, Zhang, M, Qiu, H, Zhang, T, Msahli, M & Memmi, G 2023, ATTA: Adversarial Task-transferable Attacks on Autonomous Driving Systems. Dans G Chen, L Khan, X Gao, M Qiu, W Pedrycz & X Wu (eds), Proceedings - 23rd IEEE International Conference on Data Mining, ICDM 2023. Proceedings - IEEE International Conference on Data Mining, ICDM, Institute of Electrical and Electronics Engineers Inc., p. 798-807, 23rd IEEE International Conference on Data Mining, ICDM 2023, Shanghai, Chine, 1/12/23. https://doi.org/10.1109/ICDM58522.2023.00089

ATTA: Adversarial Task-transferable Attacks on Autonomous Driving Systems. / Zhang, Qingjie; Zhang, Maosen; Qiu, Han et al.
Proceedings - 23rd IEEE International Conference on Data Mining, ICDM 2023. Ed. / Guihai Chen; Latifur Khan; Xiaofeng Gao; Meikang Qiu; Witold Pedrycz; Xindong Wu. Institute of Electrical and Electronics Engineers Inc., 2023. p. 798-807 (Proceedings - IEEE International Conference on Data Mining, ICDM).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - ATTA

T2 - 23rd IEEE International Conference on Data Mining, ICDM 2023

AU - Zhang, Qingjie

AU - Zhang, Maosen

AU - Qiu, Han

AU - Zhang, Tianwei

AU - Msahli, Mounira

AU - Memmi, Gerard

PY - 2023/1/1

Y1 - 2023/1/1

N2 - Deep learning (DL) based perception models have enabled the possibility of current autonomous driving systems (ADS). However, various studies have pointed out that the DL models inside the ADS perception modules are vulnerable to adversarial attacks which can easily manipulate these DL models' predictions. In this paper, we propose a more practical adversarial attack against the ADS perception module. Particularly, instead of targeting one of the DL models inside the ADS perception module, we propose to use one universal patch to mislead multiple DL models inside the ADS perception module simultaneously which leads to a higher chance of system-wide malfunction. We achieve such a goal by attacking the attention of DL models as a higher level of feature representation rather than traditional gradient-based attacks. We successfully generate a universal patch containing malicious perturbations that can attract multiple victim DL models' attention to further induce their prediction errors. We verify our attack with extensive experiments on a typical ADS perception module structure with five famous datasets and also physical world scenes11We release our code at https://github.com/qingjiesjtu/ATTA

AB - Deep learning (DL) based perception models have enabled the possibility of current autonomous driving systems (ADS). However, various studies have pointed out that the DL models inside the ADS perception modules are vulnerable to adversarial attacks which can easily manipulate these DL models' predictions. In this paper, we propose a more practical adversarial attack against the ADS perception module. Particularly, instead of targeting one of the DL models inside the ADS perception module, we propose to use one universal patch to mislead multiple DL models inside the ADS perception module simultaneously which leads to a higher chance of system-wide malfunction. We achieve such a goal by attacking the attention of DL models as a higher level of feature representation rather than traditional gradient-based attacks. We successfully generate a universal patch containing malicious perturbations that can attract multiple victim DL models' attention to further induce their prediction errors. We verify our attack with extensive experiments on a typical ADS perception module structure with five famous datasets and also physical world scenes11We release our code at https://github.com/qingjiesjtu/ATTA

KW - Deep learning

KW - adversarial attack

KW - autonomous driving system

KW - computer vision

UR - https://www.scopus.com/pages/publications/85185396299

U2 - 10.1109/ICDM58522.2023.00089

DO - 10.1109/ICDM58522.2023.00089

M3 - Conference contribution

AN - SCOPUS:85185396299

T3 - Proceedings - IEEE International Conference on Data Mining, ICDM

SP - 798

EP - 807

BT - Proceedings - 23rd IEEE International Conference on Data Mining, ICDM 2023

A2 - Chen, Guihai

A2 - Khan, Latifur

A2 - Gao, Xiaofeng

A2 - Qiu, Meikang

A2 - Pedrycz, Witold

A2 - Wu, Xindong

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 1 December 2023 through 4 December 2023

ER -

Zhang Q, Zhang M, Qiu H, Zhang T, Msahli M , Memmi G. ATTA: Adversarial Task-transferable Attacks on Autonomous Driving Systems. Dans Chen G, Khan L, Gao X, Qiu M, Pedrycz W, Wu X, rédacteurs en chef, Proceedings - 23rd IEEE International Conference on Data Mining, ICDM 2023. Institute of Electrical and Electronics Engineers Inc. 2023. p. 798-807. (Proceedings - IEEE International Conference on Data Mining, ICDM). doi: 10.1109/ICDM58522.2023.00089

ATTA: Adversarial Task-transferable Attacks on Autonomous Driving Systems

Résumé

Série de publications

Une conférence

Accès au document

Autres fichiers et liens

Empreinte digitale

Contient cette citation