부산대학교 도서관

Traffic sign recognition (TSR) system is essential for autonomous vehicle and is vulnerable to security threats from adversarial attacks. The existing adversarial attacks for TSR are invasive and suffer from poor concealment and high computational complexity, and thus have low feasibility in real-world scenarios. This paper proposes a non-invasive modulated LED illumination-based adversarial attack scheme. By generating luminance flashes imperceptible to human eyes through fast intensity modulation of lighting such as LED streetlights and exploiting the rolling shutter mechanism of CMOS sensors of in-vehicle imaging system, the proposed attack scheme can successfully perform adversarial attacks on TSR system by implanting luminance information perturbations into the images acquired by autonomous vehicle and thus poisoning the image data fed into TSR system. Depending on the modulation frequency and pattern of LED illumination, the proposed attack scheme enables denial of service (DoS) attack that leads to traffic sign detection failure and escape attack that leads to traffic sign misclassification, with the advantages of superior concealment, low computational complexity and high practical feasibility. Experiments are conducted with two benchmark datasets (GTSDB and GTSRB) and two state-of-the-art models of TSR detection and TSR classification, YOLOv5m and Sill-Net respectively, in both the digital and physical world. Experimental results show that the proposed DoS attack on the TSR detection model (YOLOv5m) can reach the success rate of 90.00% and the proposed escape attack on the TSR classification model (Sill-Net) can achieve the success rate of 35.00%.