Traffic sign recognition is an essential component of perception in autonomous vehicles, which is currently performed almost exclusively with deep neural networks (DNNs). However, DNNs are known to be vulnerable to adversarial attacks. Several previous works have demonstrated the feasibility of adversarial attacks on traffic sign recognition models. Traffic signs are particularly promising for adversarial attack research due to the ease of performing real-world attacks using printed signs or stickers. In this work, we survey existing works performing either digital or real-world attacks on traffic sign detection and classification models. We provide an overview of the latest advancements and highlight the existing research areas that require further investigation.

翻译：交通标志识别是自动驾驶车辆感知系统的重要组成部分，目前几乎完全依赖深度神经网络（DNN）实现。然而，深度神经网络已知易受对抗攻击影响。已有若干研究验证了针对交通标志识别模型的对抗攻击的可行性。由于可通过印刷标志或贴纸等手段轻松实施现实世界攻击，交通标志特别适合作为对抗攻击研究的对象。本综述系统梳理了现有针对交通标志检测与分类模型的数字域与现实世界攻击研究，概述最新进展并指出需进一步探索的研究方向。