Attack End-to-End Autonomous Driving through Module-Wise Noise

TL;DR

This paper investigates the security vulnerabilities of end-to-end autonomous driving models by introducing a universal attack scheme that injects noise module-wise, revealing significant risks and outperforming previous methods.

Contribution

It is the first comprehensive study on adversarial attacks targeting modular end-to-end autonomous driving models, proposing a novel universal attack approach.

Findings

The attack outperforms previous methods in effectiveness.

Large-scale experiments demonstrate significant vulnerabilities.

Insights into improving autonomous driving safety.

Abstract

With recent breakthroughs in deep neural networks, numerous tasks within autonomous driving have exhibited remarkable performance. However, deep learning models are susceptible to adversarial attacks, presenting significant security risks to autonomous driving systems. Presently, end-to-end architectures have emerged as the predominant solution for autonomous driving, owing to their collaborative nature across different tasks. Yet, the implications of adversarial attacks on such models remain relatively unexplored. In this paper, we conduct comprehensive adversarial security research on the modular end-to-end autonomous driving model for the first time. We thoroughly consider the potential vulnerabilities in the model inference process and design a universal attack scheme through module-wise noise injection. We conduct large-scale experiments on the full-stack autonomous driving model and demonstrate that our attack method outperforms previous attack methods. We trust that our research will offer fresh insights into ensuring the safety and reliability of autonomous driving systems.