AVs utilize deep neural network (DNN)-based classification systems to identify traffic signs. However, these models are susceptible to adversarial attacks that can cause misclassification by introducing slight perturbations to an input image. The study introduces an attack-resilient GAN (AR-GAN) defense method for AV’s traffic sign classification. The AR-GAN assumes zero knowledge of adversarial attack models and provides consistently high traffic sign classification performance under various adversarial attack types. It outperforms other defense methods, particularly against white-box attacks, and maintains high classification performance even under varied white-box adversarial perturbation magnitudes.
Publication date: 26 Jan 2024
Project Page: Not provided
Paper: https://arxiv.org/pdf/2401.14232
