Computer vision plays a critical role in ensuring the safe navigation of autonomous vehicles (AVs). An AV perception module facilitates safe navigation. This module enables AVs to recognize traffic signs, traffic lights, and various road users. However, the perception module is vulnerable to adversarial attacks, which can compromise its accuracy and reliability. One such attack is the adversarial patch attack (APA), an attack in which an adversary strategically places a specially crafted sticker on an object to deceive object classifiers. Such an APA can cause AVs to misclassify traffic signs, leading to catastrophic incidents. To enhance the security of an AV perception system against APAs, this study develops a Generative Adversarial Network (GAN)-based single-stage defense strategy for traffic sign classification. This approach is tailored to defend against APAs across different classes of traffic signs, without prior knowledge of a patch's design, and is effective against patches of varying sizes. In addition, our single-stage defense is computationally efficient, requiring significantly lower computation time than existing multi-stage defenses, making it suitable for real-time deployment in autonomous driving systems. Compared to a classifier without any defense mechanism, our experimental analysis demonstrates that the defense strategy presented in this paper improves our classifier's accuracy under APA conditions by up to 90% considering the traffic sign classes considered in this study. and overall classification accuracy is enhanced by 55% for all traffic signs considered in this study. Our defense strategy is model agnostic, making it applicable to any traffic sign classifier, regardless of the underlying classification model.

翻译：暂无翻译