Research on adversarial attacks and defense performance of image classification models for automated driving systems

Research on adversarial attacks and defense performance of image classification models for automated driving systems

Image classification models have been widely applied to facilitate functions such as autonomous perception and positioning for automated driving in many transportation systems, including automobiles, autonomous rail and urban rail transit systems. However, output and judgment errors generated by the...

Full description

Saved in:
Bibliographic Details
Main Authors: TANG Jun, HUANG Wenjing, LI Shuang, WU Zili
Format: Article
Language:zho
Published: Editorial Department of Electric Drive for Locomotives 2025-01-01
Series:机车电传动
Subjects:
transportation
automated driving
cyber security
functional safety
image classification
adversarial examples
defense performance
Online Access:http://edl.csrzic.com/thesisDetails#10.13890/j.issn.1000-128X.2025.01.100
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Image classification models have been widely applied to facilitate functions such as autonomous perception and positioning for automated driving in many transportation systems, including automobiles, autonomous rail and urban rail transit systems. However, output and judgment errors generated by these models due to the presence of adversarial examples, impose a great impact on the security and safety associated with their applications in automated driving systems. A sensitivity analysis-based noise superposition attack strategy was employed to perform white-box adversarial attacks against ResNet, a typical image classification model. Subsequent studies evaluated the attack effects and defense performance. Firstly, algorithms such as FGSM, BIM, and PGD were selected to generate adversarial examples and tests were conducted through adjusting perturbation coefficients to determine attack success rates under small perturbations. Then, sensitivity analyses were carried out across different regions and examples to identify attack mechanisms using three adversarial interpretation algorithms: LRP, Grad-CAM, and LIME. Based on these analysis results, optimization algorithms such as swarm intelligence defense and adversarial training were adopted to verify the classification performance of the model following adversarial training. A benefit matrix for attack and defense was established using a game algorithm, leading to the development of an optimal defense strategy. Finally, a solution was proposed to ensure security and safety associated with the application of image classification models in advanced driver assistance systems, based on the study findings of adversarial attacks and attack-defense strategies.
ISSN:1000-128X

Similar Items