Multi-sensor fusion (MSF) is widely used in autonomous vehicles (AVs) for perception, particularly for 3D object detection with camera and LiDAR sensors. The purpose of fusion is to capitalize on the advantages of each modality while minimizing its weaknesses. Advanced deep neural network (DNN)-based fusion techniques have demonstrated the exceptional and industry-leading performance. Due to the redundant information in multiple modalities, MSF is also recognized as a general defence strategy against adversarial attacks. In this paper, we attack fusion models from the camera modality that is considered to be of lesser importance in fusion but is more affordable for attackers. We argue that the weakest link of fusion models depends on their most vulnerable modality, and propose an attack framework that targets advanced camera-LiDAR fusion-based 3D object detection models through camera-only adversarial attacks. Our approach employs a two-stage optimization-based strategy that first thoroughly evaluates vulnerable image areas under adversarial attacks, and then applies dedicated attack strategies for different fusion models to generate deployable patches. The evaluations with six advanced camera-LiDAR fusion models and one camera-only model indicate that our attacks successfully compromise all of them. Our approach can either decrease the mean average precision (mAP) of detection performance from 0.824 to 0.353, or degrade the detection score of a target object from 0.728 to 0.156, demonstrating the efficacy of our proposed attack framework. Code is available.

翻译：多传感器融合（MSF）在自动驾驶车辆（AV）的感知中广泛应用，特别是基于相机和激光雷达传感器的三维目标检测。融合的目的是在利用各模态优势的同时，最大程度地削弱其弱点。基于深度神经网络（DNN）的先进融合技术已展现出卓越的行业领先性能。由于多模态信息具有冗余性，MSF也被视为应对对抗攻击的通用防御策略。本文从相机模态（该模态在融合中通常被认为重要性较低，但对攻击者而言成本更低）对融合模型实施攻击。我们认为融合模型的最薄弱环节取决于其最易受攻击的模态，并提出一种仅通过相机对抗攻击，针对基于相机与激光雷达融合的先进三维目标检测模型的有效攻击框架。该方法采用两阶段优化策略：首先全面评估图像中易受对抗攻击的脆弱区域，随后针对不同融合模型实施专用攻击策略，生成可部署的对抗补丁。基于六种先进相机-激光雷达融合模型及一种纯相机模型的评估表明，我们的攻击成功突破了所有模型。该方法可将检测性能的平均精度（mAP）从0.824降至0.353，或使目标对象的检测分数从0.728降至0.156，充分证明了所提攻击框架的有效性。代码已开源。