Evaluating randomized smoothing as a defense against adversarial attacks in trajectory prediction
This work addresses the vulnerability of trajectory prediction in autonomous driving to adversarial attacks, offering an incremental defense solution.
The paper tackled the problem of adversarial attacks on trajectory prediction models for autonomous driving by evaluating randomized smoothing as a defense, showing it consistently improves robustness across multiple models and datasets without compromising accuracy.
Accurate and robust trajectory prediction is essential for safe and efficient autonomous driving, yet recent work has shown that even state-of-the-art prediction models are highly vulnerable to inputs being mildly perturbed by adversarial attacks. Although model vulnerabilities to such attacks have been studied, work on effective countermeasures remains limited. In this work, we develop and evaluate a new defense mechanism for trajectory prediction models based on randomized smoothing -- an approach previously applied successfully in other domains. We evaluate its ability to improve model robustness through a series of experiments that test different strategies of randomized smoothing. We show that our approach can consistently improve prediction robustness of multiple base trajectory prediction models in various datasets without compromising accuracy in non-adversarial settings. Our results demonstrate that randomized smoothing offers a simple and computationally inexpensive technique for mitigating adversarial attacks in trajectory prediction.