Physical 3D Adversarial Attacks against Monocular Depth Estimation in Autonomous Driving

TL;DR

This paper introduces 3D$^2$Fool, a novel 3D texture-based adversarial attack on monocular depth estimation in autonomous driving, demonstrating high robustness and real-world effectiveness across various conditions.

Contribution

It presents the first 3D adversarial textures for MDE models, enhancing attack robustness against viewpoints and weather, surpassing previous 2D patch methods.

Findings

Achieves over 10 meters error in real-world tests

Effective across different weather conditions and viewpoints

Outperforms previous 2D adversarial patch attacks

Abstract

Deep learning-based monocular depth estimation (MDE), extensively applied in autonomous driving, is known to be vulnerable to adversarial attacks. Previous physical attacks against MDE models rely on 2D adversarial patches, so they only affect a small, localized region in the MDE map but fail under various viewpoints. To address these limitations, we propose 3D Depth Fool (3D$^2$Fool), the first 3D texture-based adversarial attack against MDE models. 3D$^2$Fool is specifically optimized to generate 3D adversarial textures agnostic to model types of vehicles and to have improved robustness in bad weather conditions, such as rain and fog. Experimental results validate the superior performance of our 3D$^2$Fool across various scenarios, including vehicles, MDE models, weather conditions, and viewpoints. Real-world experiments with printed 3D textures on physical vehicle models further demonstrate that our 3D$^2$Fool can cause an MDE error of over 10 meters.