부산대학교 도서관

Adversarial attacks against machine learning algorithms are increasingly a threat as object detection, tracking, and identification systems are more frequently and widely deployed in the real world. Current research on the evaluation of adversarial physical attacks and defenses utilize open and static datasets, such as APRICOT, to provide a benchmark for comparison. Evaluating defenses in the real world can be time consuming as the collection of data in the environment of concern with enough variation such as distance, lighting, and viewing angle is quite tedious. Even so, the digital insertion of attacks (such as adver-sarial patches) has been shown to overestimate effectiveness when compared to physical insertion in the real world, often because environmental variations are not taken into consideration. This work focuses on creating a pipeline in a simulated environment to evaluate the effectiveness of adversarial patches and correct for these real world variations. In this paper, we leverage Car Learning to Act (CARLA), a hyper-realistic autonomous driving simulator, and DAPRICOT (a method to digitally insert realistic adversarial attacks into real-world scenes) to simulate and correct for realistic operational conditions.