面向自动驾驶感知系统的对抗样本攻击研究综述

A Review of Adversarial Attack on Autonomous Driving Perception System

自动驾驶感知系统通过多种传感器采集周围环境信息并进行数据处理,用于检测车辆、行人和障碍物等,为后续的控制决策功能提供实时的基础数据.由于传感器直接与外部环境相连,且其自身往往缺乏辨别输入可信度的能力,因此感知系统成为众多攻击的潜在目标.对抗样本攻击是一种具有高隐蔽性和危害性的主流攻击方式,攻击者通过篡改或伪造感知系统的输入数据,欺骗感知算法,导致系统产生错误的输出结果,从而严重威胁自动驾驶安全.系统总结分析了自动驾驶感知系统的工作方式和面向感知系统的对抗样本攻击进展.从基于信号的对抗样本攻击和基于实物的对抗样本攻击2方面对比分析了面向自动驾驶感知系统的对抗样本攻击方案.同时,从异常检测、模型防御和物理防御3个方面全面分析了面向感知系统的对抗样本攻击的防御策略.最后,给出了面向自动驾驶感知系统的对抗样本攻击未来研究方向.

The autonomous driving perception system collects surrounding environmental information through various sensors and processes this data to detect vehicles,pedestrians and obstacles,providing real-time foundational data for subsequent control and decision-making functions.Since sensors are directly connected to the external environment and often lack the ability to discern the credibility of inputs,the perception systems are potential targets for various attacks.Among these,adversarial example attack is a mainstream attack method characterized by high concealment and harm.Attackers manipulate or forge input data of the perception system to deceive the perception algorithms,leading to incorrect output results by the system.Based on the research of existing relevant literature,this paper systematically summarizes the working methods of the autonomous driving perception system,analyzes the adversarial example attack schemes and defense strategies targeting the perception system.In particular,this paper subdivide the adversarial examples for the autonomous driving perception system into signal-based adversarial example attack scheme and object-based adversarial example attack scheme.Additionally,the paper comprehensively discusses defense strategy of the adversarial example attack for the perception system,and subdivide it into anomaly detection,model defense,and physical defense.Finally,this paper prospects the future research directions of adversarial example attack targeting autonomous driving perception systems.