Adversarial Attacks on Traffic Sign Recognition: A Survey

TL;DR

This survey reviews recent research on adversarial attacks against traffic sign recognition systems, emphasizing the vulnerability of deep neural networks and the potential for real-world attacks using printed signs or stickers.

Contribution

It provides a comprehensive overview of digital and real-world adversarial attack methods on traffic sign recognition models and identifies key areas for future research.

Findings

Traffic sign recognition models are vulnerable to adversarial attacks.

Real-world attacks using printed signs are feasible and effective.

The survey highlights gaps and future directions in adversarial attack research.

Abstract

Traffic sign recognition is an essential component of perception in autonomous vehicles, which is currently performed almost exclusively with deep neural networks (DNNs). However, DNNs are known to be vulnerable to adversarial attacks. Several previous works have demonstrated the feasibility of adversarial attacks on traffic sign recognition models. Traffic signs are particularly promising for adversarial attack research due to the ease of performing real-world attacks using printed signs or stickers. In this work, we survey existing works performing either digital or real-world attacks on traffic sign detection and classification models. We provide an overview of the latest advancements and highlight the existing research areas that require further investigation.