Deep learning-based lane detection (LD) plays a critical role in autonomous driving and advanced driver assistance systems. However, its vulnerability to backdoor attacks presents a significant security concern. Existing backdoor attack methods on LD often exhibit limited practical utility due to the artificial and conspicuous nature of their triggers. To address this limitation and investigate the impact of more ecologically valid backdoor attacks on LD models, we examine the common data poisoning attack and introduce DBALD, a novel diffusion-based data poisoning framework for generating naturalistic backdoor triggers. DBALD comprises two key components: optimal trigger position finding and stealthy trigger generation. Given the insight that attack performance varies depending on the trigger position, we propose a heatmap-based method to identify the optimal trigger location, with gradient analysis to generate attack-specific heatmaps. A region-based editing diffusion process is then applied to synthesize visually plausible triggers within the most susceptible regions identified previously. Furthermore, to ensure scene integrity and stealthy attacks, we introduce two loss strategies: one for preserving lane structure and another for maintaining the consistency of the driving scene. Consequently, compared to existing attack methods, DBALD achieves both a high attack success rate and superior stealthiness. Extensive experiments on 4 mainstream LD models show that DBALD exceeds state-of-the-art methods, with an average success rate improvement of +10.87% and significantly enhanced stealthiness. The experimental results highlight significant practical challenges in ensuring model robustness against real-world backdoor threats in LD.

翻译：基于深度学习的车道检测（LD）在自动驾驶和高级驾驶辅助系统中扮演着关键角色。然而，其对后门攻击的脆弱性构成了重大安全隐患。现有针对车道检测的后门攻击方法由于触发器的人工痕迹明显且过于显眼，往往缺乏实际应用价值。为弥补这一不足并研究更具生态效度的后门攻击对车道检测模型的影响，我们考察了常见的数据投毒攻击，并提出DBALD——一种基于扩散的新型数据投毒框架，用于生成自然形态的后门触发器。DBALD包含两大核心组件：最优触发器定位与隐蔽触发器生成。鉴于攻击效能随触发器位置变化的规律，我们提出一种基于热力图的方法来定位最优触发器位置，并通过梯度分析生成攻击特异性热力图。随后应用基于区域的编辑扩散过程，在先前识别的最易受影响区域合成视觉上合理的触发器。此外，为确保场景完整性与攻击隐蔽性，我们引入两项损失策略：一项用于保持车道结构，另一项用于维持驾驶场景一致性。与现有攻击方法相比，DBALD同时实现了高攻击成功率和卓越的隐蔽性。在4种主流车道检测模型上的大量实验表明，DBALD超越了最先进方法，平均成功率提升+10.87%，且隐蔽性显著增强。实验结果表明，在确保模型对现实世界中车道检测后门威胁的鲁棒性方面，存在重大实际挑战。