RED: Robust Environmental Design
This addresses a critical safety problem for autonomous vehicles by introducing a novel, attacker-agnostic approach to enhance robustness, moving beyond incremental model improvements.
The paper tackles the vulnerability of autonomous systems to adversarial attacks on road sign classification by redesigning the signs themselves, resulting in a significant reduction in vulnerability to patch attacks as demonstrated in digital and physical tests.
The classification of road signs by autonomous systems, especially those reliant on visual inputs, is highly susceptible to adversarial attacks. Traditional approaches to mitigating such vulnerabilities have focused on enhancing the robustness of classification models. In contrast, this paper adopts a fundamentally different strategy aimed at increasing robustness through the redesign of road signs themselves. We propose an attacker-agnostic learning scheme to automatically design road signs that are robust to a wide array of patch-based attacks. Empirical tests conducted in both digital and physical environments demonstrate that our approach significantly reduces vulnerability to patch attacks, outperforming existing techniques.