The deep neural network (DNN) models for object detection using camera images are widely adopted in autonomous vehicles. However, DNN models are shown to be susceptible to adversarial image perturbations. In the existing methods of generating the adversarial image perturbations, optimizations take each incoming image frame as the decision variable to generate an image perturbation. Therefore, given a new image, the typically computationally-expensive optimization needs to start over as there is no learning between the independent optimizations. Very few approaches have been developed for attacking online image streams while considering the underlying physical dynamics of autonomous vehicles, their mission, and the environment. We propose a multi-level stochastic optimization framework that monitors an attacker's capability of generating the adversarial perturbations. Based on this capability level, a binary decision attack/not attack is introduced to enhance the effectiveness of the attacker. We evaluate our proposed multi-level image attack framework using simulations for vision-guided autonomous vehicles and actual tests with a small indoor drone in an office environment. The results show our method's capability to generate the image attack in real-time while monitoring when the attacker is proficient given state estimates.

翻译：基于摄像头图像的深度神经网络（DNN）目标检测模型在自动驾驶车辆中被广泛应用。然而，研究表明DNN模型对对抗性图像扰动具有脆弱性。现有生成对抗性图像扰动的方法中，优化过程将每个输入图像帧作为决策变量来生成图像扰动。因此，面对新图像时，由于独立优化之间缺乏学习机制，通常需要重新启动计算密集型优化过程。目前鲜有方法能在考虑自动驾驶车辆底层物理动力学、任务目标及环境因素的同时攻击在线图像流。我们提出一种多级随机优化框架，通过监控攻击者生成对抗扰动的能力水平，并基于此能力水平引入二元攻击/不攻击决策机制来提升攻击效能。我们通过视觉引导自动驾驶车辆的仿真实验以及办公室环境中小型室内无人机的实际测试，对所提出的多级图像攻击框架进行了评估。结果表明，该方法能够在实时生成图像攻击的同时，基于状态估计值监控攻击者是否具备足够能力。