arxiv: https://arxiv.org/abs/1903.05157

Abstract:

Recent advances in machine learning, especially techniques such as deep neural networks, are promoting a range of high-stakes applications, including autonomous driving, which often relies on deep learning for perception. While deep learning for perception has been shown to be vulnerable to a host of subtle adversarial manipulations of images, end-to-end demonstrations of successful attacks, which manipulate the physical environment and result in physical consequences, are scarce. Moreover, attacks typically involve carefully constructed adversarial examples at the level of pixels. We demonstrate the first end-to-end attacks on autonomous driving in simulation, using simple physically realizable attacks: the painting of black lines on the road. These attacks target deep neural network models for end-to-end autonomous driving control. A systematic investigation shows that such attacks are surprisingly easy to engineer, and we describe scenarios (e.g., right turns) in which they are highly effective, and others that are less vulnerable (e.g., driving straight). Further, we use network deconvolution to demonstrate that the attacks succeed by inducing activation patterns similar to entirely different scenarios used in training.

Recently published my first, first-authored paper in the ML domain. Thought this would be a good place to share and talk about it.

Essentially, we answer the question: Can we paint a line on the road in a way that would confuse an autonomous vehicle?

• so far we looked only at vision (camera) based end-to-end Imitation Learning and Reinforcement Learning models
• wanted to bring up discussion about adversarial ML against self-driving vehicles