As research in deep neural networks advances, deep convolutional networks become promising for autonomous driving tasks. In particular, there is an emerging trend of employing end-to-end neural network models for autonomous driving. However, previous research has shown that deep neural network classifiers are vulnerable to adversarial attacks. While for regression tasks, the effect of adversarial attacks is not as well understood. In this research, we devise two white-box targeted attacks against end-to-end autonomous driving models. Our attacks manipulate the behavior of the autonomous driving system by perturbing the input image. In an average of 800 attacks with the same attack strength (epsilon=1), the image-specific and image-agnostic attack deviates the steering angle from the original output by 0.478 and 0.111, respectively, which is much stronger than random noises that only perturbs the steering angle by 0.002 (The steering angle ranges from [-1, 1]). Both attacks can be initiated in real-time on CPUs without employing GPUs. Demo video: https://youtu.be/I0i8uN2oOP0.

翻译：随着深度神经网络研究的推进，深度卷积网络在自动驾驶任务中展现出广阔前景。特别是将端到端神经网络模型应用于自动驾驶的趋势日益显著。然而，先前研究表明深度神经网络分类器易受对抗性攻击。对于回归任务，对抗性攻击的影响尚未得到充分理解。在本研究中，我们针对端到端自动驾驶模型设计了两种白盒定向攻击。我们的攻击通过扰动输入图像来操纵自动驾驶系统的行为。在相同攻击强度（epsilon=1）下，平均800次攻击中，图像特定攻击与图像无关攻击分别使转向角偏离原始输出0.478和0.111，远强于仅使转向角偏移0.002的随机噪声（转向角范围为[-1, 1]）。两种攻击均可在无需GPU的CPU上实时发起。演示视频：https://youtu.be/I0i8uN2oOP0。