Multiple robots could perceive a scene (e.g., detect objects) collaboratively better than individuals, although easily suffer from adversarial attacks when using deep learning. This could be addressed by the adversarial defense, but its training requires the often-unknown attacking mechanism. Differently, we propose ROBOSAC, a novel sampling-based defense strategy generalizable to unseen attackers. Our key idea is that collaborative perception should lead to consensus rather than dissensus in results compared to individual perception. This leads to our hypothesize-and-verify framework: perception results with and without collaboration from a random subset of teammates are compared until reaching a consensus. In such a framework, more teammates in the sampled subset often entail better perception performance but require longer sampling time to reject potential attackers. Thus, we derive how many sampling trials are needed to ensure the desired size of an attacker-free subset, or equivalently, the maximum size of such a subset that we can successfully sample within a given number of trials. We validate our method on the task of collaborative 3D object detection in autonomous driving scenarios.

翻译：多机器人可通过协作优于个体感知场景（如检测物体），但采用深度学习时易受对抗攻击。对抗防御可应对此问题，但其训练需要通常未知的攻击机制。为此，我们提出ROBOSAC——一种新颖的基于采样的防御策略，可泛化至未见攻击者。核心思想在于：协同感知应比个体感知在结果上达成共识而非分歧。据此构建"假设-验证"框架：逐次比对含与不含随机子集队友协作的感知结果直至达成共识。该框架中，采样子集包含更多队友虽能提升感知性能，但需更长采样时间来排除潜在攻击者。因此，我们推导了确保所需无攻击者子集大小所需的采样次数，以及给定采样次数下可成功采样的最大无攻击者子集容量。在自动驾驶场景的协同3D目标检测任务中验证了该方法。