TL;DR
This paper introduces AdvRoad, a novel method for creating naturalistic, road-style adversarial posters that can stealthily deceive 3D object detectors in autonomous driving, highlighting significant safety vulnerabilities.
Contribution
The paper proposes a two-stage approach to generate realistic adversarial posters that effectively attack visual 3D detection models in autonomous driving scenarios.
Findings
AdvRoad successfully deceives various detectors across different scenes and locations.
Physical attacks demonstrate real-world feasibility and threat.
Adversarial posters maintain natural road-like appearance while causing misdetections.
Abstract
Modern autonomous driving (AD) systems leverage 3D object detection to perceive foreground objects in 3D environments for subsequent prediction and planning. Visual 3D detection based on RGB cameras provides a cost-effective solution compared to the LiDAR paradigm. While achieving promising detection accuracy, current deep neural network-based models remain highly susceptible to adversarial examples. The underlying safety concerns motivate us to investigate realistic adversarial attacks in AD scenarios. Previous work has demonstrated the feasibility of placing adversarial posters on the road surface to induce hallucinations in the detector. However, the unnatural appearance of the posters makes them easily noticeable by humans, and their fixed content can be readily targeted and defended. To address these limitations, we propose the AdvRoad to generate diverse road-style adversarial…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
