AdvSwap: Covert Adversarial Perturbation with High Frequency Info-swapping for Autonomous Driving Perception
This addresses safety vulnerabilities in autonomous driving by enabling more stealthy adversarial attacks, though it is incremental as it builds on existing covert attack techniques.
The paper tackles the problem of creating covert adversarial attacks on autonomous vehicle perception systems by introducing AdvSwap, a method that uses wavelet-based high-frequency information swapping to generate adversarial samples that are difficult to detect by humans and algorithms, achieving effective attacks on traffic targets in datasets like GTSRB and nuScenes.
Perception module of Autonomous vehicles (AVs) are increasingly susceptible to be attacked, which exploit vulnerabilities in neural networks through adversarial inputs, thereby compromising the AI safety. Some researches focus on creating covert adversarial samples, but existing global noise techniques are detectable and difficult to deceive the human visual system. This paper introduces a novel adversarial attack method, AdvSwap, which creatively utilizes wavelet-based high-frequency information swapping to generate covert adversarial samples and fool the camera. AdvSwap employs invertible neural network for selective high-frequency information swapping, preserving both forward propagation and data integrity. The scheme effectively removes the original label data and incorporates the guidance image data, producing concealed and robust adversarial samples. Experimental evaluations and comparisons on the GTSRB and nuScenes datasets demonstrate that AdvSwap can make concealed attacks on common traffic targets. The generates adversarial samples are also difficult to perceive by humans and algorithms. Meanwhile, the method has strong attacking robustness and attacking transferability.