A Technique for Targeted and Untargeted Adversarial Attack Goal Detection

DOI: https://doie.org/10.0608/Jbse.2024529242

Prashanth K Y , Rohitha Ujjini Matad

Keywords:

Adversarial attacks, Targeted Attacks, Untargeted Attacks, Adversarial Goal, Traffic Sign Recognition, Traffic Sign

Abstract:

Autonomous vehicles or self-driving cars and semi-autonomous cars are equipped with advanced technology and driver assistance features enabling safe and easier driving experience that abides by the law, rules and regulations and alleviate traffic congestion. However, since these features leverage wireless networks, sensors, and cameras, it also opens windows to threats, vulnerabilities, and hacking attacks. The introduction of machine learning and deep learning in realizing fully autonomous vehicles has provided a massive pace for achieving these autonomous systems. However, the addition of these deep neural networks from sensing, perception, localization, and planning to decision taking stages of autonomous driving is also opening a floodgate for the attackers as they introduce numerous unknown attack surfaces. Some of the vulnerabilities of the deep learning neural networks are getting noticed in the last half-decade, which posing serious questions on the implications of these systems in vehicles, as any exploitation of these results in the fatal on the road. Adversarial attacks are one among the prominent attacks on deep learning-based vehicular autonomous systems, which will fool the neural networks during object detection, object classification, and segmentations. The addition of invisible crafted noise into the images makes them adversarial and have got a capability to deceive the fully trained neural networks during evasion in the driving environment. In retarding the influence of these adversarial images, there are many systems available in detecting the adversarial images. However, they all are incapable of detecting the true goals of the adversary during the adversarial attacks. Hence, an approach is proposed here for detecting the adversarial goal of the attackers when launching the adversarial attacks. The proposed system detects both the untargeted and targeted adversarial attack goals using a trained machine learning model, which predicts the probabilities of all the traffic signs for each traffic pole. The adversarial goal detection machine learning model is trained on the collected large non-adversarial traffic sign probability dataset. Once the traffic pole is detected through navigation system, the difference between the predicted probability of traffic signs from machine learning model and predicted probability of traffic signs from vehicular traffic sign recognition system is found. This positive deference indicates the untargeted attack goal, as it causes the probability of untargeted traffic sign to decrease. Similarly, a negative deference indicates the targeted attack goal, as it causes the probability of targeted traffic sign to increase. Hence, the proposed system detects the adversarial goals precisely, which helps in designing the efficient adversarial defense mechanism. Further to which, the nature of adversarial images, either static or dynamic poses a serious question to the defender to detect an accurate adversarial attack security defense system. Hence, there is a need to detect these static and dynamic images. So, this proposed system also proposes a method to detect the static and dynamic images and detects the adversarial attacker’s goal for both static and dynamic adversarial images. The performance of the proposed system is evaluated for the traffic sign recognition system, which uses trained deep learning models. The proposed system detects the adversarial goals with satisfactory accuracy

PDF