Simulation of adversarial attack on vision system of self-driving agent
Zhu, Ziwei
This item is only available for download by members of the University of Illinois community. Students, faculty, and staff at the U of I may log in with your NetID and password to view the item. If you are trying to access an Illinois-restricted dissertation or thesis, you can request a copy through your library's Inter-Library Loan office or purchase a copy directly from ProQuest.
Permalink
https://hdl.handle.net/2142/104057
Description
Title
Simulation of adversarial attack on vision system of self-driving agent
Author(s)
Zhu, Ziwei
Contributor(s)
Hu, Yih-Chun
Issue Date
2019-05
Keyword(s)
Self-driving
Vision system
Adversarial attack
Automobile driving simulation
Abstract
Machine learning has been increasingly applied to the realm of self-driving. The operation of a self-driving vehicle is built upon the cooperation of a vision system, radars and Global Positioning System (GPS). The vision system, as the most complex and vulnerable phase in this whole system, involves convolutional neural networks (CNN) as well as real-time pattern recognition. Previous research has studied adversarial attacks on pre-defined CNN models with known evaluation functions, and applied this attack on stationary images or in a dynamic environment with a relatively slow movement. However, no research has clearly presented the outcomes after a self-driving vehicle sustains such an attack in a real-world scene.
In this thesis, we report the process of building the platform to support a black-box test on an open-sourced self-driving system, Openpilot, and carrying out the attack on its vision system in a simulated program, Stunt Rally. This racing game is open-sourced, allowing customizing vehicle specs and tracks, which ensures complete flexibility and fidelity in our experiment. In order to simulate the scenario for Openpilot as controlling a physical car on a straight road, we built a data-streaming module and a real-time signal processing module. We verified the feasibility to simulate Openpilot functioning on highways based on our platform and evaluated trigger conditions in which an adversarial attack can be effective. This experimental setup also allows generative adversarial networks (GAN) to be used as a means of attack in the future
Use this login method if you
don't
have an
@illinois.edu
email address.
(Oops, I do have one)
IDEALS migrated to a new platform on June 23, 2022. If you created
your account prior to this date, you will have to reset your password
using the forgot-password link below.
