The evolution of automotive technology will eventually permit the automated driving system on the vehicle to handle all circumstances. Human occupants will be just passengers. This poses security issues that need to be addressed. This paper has two aims. The first one investigates strategies for robustifying scene analysis of adversarial road scenes. A taxonomy of the defense mechanisms for countering adversarial perturbations is initially presented, classifying those mechanisms in three major categories: those that modify the data, those that propose adding extra models, and those that focus on modifying the models deployed for scene analysis. Motivated by the limited number of surveys in the first category, we further analyze the approaches that utilize input transformation operations as countermeasures, further classifying them in supervised and unsupervised methods and highlighting both their strengths and weaknesses. The second aim of this paper is to publish CarlaScenes dataset produced using the CARLA simulator. An extensive evaluation study, on CarlaScenes, is performed testing the supervised deep learning approaches that have been either proposed for image restoration or adversarial noise removal. The study presents insights on the robustness of the aforementioned approaches in mitigating adversarial attacks in scene analysis operations.

中文翻译：

---

使用去噪技术应对自动驾驶汽车的对抗性攻击：综述


汽车技术的发展最终将使车辆上的自动驾驶系统能够处理所有情况。人类乘客将只是乘客。这带来了需要解决的安全问题。本文有两个目的。第一个研究了增强对抗性道路场景的场景分析的策略。最初提出了对抗对抗性扰动的防御机制的分类，将这些机制分为三大类：修改数据的机制、建议添加额外模型的机制以及专注于修改用于场景分析的模型的机制。由于第一类调查数量有限，我们进一步分析了利用输入转换操作作为对策的方法，将它们进一步分类为有监督和无监督方法，并突出了它们的优点和缺点。本文的第二个目标是发布使用 CARLA 模拟器生成的 CarlaScenes 数据集。 CarlaScenes 上进行了一项广泛的评估研究，测试了用于图像恢复或对抗性噪声消除的监督深度学习方法。该研究提出了对上述方法在减轻场景分析操作中的对抗性攻击方面的稳健性的见解。