Revisiting Adversarial Perception Attacks and Defense Methods on Autonomous Driving Systems

Authors

• Cheng Chen, Louisiana State University

Document Type

Conference Proceeding

Publication Date

1-1-2025

Abstract

Autonomous driving systems (ADS) increasingly rely on deep learning-based perception models, which remain vulnerable to adversarial attacks. In this paper, we revisit adversarial attacks and defense methods, focusing on road sign recognition and lead object detection and prediction (e.g., relative distance). Using a Level-2 production ADS, OpenPilot by Comma.ai, and the widely adopted YOLO model, we systematically examine the impact of adversarial perturbations and assess defense techniques, including adversarial training, image processing, contrastive learning, and diffusion models. Our experiments highlight both the strengths and limitations of these methods in mitigating complex attacks. Through targeted evaluations of model robustness, we aim to provide deeper insights into the vulnerabilities of ADS perception systems and contribute guidance for developing more resilient defense strategies. [Code Available at https://github.com/DepCPS/revisiting_adversarial_ADS]

Publication Source (Journal or Book title)

IEEE IFIP International Conference on Dependable Systems and Networks Workshops Dsn W

First Page

242

Last Page

249

Recommended Citation

Chen, C. (2025). Revisiting Adversarial Perception Attacks and Defense Methods on Autonomous Driving Systems. IEEE IFIP International Conference on Dependable Systems and Networks Workshops Dsn W (2025), 242-249. https://doi.org/10.1109/DSN-W65791.2025.00071