Online Evasion Attacks on Recurrent Models:The Power of Hallucinating the Future
This addresses security risks in applications like autonomous driving by providing a comprehensive study of online evasion attacks, though it is incremental in extending attack methods to online settings.
The paper tackles the vulnerability of recurrent models in online tasks by introducing a general attack framework that accommodates time-varying objectives and constraints, and presents a novel white-box Predictive Attack that hallucinates future inputs, achieving 98% of the performance of an ideal clairvoyant attack on average.
Recurrent models are frequently being used in online tasks such as autonomous driving, and a comprehensive study of their vulnerability is called for. Existing research is limited in generality only addressing application-specific vulnerability or making implausible assumptions such as the knowledge of future input. In this paper, we present a general attack framework for online tasks incorporating the unique constraints of the online setting different from offline tasks. Our framework is versatile in that it covers time-varying adversarial objectives and various optimization constraints, allowing for a comprehensive study of robustness. Using the framework, we also present a novel white-box attack called Predictive Attack that `hallucinates' the future. The attack achieves 98 percent of the performance of the ideal but infeasible clairvoyant attack on average. We validate the effectiveness of the proposed framework and attacks through various experiments.