The Simulation Research On Robust Recognition Of Typical Traffic Signs Under Adversarial Settings

With the continuous development of traffic intelligence,traffic sign recognition,which relies on deep learning models,plays an increasingly important role.Traffic sign recognition is divided into two important processes: model training and prediction,and traffic sign recognition is more effective under benign settings,but adversarial settings with human or natural factors can have a serious impact on traffic sign recognition.For example,artificial invisible backdoor attacks can interfere with the training process of the model and recognize traffic signs as wrong instructions;snowflakes in the natural environment can interfere with the prediction process of the model and reduce the accuracy of traffic sign recognition,both of which are important reasons for the poor results of traffic sign recognition.Therefore,it is of great application value to investigate the adversarial settings existing in the training and prediction of traffic sign recognition models.In this thesis,we conduct simulation experiments using a representative public traffic sign dataset GTSRB and commonly used recognition models(Res Net18 and VGG19)in the context of typical traffic sign image recognition to develop a study on robust recognition of traffic signs in adversarial scenarios.(1)A defense method based on Gaussian filtering is proposed for the adversarial settings that the traffic sign recognition model may be subjected to backdoor attacks during the training process,and the invisible triggers in the poisoned samples are filtered out by Gaussian filtering to achieve the purpose of resisting the attacks.The experiments first perform threat analysis and train the traffic sign recognition model for backdoor attacks,and the success rate of over82% of the attacks demonstrates the threat of invisible backdoor attacks.Secondly,the corresponding spectrograms obtained by making a difference between the poisoned image and the clean image were analyzed to show that the invisible backdoor attack trigger exists in the high frequency information of the image,which can be defended from the frequency domain perspective,and therefore Gaussian filtering which can better preserve the image details was chosen to achieve the defense.Then,two main attack strategies,hybrid and additive,are defended using a Gaussian filter-based approach,and a comparison experiment with bilateral and mean offset filter-based defense methods is set up.Finally,ablation experiments are conducted to analyze the impact of three hyperparameters,namely poisoning rate,transparency and maximum perturbation range,on the proposed method.The Gaussian filterbased backdoor defense reduces the success rate of the attack to less than 8%,and the experimental results fully demonstrate the good defense performance and efficiency of the proposed method in this thesis,which can simultaneously defend against various invisible backdoor attacks and improve the robustness of the traffic sign recognition model training against backdoor attacks.(2)For the adversarial settings that the traffic sign recognition model interferes with the predicted images due to snowy weather in the prediction process,an improved generative adversarial network image de-snowing model is proposed,which is added to the traffic sign recognition model prediction process as an image pre-processing link to improve the traffic sign recognition effect.The improvement of the de-snowing model is twofold: in terms of structure,the structure of the generator is improved as a codec structure to solve the problem that the model cannot input images;in terms of algorithm,the loss function of the generator is improved by introducing mean squared error,perceptual loss and L1 loss as constraints to solve the problems of unstable model training and low quality of generated images.Experiments were conducted using a home-grown snowy traffic sign dataset based on GTSRB.First,traffic sign images containing snow were recognized,and the 65% recognition accuracy confirmed the effect of snow interference on the prediction process of the traffic sign recognition model.Then,the snow removal effect of the improved snow removal model was compared with that of the unimproved and improved generator-only models.The PSNR and SSIM of the images processed using the improved snow removal model reached 29.47 and0.95 respectively,and the recognition accuracy of the snow-removed images improved to over83%,within 7% of the normal recognition accuracy.Finally,the recognition model was explored in combination with a Gaussian filter-based defense method to cope with two confrontation scenarios simultaneously,and the difference with the normal recognition accuracy was within 14%.The experimental results fully demonstrate that the improved generative adversarial network snow removal model can effectively remove snow and improve the robustness of the traffic sign recognition model when predicting against snow disturbances.In summary,based on a typical traffic sign image recognition task,this thesis proposes countermeasures and conducts simulation experiments for the two important processes of traffic sign recognition model training and prediction,respectively,and the experimental results show that the proposed method can solve the backdoor attack in model training and snowflake interference in prediction,ensure the recognition accuracy of traffic sign images and achieve Robust recognition of traffic signs.