Research On The Robustness Of Image Recognition Model In Autonomous Driving System

In the image recognition model of autonomous driving systems based on deep neural networks,driving scene information is mainly collected by deploying devices such as cameras and laser radar.However,realistic driving scenarios are broad and complex,and image samples from most extreme situations are easy to be ignored in the manual collecting stage,which can result in autonomous driving models that fail to learn decision information in extreme driving environments,leading to serious and dangerous accidents.In addition,it has been shown that deep neural networks are vulnerable to adversarial samples.A malicious attacker generates an adversarial sample by adding a small perturbation to the input sample that is unrecognizable to the human eye,causing the model to make completely incorrect predictions.In order to improve the robutness of image recognition model for autonomous driving systems,this thesis focus on both extreme driving environment and adversarial defense,and conduct research on traffic sign classification model and steering angle prediction model.The main research is as follows:(1)To solve the problem of a serious scarcity of large-scale,high-quality training samples in autonomous driving and the inefficient image sample generation methods,a model robustness optimization method based on data augmentation is proposed in this thesis.First,the optimized seed samples are selected according to the samples’ image spot information and prediction error.Then construct the joint optimization problem to maximize the prediction error and neuron coverage of seed samples,and set the realistic constraint conditions.Finally,the gradient ascent method solves the optimization problem and generates image samples that have high neuron coverage and are easy to be predicted wrong.After that,these samples will be added to the training dataset to retrain the DNN model.Experiments are conducted on six traffic sign classification models and three autonomous driving steering angle prediction models.The experimental results show that: Compared with Deep Xplore,a white-box test framework,this method saved 89.81% of time consumption and generated image samples with 1.87% better neuron coverage and 32%better attack success rate.Finally,using the image samples generated by Deep MC for data augmentation,the prediction accuracy of the model is improved by about 3%.This method improves the prediction accuracy of image models for autonomous driving systems in extreme driving environments,and its robustness is optimized.(2)To solve the problem that the adversarial samples are transferable and the existing adversarial training methods can only meet the defense of specific models and adversarial samples,a self-supervised adversarial disturbance removal method is proposed in this thesis.First,the adversarial perturbation purification model is constructed,it consists of a feature extractor,a purifier,and a discriminator.Specifically,the feature extractor maximizes the feature distortion of the image samples in a self-supervised manner to generate the adversarial samples.And the purifier is responsible for removing the noise in the adversarial samples,while the discriminator is responsible for recognizing the purified samples.This thesis also designs a joint loss function,which includes characteristics of pixels and against losses.Finally,the joint loss function is used to train the adversarial perturbation purification model.Experiments are conducted on three traffic sign classification models and three autonomous driving steering angle prediction models.The experimental results show that this method removes the perturbations in multiple adversarial samples,and the purified samples’ prediction accuracy is higher than 90% and does not reduce the model’s prediction ability for clean samples.Among multiple white-box attack scenarios,this method defense is the most effective compared to adversarial training,feature compression,and distillation defense.(3)This thesis designs and implenments a robustness optimization system for autonomous driving,which mainly includes four modules: data download,test sample,adversarial sample and robustness optimization.The robustness optimization module can improve the robustness of image recognition models of autonomous driving systems under extreme driving environments and adversarial attacks by data augmentation and adversarial defense.