Huang, Yuanhao (Beihang University), zhang, qinfan (Beihang University), Xing, Jiandong (Beihang University), cheng, mengyue (beihang), Yu, Haiyang (Beihang University), Ren, Yilong (Beihang University), Xiao, Xiong (University of Alberta)

AdvSwap: Covert Adversarial Perturbation with High Frequency Info-Swapping for Autonomous Driving Perception

Scheduled for presentation during the Regular Session "Sensing, Vision, and Perception III" (ThAT5), Thursday, September 26, 2024, 11:50−12:10, Salon 13

2024 IEEE 27th International Conference on Intelligent Transportation Systems (ITSC), September 24- 27, 2024, Edmonton, Canada

This information is tentative and subject to change. Compiled on December 26, 2024

Abstract

Perception module of Autonomous vehicles (AVs) are increasingly susceptible to be attacked, which exploit vulnerabilities in neural networks through adversarial inputs, thereby compromising the AI safety. Some researches focus on creating covert adversarial samples, but existing global noise techniques are detectable and difficult to deceive the human visual system. This paper introduces a novel adversarial attack method, AdvSwap, which creatively utilizes wavelet-based high-frequency information swapping to generate covert adversarial samples and fool the camera. AdvSwap employs invertible neural network for selective high-frequency information swapping, preserving both forward propagation and data integrity. The scheme effectively removes the original label data and incorporates the guidance image data, producing concealed and robust adversarial samples. Experimental evaluations and comparisons on the GTSRB and nuScenes datasets demonstrate that AdvSwap can make concealed attacks on common traffic targets. The generates adversarial samples are also difficult to perceive by humans and algorithms. Meanwhile, the method has strong attacking robustness and attacking transferability.