Evaluating randomized smoothing as a defense against adversarial attacks in trajectory prediction

TL;DR

This paper investigates the use of randomized smoothing as a simple, effective, and computationally inexpensive defense mechanism to enhance the robustness of trajectory prediction models against adversarial attacks in autonomous driving.

Contribution

It introduces and evaluates a novel application of randomized smoothing for improving trajectory prediction robustness, demonstrating its effectiveness across multiple models and datasets.

Findings

Improves robustness of trajectory prediction models against adversarial attacks

Maintains accuracy in non-adversarial conditions

Offers a computationally inexpensive defense method

Abstract

Accurate and robust trajectory prediction is essential for safe and efficient autonomous driving, yet recent work has shown that even state-of-the-art prediction models are highly vulnerable to inputs being mildly perturbed by adversarial attacks. Although model vulnerabilities to such attacks have been studied, work on effective countermeasures remains limited. In this work, we develop and evaluate a new defense mechanism for trajectory prediction models based on randomized smoothing -- an approach previously applied successfully in other domains. We evaluate its ability to improve model robustness through a series of experiments that test different strategies of randomized smoothing. We show that our approach can consistently improve prediction robustness of multiple base trajectory prediction models in various datasets without compromising accuracy in non-adversarial settings. Our results demonstrate that randomized smoothing offers a simple and computationally inexpensive technique for mitigating adversarial attacks in trajectory prediction.