Countering Adversarial Attacks on Autonomous Vehicles Using Denoising Techniques: A Review

The evolution of automotive technology will eventually permit the automated driving system on the vehicle to handle all circumstances. Human occupants will be just passengers. This poses security issues that need to be addressed. This paper has two aims. The first one investigates strategies for robustifying scene analysis of adversarial road scenes. A taxonomy of the defense mechanisms for countering adversarial perturbations is initially presented, classifying those mechanisms in three major categories: those that modify the data, those that propose adding extra models, and those that focus on modifying the models deployed for scene analysis. Motivated by the limited number of surveys in the first category, we further analyze the approaches that utilize input transformation operations as countermeasures, further classifying them in supervised and unsupervised methods and highlighting both their strengths and weaknesses. The second aim of this paper is to publish CarlaScenes dataset produced using the CARLA simulator. An extensive evaluation study, on CarlaScenes, is performed testing the supervised deep learning approaches that have been either proposed for image restoration or adversarial noise removal. The study presents insights on the robustness of the aforementioned approaches in mitigating adversarial attacks in scene analysis operations.