Traffic sign detection is a critical task in the operation of Autonomous Vehicles (AV), as it ensures the safety of all road users. Current DNN-based sign classification systems rely on pixel-level features to detect traffic signs and can be susceptible to adversarial attacks. These attacks involve small, imperceptible changes to a sign that can cause traditional classifiers to misidentify the sign. We propose an Inductive Logic Programming (ILP) based approach for stop sign detection in AVs to address this issue. This method utilises high-level features of a sign, such as its shape, colour, and text, to detect categories of traffic signs. This approach is more robust against adversarial attacks, as it mimics human-like perception and is less susceptible to the limitations of current DNN classifiers. We consider two adversarial attacking methods to evaluate our approach: Robust Physical Perturbation (PR2) and Adversarial Camouflage (AdvCam). These attacks are able to deceive DNN classifiers, causing them to misidentify stop signs as other signs with high confidence. The results show that the proposed ILP-based technique is able to correctly identify all targeted stop signs, even in the presence of PR2 and ADvCam attacks. The proposed learning method is also efficient as it requires minimal training data. Moreover, it is fully explainable, making it possible to debug AVs.

翻译：交通标志检测是自动驾驶汽车（AV）运行中的关键任务，因为它关系到所有道路使用者的安全。当前基于深度神经网络（DNN）的标志分类系统依赖像素级特征来检测交通标志，容易受到对抗攻击的影响。这些攻击通过对标志进行微小且难以察觉的修改，导致传统分类器误判标志。为应对这一问题，我们提出了一种基于归纳逻辑编程（ILP）的自动驾驶汽车停车标志检测方法。该方法利用标志的高层特征（如形状、颜色和文字）来检测交通标志类别。该方式对对抗攻击更具鲁棒性，因为它模拟了人类感知过程，不易受当前DNN分类器局限性的影响。我们采用两种对抗攻击方法来评估该方法：鲁棒物理扰动（PR2）和对抗伪装（AdvCam）。这些攻击能够欺骗DNN分类器，使其以高置信度将停车标志误识别为其他标志。结果表明，即使面对PR2和AdvCam攻击，所提出的基于ILP的技术也能正确识别所有目标停车标志。此外，该学习方法仅需极少量训练数据，效率极高。同时，其完全可解释的特性使得自动驾驶汽车的调试成为可能。