TY - GEN
T1 - WEIGHTED AVERAGE PRECISION
T2 - 2021 IEEE International Conference on Image Processing, ICIP 2021
AU - Chai, Weiheng
AU - Lu, Yantao
AU - Velipasalar, Senem
N1 - Publisher Copyright:
© 2021 IEEE
PY - 2021
Y1 - 2021
N2 - Recent works have shown that neural networks are vulnerable to carefully crafted adversarial examples (AE). By adding small perturbations to original images, AEs are able to deceive victim models, and result in incorrect outputs. Research work in adversarial machine learning started to focus on the detection of AEs in autonomous driving applications. However, existing studies either use simplifying assumptions on the outputs of object detectors or ignore the tracking system in the perception pipeline. In this paper, we first propose a novel similarity distance metric for object detection outputs in autonomous driving applications. Then, we bridge the gap between the current AE detection research and the real-world autonomous systems by providing a temporal AE detection algorithm, which takes the impact of tracking system into consideration. We perform evaluations on Berkeley Deep Drive and CityScapes datasets, by using different white-box and black-box attacks, which show that our approach outperforms the mean-average-precision and mean intersection-over-union based AE detection baselines by significantly increasing the detection accuracy.
AB - Recent works have shown that neural networks are vulnerable to carefully crafted adversarial examples (AE). By adding small perturbations to original images, AEs are able to deceive victim models, and result in incorrect outputs. Research work in adversarial machine learning started to focus on the detection of AEs in autonomous driving applications. However, existing studies either use simplifying assumptions on the outputs of object detectors or ignore the tracking system in the perception pipeline. In this paper, we first propose a novel similarity distance metric for object detection outputs in autonomous driving applications. Then, we bridge the gap between the current AE detection research and the real-world autonomous systems by providing a temporal AE detection algorithm, which takes the impact of tracking system into consideration. We perform evaluations on Berkeley Deep Drive and CityScapes datasets, by using different white-box and black-box attacks, which show that our approach outperforms the mean-average-precision and mean intersection-over-union based AE detection baselines by significantly increasing the detection accuracy.
KW - Adversarial attack
KW - Neural networks
UR - http://www.scopus.com/inward/record.url?scp=85125583091&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85125583091&partnerID=8YFLogxK
U2 - 10.1109/ICIP42928.2021.9506613
DO - 10.1109/ICIP42928.2021.9506613
M3 - Conference contribution
AN - SCOPUS:85125583091
T3 - Proceedings - International Conference on Image Processing, ICIP
SP - 804
EP - 808
BT - 2021 IEEE International Conference on Image Processing, ICIP 2021 - Proceedings
PB - IEEE Computer Society
Y2 - 19 September 2021 through 22 September 2021
ER -