Adversarial Attack Against Image-Based Localization Neural Networks
This addresses a security vulnerability for autonomous vehicles, but it is incremental as it builds on existing adversarial attack methods in a simulated environment.
The paper tackled the problem of adversarial attacks on image-based localization neural networks in autonomous vehicles, demonstrating that such attacks can prevent a vehicle from turning at a given intersection by causing false position estimates.
In this paper, we present a proof of concept for adversarially attacking the image-based localization module of an autonomous vehicle. This attack aims to cause the vehicle to perform a wrong navigational decisions and prevent it from reaching a desired predefined destination in a simulated urban environment. A database of rendered images allowed us to train a deep neural network that performs a localization task and implement, develop and assess the adversarial pattern. Our tests show that using this adversarial attack we can prevent the vehicle from turning at a given intersection. This is done by manipulating the vehicle's navigational module to falsely estimate its current position and thus fail to initialize the turning procedure until the vehicle misses the last opportunity to perform a safe turn in a given intersection.