Adversarial Driving: Attacking End-to-End Autonomous Driving Systems
share
As the research in deep neural networks advances, deep convolutional networks become feasible for automated driving tasks. There is an emerging trend of employing end-to-end models in the automation of driving tasks. However, previous research unveils that deep neural networks are vulnerable to adversarial attacks in classification tasks. While for regression tasks such as autonomous driving, the effect of these attacks remains uncertain. In this research, we devise two white-box targeted attacks against end-to-end autonomous driving systems. The driving model takes an image as input and outputs the steering angle. Our attacks can manipulate the behaviour of the autonomous driving system only by changing the input image. The implementation of both attacks can achieve real-time performance on CPUs. This demo aims to raise concerns over applications of end-to-end models in safety-critical systems.
READ FULL TEXT