Multiple robots could perceive a scene (e.g., detect objects) collaboratively better than individuals, although easily suffer from adversarial attacks when using deep learning. This could be addressed by the adversarial defense, but its training requires the often-unknown attacking mechanism. Differently, we propose ROBOSAC, a novel sampling-based defense strategy generalizable to unseen attackers. Our key idea is that collaborative perception should lead to consensus rather than dissensus in results compared to individual perception. This leads to our hypothesize-and-verify framework: perception results with and without collaboration from a random subset of teammates are compared until reaching a consensus. In such a framework, more teammates in the sampled subset often entail better perception performance but require longer sampling time to reject potential attackers. Thus, we derive how many sampling trials are needed to ensure the desired size of an attacker-free subset, or equivalently, the maximum size of such a subset that we can successfully sample within a given number of trials. We validate our method on the task of collaborative 3D object detection in autonomous driving scenarios.

翻译：多机器人协同感知场景（如目标检测）可优于单机感知，但采用深度学习时易受对抗攻击。现有对抗防御方法虽可缓解此问题，但其训练需预知攻击机制（通常不可得）。据此，本文提出ROBOSAC——一种可泛化至未知攻击者的新型采样防御策略。核心思想在于：相较于独立感知，协作感知应促使各成员感知结果趋于共识而非分歧。基于此，我们构建了"假设-验证"框架：通过对比随机子集内成员有无协作时的感知结果，直至达成共识。在此框架中，采样子集包含越多成员虽能提升感知性能，但需更长采样时间以排除潜在攻击者。因此，我们推导出保证无攻击子集达到期望规模所需的采样次数，及其在给定采样次数下可成功采样的最大无攻击子集规模。通过自动驾驶场景下的协同3D目标检测任务验证了本方法有效性。