Abstract
Monocular Depth Estimation (MDE) is a critical component in applications such as autonomous driving. There are various attacks against MDE networks. These attacks, especially the physical ones, pose a great threat to the security of such systems. Traditional adversarial training method requires ground-truth labels hence cannot be directly applied to self-supervised MDE that does not have ground-truth depth. Some self-supervised model hardening techniques (e.g., contrastive learning) ignore the domain knowledge of MDE and can hardly achieve optimal performance. In this work, we propose a novel adversarial training method for self-supervised MDE models based on view synthesis without using ground-truth depth. We improve adversarial robustness against physical-world attacks using L0-norm-bounded perturbation in training. We compare our method with supervised learning based and contrastive learning based methods that are tailored for MDE. Results on two representative MDE networks show that we achieve better robustness against various adversarial attacks with nearly no benign performance degradation.
Abstract (translated)
Monocular Depth Estimation (MDE) 是 autonomous driving 等应用中的关键组件。MDE 网络遭受了多种攻击。这些攻击,特别是物理攻击,对这类系统的安全措施构成了严重威胁。传统的对抗性训练方法需要真值标签,因此不能直接应用于没有真值深度的自监督 MDE 模型。一些自监督模型硬化技术(例如比较学习)忽略 MDE 的域知识,并且很难达到最优性能。在本研究中,我们提出了一种基于视图合成的自监督 MDE 模型的新对抗性训练方法,不需要真值深度。我们在训练过程中使用 L0 范数限定的扰动来提高对抗性鲁棒性,对抗物理攻击。我们比较了我们的方法和专门为 MDE 设计的监督学习和比较学习方法。对两个代表性的 MDE 网络的结果表明,我们实现了更好的对抗性稳定性,几乎没有任何良性性能下降。
URL
https://arxiv.org/abs/2301.13487
