Digital Repository
ATERT : A General Defense Framework for Defending against Adversarial Attacks and Physical World Adversaries on Autonomous Driving
- Home
- →
- Dissertations & Thesis
- →
- BEng (Hons) Software Engineering
- →
- 2022
- →
- View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Kariyawasam Thanthrige, Yasas Mahima | |
| dc.date.accessioned | 2022-12-20T09:07:25Z | |
| dc.date.available | 2022-12-20T09:07:25Z | |
| dc.date.issued | 2022 | |
| dc.identifier.citation | Kariyawasam Thanthrige, Yasas Mahima (2022) ATERT : A General Defense Framework for Defending against Adversarial Attacks and Physical World Adversaries on Autonomous Driving. BEng. Dissertation, Informatics Institute of Technology | en_US |
| dc.identifier.issn | 2018362 | |
| dc.identifier.uri | http://dlib.iit.ac.lk/xmlui/handle/123456789/1213 | |
| dc.description.abstract | Though a wide range of domains has been influenced by the rise of deep learning and machine learning technologies, recent research works have identified these intelligent models are vulnerable to intentionally synthesized adversarial perturbations by attackers that are reliable enough to alter the prediction output without appealing a noticeable change in the input image to the human eye. With the advent of autonomous vehicles, this has earned higher attention and while moving deeper into the research domain, it can identify that, apart from adversarial attacks, the physical world itself acts as a performance degradation producer by constructing different adversarial constraints such as illumination changes, noises .etc. This research aims to design, develop and evaluate a general model robustness approach for both man-made and physical world adversaries without changing the given model architecture or no usage of auxiliary tools in the inference primarily on the autonomous vehicle domain. As a result, the models that are robustified by the suggested approach are capable of easily integrating into any application without hesitating about the improvements in computational resource consumption. Grounded on the literature review, the author has proposed a combined two-step training approach (ATERT) of Projected Gradient Descent l∞ based adversarial training and an improved version of the mix-up image transformation method named ERT. The experiment results demonstrate that the ATERT is capable of improving the resilience against both adversarial types without affecting the standard models' performance. In particular, ATERT improves the robustness for both digital and physical world adversaries up to 5-30% and 5-25% respectively on the evaluated models. Besides, a separate study conducted using Explainable AI further confirms that the ATERT improves the network's ability to capture pixel feature attributes under adverse conditions. | en_US |
| dc.language.iso | en | en_US |
| dc.subject | Computer Vision | en_US |
| dc.subject | Adversarial Machine Learning | en_US |
| dc.subject | Physical World Adversaries | en_US |
| dc.subject | Autonomous Vehicles | en_US |
| dc.title | ATERT : A General Defense Framework for Defending against Adversarial Attacks and Physical World Adversaries on Autonomous Driving | en_US |
| dc.type | Thesis | en_US |
