Paper ID | MLR-APPL-IP-5.2 | ||
Paper Title | WEIGHTED AVERAGE PRECISION: ADVERSARIAL EXAMPLE DETECTION FOR VISUAL PERCEPTION OF AUTONOMOUS VEHICLES | ||
Authors | Weiheng Chai, Yantao Lu, Senem Velipasalar, Syracuse University, United States | ||
Session | MLR-APPL-IP-5: Machine learning for image processing 5 | ||
Location | Area E | ||
Session Time: | Tuesday, 21 September, 13:30 - 15:00 | ||
Presentation Time: | Tuesday, 21 September, 13:30 - 15:00 | ||
Presentation | Poster | ||
Topic | Applications of Machine Learning: Machine learning for image processing | ||
IEEE Xplore Open Preview | Click here to view in IEEE Xplore | ||
Abstract | Recent works have shown that neural networks are vulnerable to carefully crafted adversarial examples (AE). By adding small perturbations to original images, AEs are able to deceive victim models, and result in incorrect outputs. Research work in adversarial machine learning started to focus on the detection of AEs in autonomous driving applications. However, existing studies either use simplifying assumptions on the outputs of object detectors or ignore the tracking system in the perception pipeline. In this paper, we first propose a novel similarity distance metric for object detection outputs in autonomous driving applications. Then, we bridge the gap between the current AE detection research and the real-world autonomous systems by providing a temporal AE detection algorithm, which takes the impact of tracking system into consideration. We perform evaluations on Berkeley Deep Drive and CityScapes datasets, by using different white-box and black-box attacks, which show that our approach outperforms the mean-average-precision and mean intersectionover-union based AE detection baselines by significantly increasing the detection accuracy. |