As research in deep neural networks advances, deep convolutional networks become promising for autonomous driving tasks. In particular, there is an emerging trend of employing end-to-end neural network models for autonomous driving. However, previous research has shown that deep neural network classifiers are vulnerable to adversarial attacks. While for regression tasks, the effect of adversarial attacks is not as well understood. In this research, we devise two white-box targeted attacks against end-to-end autonomous driving models. Our attacks manipulate the behavior of the autonomous driving system by perturbing the input image. In an average of 800 attacks with the same attack strength (epsilon=1), the image-specific and image-agnostic attack deviates the steering angle from the original output by 0.478 and 0.111, respectively, which is much stronger than random noises that only perturbs the steering angle by 0.002 (The steering angle ranges from [-1, 1]). Both attacks can be initiated in real-time on CPUs without employing GPUs. Demo video: https://youtu.be/I0i8uN2oOP0.

翻译：随着深度神经网络的进步，深度卷积网络在自动驾驶任务中展现出巨大潜力。特别是，采用端到端神经网络模型进行自动驾驶正成为一种新兴趋势。然而，已有研究表明深度神经网络分类器易受对抗性攻击的影响，但针对回归任务的对抗攻击效果尚未得到充分理解。本研究针对端到端自动驾驶模型设计了两种白盒定向攻击方法。通过扰动输入图像，我们的攻击能够操纵自动驾驶系统的行为。在攻击强度相同（epsilon=1）的800次平均攻击测试中，图像特异性攻击和图像无关攻击分别使方向盘转向角偏离原始输出0.478和0.111，远强于仅能使转向角产生0.002偏移的随机噪声（转向角范围为[-1, 1]）。两种攻击均可在不使用GPU的CPU上实时启动。演示视频：https://youtu.be/I0i8uN2oOP0。