As research in deep neural networks advances, deep convolutional networks become promising for autonomous driving tasks. In particular, there is an emerging trend of employing end-to-end neural network models for autonomous driving. However, previous research has shown that deep neural network classifiers are vulnerable to adversarial attacks. While for regression tasks, the effect of adversarial attacks is not as well understood. In this research, we devise two white-box targeted attacks against end-to-end autonomous driving models. The driving system uses a regression model that takes an image as input and outputs the steering angle. Our attacks manipulate the behavior of the autonomous driving system by perturbing the input image. Both attacks can be initiated in real-time on CPUs without employing GPUs. The efficiency of the attacks is illustrated using experiments conducted in Udacity Simulator. Demo video: https://youtu.be/I0i8uN2oOP0.

翻译：随着深度神经网络研究的推进，深度卷积网络在自动驾驶任务中展现出良好前景。特别是采用端到端神经网络模型的自动驾驶方法正成为新兴趋势。然而先前研究表明，深度神经网络分类器容易受到对抗性攻击。但对于回归任务，对抗性攻击的影响尚未得到充分理解。本研究针对端到端自动驾驶模型设计了两种白盒定向攻击方法。该驾驶系统采用回归模型，以图像为输入并输出转向角度。我们的攻击通过扰动输入图像来操控自动驾驶系统的行为。两种攻击均可在无需GPU的CPU上实时发起。通过在Udacity模拟器中开展实验，验证了攻击的高效性。演示视频：https://youtu.be/I0i8uN2oOP0。