Shield-U: Safeguarding traffic sign recognition against perturbation attacks

Author

Shengmin XU
Jianfei SUN, Singapore Management UniversityFollow
Hangcheng CAO
Yulan GAO
Ziyang HE
Cong WU

Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

12-2024

Abstract

Traffic sign recognition systems are crucial for the navigation and situation awareness of autonomous vehicles. They leverage deep learning technologies to swiftly and accurately identify traffic signs, even in the most challenging traffic environments. However, security researchers have uncovered a critical vulnerability in these systems: learning-based TSRs are particularly susceptible to physical-world perturbation attacks. Through subtle modifications (i.e., attaching well-designed patches on traffic signs), attackers can deceive the recognition system into making erroneous judgments, which can further lead to serious traffic accidents. Although several defense mechanisms have been proposed to enhance the security of sign recognition systems, these solutions generally target only specific types of malicious perturbations and thus lack robustness. To address this issue, we present a robust defense mechanism named Shield-U, which restores traffic sign images contaminated by physical patch perturbations, providing credible data for the recognition model. In the process of implementing Shield-U, we first design a feature difference-aware perturbation generator that outputs potential sign contamination patterns. Incorporating generated perturbations during the training phase enables our restoration model to gain sufficient understanding of diverse perturbation types, thus enhancing its ability to repair various perturbed signs. Following this, we build an attention-driven restoration network to repair sign images. Finally, we evaluate the effectiveness of Shield-U using widely used sign recognition models and public datasets. The results demonstrate that our defense mechanism excels in resisting potential perturbations, increasing the average sign recognition accuracy by 50.4%.

Keywords

defense mechanism, perturbation attack, public transportation safety, Traffic sign recognition

Discipline

Information Security

Publication

2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom): Sanya, China, December 17-21: Proceedings

Issue

2024

First Page

2453

Last Page

2461

ISBN

9798331506209

Identifier

10.1109/TrustCom63139.2024.00340

Publisher

IEEE

City or Country

Piscataway, NJ

Citation

XU, Shengmin; SUN, Jianfei; CAO, Hangcheng; GAO, Yulan; HE, Ziyang; and WU, Cong. Shield-U: Safeguarding traffic sign recognition against perturbation attacks. (2024). 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom): Sanya, China, December 17-21: Proceedings. 2453-2461.
Available at: https://ink.library.smu.edu.sg/sis_research/10229

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TrustCom63139.2024.00340