Robust and Safe Traffic Sign Recognition using N-version with Weighted Voting

TL;DR

This paper introduces an N-version machine learning framework with safety-aware weighted voting to improve the robustness and safety of traffic sign recognition in autonomous vehicles against adversarial attacks.

Contribution

The paper presents a novel NVML framework that uses FMEA-based safety-aware weighting to enhance adversarial robustness in traffic sign recognition.

Findings

Significant robustness improvement against FGSM and PGD attacks

Dynamic safety-aware weighting enhances ensemble resilience

NVML outperforms individual models in adversarial scenarios

Abstract

Autonomous driving is rapidly advancing as a key application of machine learning, yet ensuring the safety of these systems remains a critical challenge. Traffic sign recognition, an essential component of autonomous vehicles, is particularly vulnerable to adversarial attacks that can compromise driving safety. In this paper, we propose an N-version machine learning (NVML) framework that integrates a safety-aware weighted soft voting mechanism. Our approach utilizes Failure Mode and Effects Analysis (FMEA) to assess potential safety risks and assign dynamic, safety-aware weights to the ensemble outputs. We evaluate the robustness of three-version NVML systems employing various voting mechanisms against adversarial samples generated using the Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD) attacks. Experimental results demonstrate that our NVML approach significantly enhances the robustness and safety of traffic sign recognition systems under adversarial conditions.