Grad Seminar: Adversarial Machine Learning and Defense for the Applications of Autonomous and Connected Vehicles
Abstract
This thesis delves into the realm of adversarial machine learning within the
context of Connected and Automated Vehicles (CAVs), presenting a comprehensive study on the vulnerabilities and defense mechanisms against adversarial attacks in two critical areas: object detection and decision-making systems. The research firstly introduces a novel adversarial patch generation technique targeting the YOLOv5 object detection algorithm. It presents a comprehensive study in the different transformations and parameters that change the effectiveness of the patch. The patch is then implemented within the CARLA simulation environment to assess robustness under varied real-world conditions, such as changing weather and lighting. Simultaneously, this thesis investigates the susceptibility of Deep Q-Network (DQN) and Deep Deterministic Policy Gradient (DDPG) algorithms, pivotal in autonomous vehicle lane-changing decisions, to black-box adversarial attacks executed through zeroth order optimization methods like ZO-SignSGD. A preliminary study on the effect of adversarial defense is also performed, which shows success against the attack to a certain degree. This approach uncovers significant vulnerabilities, demonstrating substantial performance degradation in simulated autonomous driving scenarios. At last, the study underscores the importance of enhancing the security and resilience of machine learning algorithms embedded in CAV systems. Through a dual-focus on offensive and defensive strategies, including the exploration of adversarial training, this work contributes to the foundational understanding of adversarial threats in autonomous driving and advocates for the integration of robust defense mechanisms to ensure the safety and reliability of future autonomous transportation systems.
Presenter
Devon Zhang, MASc candidate in Systems Design Engineering