Predicting the trajectories of surrounding objects is a critical task for self-driving vehicles and many other autonomous systems. Recent works demonstrate that adversarial attacks on trajectory prediction, where small crafted perturbations are introduced to history trajectories, may significantly mislead the prediction of future trajectories and induce unsafe planning. However, few works have addressed enhancing the robustness of this important safety-critical task.In this paper, we present a novel adversarial training method for trajectory prediction. Compared with typical adversarial training on image tasks, our work is challenged by more random input with rich context and a lack of class labels. To address these challenges, we propose a method based on a semi-supervised adversarial autoencoder, which models disentangled semantic features with domain knowledge and provides additional latent labels for the adversarial training. Extensive experiments with different types of attacks demonstrate that our Semisupervised Semantics-guided Adversarial Training (SSAT) method can effectively mitigate the impact of adversarial attacks by up to 73% and outperform other popular defense methods. In addition, experiments show that our method can significantly improve the system's robust generalization to unseen patterns of attacks. We believe that such semantics-guided architecture and advancement on robust generalization is an important step for developing robust prediction models and enabling safe decision-making.

翻译：预测周围物体的轨迹是自动驾驶车辆及许多其他自主系统的关键任务。近期研究表明，通过在历史轨迹中引入精心设计的微小扰动进行对抗攻击，可能会严重误导未来轨迹的预测并引发不安全的规划。然而，针对这一重要的安全关键任务，目前少有研究关注如何提升其鲁棒性。本文提出了一种新颖的轨迹预测对抗训练方法。与典型的图像任务对抗训练相比，我们的工作面临更多挑战：输入数据随机性更强且包含丰富上下文信息，同时缺乏类别标签。为应对这些挑战，我们提出一种基于半监督对抗自编码器的方法，该方法利用领域知识建模解耦的语义特征，并为对抗训练提供额外的潜在标签。针对不同类型攻击的大量实验表明，我们的半监督语义引导对抗训练（SSAT）方法可将对抗攻击的影响有效降低73%，并优于其他主流防御方法。此外，实验证明该方法能显著提升系统对未见攻击模式的鲁棒泛化能力。我们相信，这种语义引导架构及其在鲁棒泛化方面的进展，是开发鲁棒预测模型、实现安全决策的重要一步。