Autonomous cars are well known for being vulnerable to adversarial attacks that can compromise the safety of the car and pose danger to other road users. To effectively defend against adversaries, it is required to not only test autonomous cars for finding driving errors but to improve the robustness of the cars to these errors. To this end, in this paper, we propose a two-step methodology for autonomous cars that consists of (i) finding failure states in autonomous cars by training the adversarial driving agent, and (ii) improving the robustness of autonomous cars by retraining them with effective adversarial inputs. Our methodology supports testing autonomous cars in a multi-agent environment, where we train and compare adversarial car policy on two custom reward functions to test the driving control decision of autonomous cars. We run experiments in a vision-based high-fidelity urban driving simulated environment. Our results show that adversarial testing can be used for finding erroneous autonomous driving behavior, followed by adversarial training for improving the robustness of deep reinforcement learning-based autonomous driving policies. We demonstrate that the autonomous cars retrained using the effective adversarial inputs noticeably increase the performance of their driving policies in terms of reduced collision and offroad steering errors.

翻译：自动驾驶汽车因易受对抗性攻击而闻名，此类攻击可能危及车辆安全并对其他道路使用者构成威胁。为有效防御对抗攻击，不仅需要测试自动驾驶汽车以发现驾驶错误，还需提升车辆对这些错误的鲁棒性。为此，本文提出一种面向自动驾驶汽车的两步方法论，包括：(i) 通过训练对抗性驾驶代理来发现自动驾驶汽车的故障状态；(ii) 通过使用有效的对抗性输入重新训练自动驾驶汽车，以提升其鲁棒性。该方法支持在多智能体环境下测试自动驾驶汽车，我们在两种自定义奖励函数上训练并比较对抗性车辆策略，以测试自动驾驶汽车的驾驶控制决策。我们在基于视觉的高保真城市驾驶仿真环境中开展实验。结果表明，对抗性测试可用于发现错误的自动驾驶行为，而对抗性训练可提升基于深度强化学习的自动驾驶策略的鲁棒性。我们证明，使用有效对抗性输入重新训练的自动驾驶汽车，其驾驶策略性能显著提升，表现为碰撞和偏离道路转向错误减少。