CyberDet: Real-time Adversarial Attacks Detection for Autonomous Robots and Self-driving Cars

摘要

Autonomous robots and self-driving cars rely on deep neural networks to perceive the environment and plan their actions. In particular, Convolutional Neural Networks (CNNs) became the defacto standard approach in computer vision. However, it was shown that they are also exposed to adversarial attacks: once small perturbations are added to the original image, a CNN will misinterpret the data. We introduce CyberDet, which is a simple, yet effective technique, based on kth order differences computed from the input image. The operator allows a CNN-based binary classifier to discriminate between attacked and genuine images. The method ia agnostic of the attack method, and of the data used for train or inference, and it is used online to guard the data acquisition streams of the perception system the autonomous robot RovisLab AMTU. We have experimentally shown that CyberDet is effectively discloses the Fast Gradient Sign attack, two variants of the Projected Gradient Descent, and Additive Uniform Noise attacks. The experiments have been performed on the benchmarking datasets CIFAR-10, CIFAR-100 and the Tiny ImageNet. The CyberDet code is publicly available at https://github.com/lmsasu/adversarial attack.