Adversarial Attack Against Image-Based Localization Neural Networks

TL;DR

This paper demonstrates how adversarial attacks can manipulate image-based localization neural networks in autonomous vehicles, causing navigation errors in simulated urban environments.

Contribution

It introduces a novel adversarial attack method targeting localization neural networks to induce navigation failures in autonomous vehicles.

Findings

Adversarial patterns successfully mislead localization networks.

The attack prevents correct turning decisions at intersections.

Navigation errors occur without detection by the vehicle's systems.

Abstract

In this paper, we present a proof of concept for adversarially attacking the image-based localization module of an autonomous vehicle. This attack aims to cause the vehicle to perform a wrong navigational decisions and prevent it from reaching a desired predefined destination in a simulated urban environment. A database of rendered images allowed us to train a deep neural network that performs a localization task and implement, develop and assess the adversarial pattern. Our tests show that using this adversarial attack we can prevent the vehicle from turning at a given intersection. This is done by manipulating the vehicle's navigational module to falsely estimate its current position and thus fail to initialize the turning procedure until the vehicle misses the last opportunity to perform a safe turn in a given intersection.