A Training-based Identification Approach to VIN Adversarial Examples

TL;DR

This paper introduces a training-based method to automatically identify adversarial examples in Value Iteration Networks, improving detection speed and accuracy over manual methods in AI security for robot path planning.

Contribution

The paper proposes a novel training-based approach combining path feature comparison and image classification to automatically detect VIN adversarial examples.

Findings

High detection accuracy achieved

Faster identification compared to manual observation

Effective in analyzing adversarial maps for robot path planning

Abstract

With the rapid development of Artificial Intelligence (AI), the problem of AI security has gradually emerged. Most existing machine learning algorithms may be attacked by adversarial examples. An adversarial example is a slightly modified input sample that can lead to a false result of machine learning algorithms. The adversarial examples pose a potential security threat for many AI application areas, especially in the domain of robot path planning. In this field, the adversarial examples obstruct the algorithm by adding obstacles to the normal maps, resulting in multiple effects on the predicted path. However, there is no suitable approach to automatically identify them. To our knowledge, all previous work uses manual observation method to estimate the attack results of adversarial maps, which is time-consuming. Aiming at the existing problem, this paper explores a method to automatically identify the adversarial examples in Value Iteration Networks (VIN), which has a strong generalization ability. We analyze the possible scenarios caused by the adversarial maps. We propose a training-based identification approach to VIN adversarial examples by combing the path feature comparison and path image classification. We evaluate our method using the adversarial maps dataset, show that our method can achieve a high-accuracy and faster identification than manual observation method.