SADA: Semantic Adversarial Diagnostic Attacks for Autonomous Applications

Abstract

One major factor impeding wider adoption of deep neural networks is their lack of robustness, which is essential for safety-critical applications such as autonomous driving. This has motivated much work on adversarial attacks, which mostly focus on pixel-level perturbations void of semantic meaning. In contrast, we present a general framework for semantic adversarial attacks on trained agents, covering semantic perturbations to the agent's environment as well as pixel-level attacks. Our proposed adversary, BBGAN, is trained to sample environment parameters that consistently cause a black-box agent to fail at its task. We apply BBGAN to three tasks targeting autonomous navigation: object detection, self-driving, and autonomous UAV racing, generating failure cases that consistently fool trained agents across all three settings.

Resources

arXiv: 1812.02132

Citation

@inproceedings{hamdi2020sada,
  title     = {{SADA}: Semantic Adversarial Diagnostic Attacks for Autonomous Applications},
  author    = {Hamdi, Abdullah and M{\"{u}}ller, Matthias and Ghanem, Bernard},
  booktitle = {AAAI Conference on Artificial Intelligence},
  year      = {2020}
}