Adversarial Attack and Defense of YOLO Detectors in Autonomous Driving Scenarios
Jung Im Choi, Qing Tian
TL;DR
This paper identifies a vulnerability in YOLO detectors related to objectness in autonomous driving and proposes an attack and defense method, significantly improving robustness against objectness-focused adversarial attacks.
Contribution
It introduces a novel objectness-aware adversarial attack and a corresponding defense strategy for YOLO detectors in autonomous driving scenarios.
Findings
Attack effectiveness increased by over 45% on KITTI and COCO datasets.
Defense improves detector robustness by up to 21% and 12% mAP.
Objectness vulnerability is a critical factor in detector robustness.
Abstract
Visual detection is a key task in autonomous driving, and it serves as a crucial foundation for self-driving planning and control. Deep neural networks have achieved promising results in various visual tasks, but they are known to be vulnerable to adversarial attacks. A comprehensive understanding of deep visual detectors' vulnerability is required before people can improve their robustness. However, only a few adversarial attack/defense works have focused on object detection, and most of them employed only classification and/or localization losses, ignoring the objectness aspect. In this paper, we identify a serious objectness-related adversarial vulnerability in YOLO detectors and present an effective attack strategy targeting the objectness aspect of visual detection in autonomous vehicles. Furthermore, to address such vulnerability, we propose a new objectness-aware adversarial…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning
MethodsYou Only Look Once