[
[1] S. Qiu, Q. Liu, S. Zhou, and C. Wu, “Review of artificial intelligence adversarial attack and defense technologies,” Applied Sciences, vol. 9, no. 5, Mar. 2019. https://doi.org/10.3390/app905090910.3390/app9050909
]Search in Google Scholar
[
[2] A. Manfreda, K. Ljubi, and A. Groznik, “Autonomous vehicles in the smart city era: An empirical study of adoption factors important for millennials,” International Journal of Information Management, vol. 58, Art no. 102050, 2021. https://doi.org/10.1016/j.ijinfomgt.2019.10205010.1016/j.ijinfomgt.2019.102050
]Search in Google Scholar
[
[3] Y. Li, X. Xu, J. Xiao, S. Li, and H. T. Shen, “Adaptive square attack: Fooling autonomous cars with adversarial traffic signs,” IEEE Internet of Things Journal, vol. 8, no. 8, pp. 6337–6347, Apr. 2021. https://doi.org/10.1109/JIOT.2020.301614510.1109/JIOT.2020.3016145
]Search in Google Scholar
[
[4] B. Jason, “What is deep learning?,” Machine Learning Mastery, 2019. [Online]. Available: https://machinelearningmastery.com/what-is-deep-learning/. Accessed Apr. 05, 2021.
]Search in Google Scholar
[
[5] H. Xu et al., “Adversarial attacks and defenses in images, graphs and text: A review,” International Journal of Automation and Computing, vol. 17, pp. 151–178, Mar. 2020. https://doi.org/10.1007/s11633-019-1211-x10.1007/s11633-019-1211-x
]Search in Google Scholar
[
[6] A. Gupta, A. Anpalagan, L. Guan, and A. S. Khwaja, “Deep learning for object detection and scene perception in self-driving cars: Survey, challenges, and open issues,” Array, vol. 10, Art no. 100057, Jul. 2021. https://doi.org/10.1016/j.array.2021.10005710.1016/j.array.2021.100057
]Search in Google Scholar
[
[7] N. Morgulis, A. Kreines, S. Mendelowitz, and Y. Weisglass, “Fooling a real car with adversarial traffic signs,” ArXiv, Art no. 1907.00374, 2019.
]Search in Google Scholar
[
[8] J. Gao, M. R. A. Khandaker, F. Tariq, K.-K. Wong, and R. T. Khan, “Deep neural network based resource allocation for V2X communications,” in 2019 IEEE 90th Vehicular Technology Conference (VTC2019-Fall), Honolulu, HI, USA, Sep. 2019, pp. 1–5. https://doi.org/10.1109/VTCFall.2019.889144610.1109/VTCFall.2019.8891446
]Search in Google Scholar
[
[9] Y. Tian, K. Pei, S. S. Jana, and B. Ray, “Deeptest: Automated testing of deep-neural-network-driven autonomous cars,” in 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE), May 2018, pp. 303–314. https://doi.org/10.1145/3180155.318022010.1145/3180155.3180220
]Search in Google Scholar
[
[10] P. J. Leiss, “The functional components of autonomous vehicles – Expert article,” Robson Forensic, Sep. 2018. [Online]. Available: https://www.robsonforensic.com/articles/autonomous-vehicles-sensors-expert/
]Search in Google Scholar
[
[11] G. Sun, Y. Su, C. Qin, W. Xu, X. Lu, and A. Ceglowski, “Complete defense framework to protect deep neural networks against adversarial examples,” Mathematical Problems in Engineering, vol. 2020, Art no. 8319249, May 2020. https://doi.org/10.1155/2020/831924910.1155/2020/8319249
]Search in Google Scholar
[
[12] A. Chakraborty, M. Alam, V. Dey, A. Chattopadhyay, and D. Mukhopadhyay, “Adversarial attacks and defences: A survey,” ArXiv, Art no. 1810.00069, 2018.
]Search in Google Scholar
[
[13] X. Liu et al., “Privacy and security issues in deep learning: A survey,” IEEE Access, vol. 9, pp. 4566–4593, 2021. https://doi.org/10.1109/ACCESS.2020.304507810.1109/ACCESS.2020.3045078
]Search in Google Scholar
[
[14] I. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples,” ArXiv, Art no.1412.6572, 2015.
]Search in Google Scholar
[
[15] A. Madry, A. Makelov, L. Schmidt, D. Tsipras, and A. Vladu, “Towards deep learning models resistant to adversarial attacks,” ArXiv, Art no. 1706.06083, 2018.
]Search in Google Scholar
[
[16] K. Ren, T. Zheng, Z. Qin, and X. Liu, “Adversarial attacks and defenses in deep learning,” Engineering, vol. 6, no. 3, pp. 346–360, 2020. https://doi.org/10.1016/j.eng.2019.12.01210.1016/j.eng.2019.12.012
]Search in Google Scholar
[
[17] M. Rigaki and S. García, “A survey of privacy attacks in machine learning,” ArXiv, Art no. 2007.07646, 2020.
]Search in Google Scholar
[
[18] N. Papernot, P. McDaniel, X. Wu, S. Jha, and A. Swami, “Distillation as a defense to adversarial perturbations against deep neural networks,” in 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, May 2016, pp. 582–597. https://doi.org/10.1109/SP.2016.4110.1109/SP.2016.41
]Search in Google Scholar
[
[19] P. Samangouei, M. Kabkab, and R. Chellappa, “Defense-GAN: Protecting classifiers against adversarial attacks using generative models,” ArXiv, Art no. 1805.06605, 2018.
]Search in Google Scholar
[
[20] F. Liao, M. Liang, Y. Dong, T. Pang, J. Zhu, and X. Hu, “Defense against adversarial attacks using high-level representation guided denoiser,” in 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Salt Lake City, UT, USA, June 2018, pp. 1778–1787. https://doi.org/10.1109/CVPR.2018.0019110.1109/CVPR.2018.00191
]Search in Google Scholar
[
[21] T. Bai, J. Luo, J. Zhao, B. Wen, and Q. Wang, “Recent advances in adversarial training for adversarial robustness,” ArXiv, Art no. 2102.01356, 2021.
]Search in Google Scholar
[
[22] F. Tramèr, A. Kurakin, N. Papernot, D. Boneh, and P. McDaniel, “Ensemble adversarial training: Attacks and defenses,” ArXiv, Art no. 1705.07204, 2018.
]Search in Google Scholar
[
[23] N. Papernot, P. Mcdaniel, I. Goodfellow, S. Jha, Z. Y. Celik, and A. Swami, “Practical black-box attacks against machine learning,” in Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, Apr. 2017, pp. 506–519. https://doi.org/10.1145/3052973.305300910.1145/3052973.3053009
]Search in Google Scholar
[
[24] E. Raff, J. Sylvester, S. Forsyth, and M. McLean, “Barrage of random transforms for adversarially robust defense,” in 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Long Beach, CA, USA, June 2019, pp. 6521–6530. https://doi.org/10.1109/CVPR.2019.0066910.1109/CVPR.2019.00669
]Search in Google Scholar
[
[25] Y. Huang and Y. Chen, “Autonomous driving with deep learning: A survey of state-of-art technologies,” ArXiv, Art no. 2006.06091, 2020.
]Search in Google Scholar
[
[26] K. Ren, Q. Wang, C. Wang, Z. Qin, and X. Lin, “The security of autonomous driving: Threats, defenses, and future directions,” Proceedings of the IEEE, vol. 108, no. 2, pp. 357–372, Nov. 2020. https://doi.org/10.1109/JPROC.2019.294877510.1109/JPROC.2019.2948775
]Search in Google Scholar
[
[27] “Future of driving,” Tesla. [Online]. Available: https://www.tesla.com/autopilot. Accessed on: Jun. 04, 2021.
]Search in Google Scholar
[
[28] A. Osman Ors, “The role of machine learning in autonomous vehicles,” Endeavor Business Media, LLC, 2020. [Online]. Available: https://www.electronicdesign.com/markets/automotive/article/21147200/nxp-semiconductors-the-role-of-machine-learning-in-autonomous-vehicles. Accessed on: Jun. 04, 2021.
]Search in Google Scholar
[
[29] C. Sitawarin, A. Bhagoji, A. Mosenia, M. Chiang, and P. Mittal, “DARTS: Deceiving autonomous cars with toxic signs,” ArXiv, Art no. 1802.06430, 2018.
]Search in Google Scholar
[
[30] A. Madry and Z. Kolter, “Adversarial robustness – theory and practice,” 2018. [Online]. Available: https://adversarial-ml-tutorial.org/. Accessed on: Oct. 04, 2021.
]Search in Google Scholar
[
[31] J. Stallkamp, M. Schlipsing, J. Salmen, and C. Igel, “Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition,” Neural Networks, vol. 32, pp. 323–332, 2012. https://doi.org/10.1016/j.neunet.2012.02.01610.1016/j.neunet.2012.02.01622394690
]Search in Google Scholar
[
[32] S. Houben, J. Stallkamp, J. Salmen, M. Schlipsing, and C. Igel, “Detection of traffic signs in real-world images: The German traffic sign detection benchmark,” in The 2013 International Joint Conference on Neural Networks (IJCNN), Dallas, TX, USA, Aug. 2013, pp. 1–8. https://doi.org/10.1109/IJCNN.2013.670680710.1109/IJCNN.2013.6706807
]Search in Google Scholar
[
[33] S. Tietz and K. Nassiri Nazif, “Attacking autonomous driving machine learning algorithms with adversarial examples,” Standford University, 2019. [Online]. Available: http://cs230.stanford.edu/projects_spring_2019/reports/18681219.pdf
]Search in Google Scholar
[
[34] C. Xiao, B. Li, J. Zhu, W. He, M. Liu, and D. Song, “Generating adversarial examples with adversarial networks,” in Proceedings of the Twenty-Seventh International Joint Conference on Artificial Intelligence, IJCAI-18, 2018, pp. 3905–3911. https://doi.org/10.24963/ijcai.2018/54310.24963/ijcai.2018/543
]Search in Google Scholar
[
[35] M. Andriushchenko, F. Croce, N. Flammarion, and M. Hein, “Square attack: A query-efficient black-box adversarial attack via random search,” in Computer Vision – ECCV 2020, LNCS, vol. 12368, 2020, pp. 484–501. https://doi.org/10.1007/978-3-030-58592-1_2910.1007/978-3-030-58592-1_29
]Search in Google Scholar
[
[36] N.-D. Nguyen, T. Do, T. D. Ngo, and D.-D. Le, “An evaluation of deep learning methods for small object detection,” Journal of Electrical and Computer Engineering, vol. 2020, Art no. 3189691, Apr. 2020. https://doi.org/10.1155/2020/318969110.1155/2020/3189691
]Search in Google Scholar
[
[37] K. Eykholt et al., “Note on attacking object detectors with adversarial stickers,” ArXiv, Art no. 1712.08062, 2017.
]Search in Google Scholar
[
[38] S.-T. Chen, C. Cornelius, J. Martin, and D. H. (Polo) Chau, “ShapeShifter: Robust physical adversarial attack on faster R-CNN object detector,” in Machine Learning and Knowledge Discovery in Databases, LNCS, vol. 11051, 2019, pp. 52–68. https://doi.org/10.1007/978-3-030-10925-7_410.1007/978-3-030-10925-7_4
]Search in Google Scholar
[
[39] N. Carlini and D. A. Wagner, “Towards evaluating the robustness of neural networks,” in 2017 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, May 2017, pp. 39–57. https://doi.org/10.1109/SP.2017.4910.1109/SP.2017.49
]Search in Google Scholar
[
[40] A. Athalye, L. Engstrom, A. Ilyas, and K. Kwok, “Synthesizing robust adversarial examples,” in Proceedings of the 35th International Conference on Machine Learning, Jul. 2018, vol. 80, pp. 284–293. [Online]. Available: http://proceedings.mlr.press/v80/athalye18b.html
]Search in Google Scholar
[
[41] T.-Y. Lin et al., “Microsoft COCO: Common Objects in Context,” in Computer Vision – ECCV 2014. Lecture Notes in Computer Science, vol 8693, 2014, pp. 740–755. https://doi.org/10.1007/978-3-319-10602-1_4810.1007/978-3-319-10602-1_48
]Search in Google Scholar
[
[42] K. Eykholt et al., “Robust physical-world attacks on deep learning visual classification,” in 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Salt Lake City, UT, USA, Jun. 2018, pp. 1625–1634. https://doi.org/10.1109/CVPR.2018.0017510.1109/CVPR.2018.00175
]Search in Google Scholar
[
[43] A. Møgelmose, M. M. Trivedi, and T. B. Moeslund, “Vision-based traffic sign detection and analysis for intelligent driver assistance systems: Perspectives and survey,” IEEE Transactions on Intelligent Transportation Systems, vol. 13, pp. 1484–1497, Oct. 2012. https://doi.org/10.1109/TITS.2012.220942110.1109/TITS.2012.2209421
]Search in Google Scholar
[
[44] K. Eykholt et al., “Physical adversarial examples for object detectors,” in Proceedings of the 12th USENIX Conference on Offensive Technologies, USA, 2018, p. 1.
]Search in Google Scholar
[
[45] G. Lovisotto, H. C. M. Turner, I. Sluganovic, M. Strohmeier, and I. Martinovic, “SLAP: Improving physical adversarial examples with short-lived adversarial perturbations,” ArXiv, Art no. 2007.04137, 2021.
]Search in Google Scholar
[
[46] X. Xu, J. Zhang, Y. Li, Y. Wang, Y. Yang, and H. T. Shen, “Adversarial attack against urban scene segmentation for autonomous vehicles,” IEEE Transactions on Industrial Informatics, vol. 17, no. 6, pp. 4117–4126, Jun. 2021. https://doi.org/10.1109/TII.2020.302464310.1109/TII.2020.3024643
]Search in Google Scholar
[
[47] A. Boloor, X. He, C. Gill, Y. Vorobeychik, and X. Zhang, “Simple physical adversarial examples against end-to-end autonomous driving models,” in 2019 IEEE International Conference on Embedded Software and Systems (ICESS), Las Vegas, NV, USA, Jun. 2019, pp. 1–7. https://doi.org/10.1109/ICESS.2019.878251410.1109/ICESS.2019.8782514
]Search in Google Scholar
[
[48] H. Zhou et al., “DeepBillboard: Systematic physical-world testing of autonomous driving systems,” in 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE), Oct. 2020, pp. 347–358. https://doi.org/10.1145/3377811.338042210.1145/3377811.3380422
]Search in Google Scholar
[
[49] H. Wu and W. Ruan, “Adversarial driving: Attacking end-to-end autonomous driving systems,” ArXiv, Art no. 2103.09151, 2021.
]Search in Google Scholar
[
[50] Y. Deng, X. Zheng, T. Zhang, C. Chen, G. Lou, and M. Kim, “An analysis of adversarial attacks and defenses on autonomous driving models,” in 2020 IEEE International Conference on Pervasive Computing and Communications (PerCom), Austin, TX, USA, Mar. 2020, pp. 1–10. https://doi.org/10.1109/PerCom45495.2020.912738910.1109/PerCom45495.2020.9127389
]Search in Google Scholar
[
[51] O. Poursaeed, I. Katsman, B. Gao, and S. Belongie, “Generative adversarial perturbations,” in 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Salt Lake City, UT, USA, Jun. 2018, pp. 4422–4431. https://doi.org/10.1109/CVPR.2018.0046510.1109/CVPR.2018.00465
]Search in Google Scholar
[
[52] M. Wan, M. Han, L. Li, Z. Li, and S. He, “Effects of and defenses against adversarial attacks on a traffic light classification CNN,” in Proceedings of the 2020 ACM Southeast Conference, New York, NY, USA, 2020, pp. 94–99. https://doi.org/10.1145/3374135.338528810.1145/3374135.3385288
]Search in Google Scholar
[
[53] A. M. Aung, Y. Fadila, R. Gondokaryono, and L. Gonzalez, “Building robust deep neural networks for road sign detection,” ArXiv, Art no. 1712.09327, 2017.
]Search in Google Scholar
[
[54] N. Papernot, P. McDaniel, S. Jha, M. Fredrikson, Z. B. Celik, and A. Swami, “The limitations of deep learning in adversarial settings,” in 2016 IEEE European Symposium on Security and Privacy (EuroS&P), Saarbruecken, Germany, Mar. 2016, pp. 372–387. https://doi.org/10.1109/EuroSP.2016.3610.1109/EuroSP.2016.36
]Search in Google Scholar
[
[55] F. Wu, L. Xiao, W. Yang, and J. Zhu, “Defense against adversarial attacks in traffic sign images identification based on 5G,” EURASIP Journal on Wireless Communications and Networking, vol. 2020, Art no. 173, Sep. 2020. https://doi.org/10.1186/s13638-020-01775-510.1186/s13638-020-01775-5
]Search in Google Scholar
[
[56] H. Gan and C. Liu, “An autoencoder based approach to defend against adversarial attacks for autonomous vehicles,” in 2020 International Conference on Connected and Autonomous Driving (MetroCAD), Feb. 2020, pp. 43–44. https://doi.org/10.1109/MetroCAD48866.2020.0001510.1109/MetroCAD48866.2020.00015
]Search in Google Scholar
[
[57] Q. Sun, A. A. Rao, X. Z. Yao, B. Yu, and S. Hu, “Counteracting adversarial attacks in autonomous driving,” in 2020 IEEE/ACM International Conference On Computer Aided Design (ICCAD), Art no. 83, Nov. 2020, pp. 1–7. https://doi.org/10.1145/3400302.341575810.1145/3400302.3415758
]Search in Google Scholar
[
[58] J. Lu, H. Sibai, E. Fabry, and D. A. Forsyth, “No need to worry about adversarial examples in object detection in autonomous vehicles,” ArXiv, Art no. 1707.03501, 2017.
]Search in Google Scholar
[
[59] Md. T. Hossan et al., “A new vehicle localization scheme based on combined optical camera communication and photogrammetry,” Mobile Information Systems, vol. 2018, Art no. 8501898, Apr. 2018. https://doi.org/10.1155/2018/850189810.1155/2018/8501898
]Search in Google Scholar
[
[60] H. Lee, S. Song, and S. Jo, “3D reconstruction using a sparse laser scanner and a single camera for outdoor autonomous vehicle,” in 2016 IEEE 19th International Conference on Intelligent Transportation Systems (ITSC), Rio de Janeiro, Brazil, Nov. 2016, pp. 629–634. https://doi.org/10.1109/ITSC.2016.779561910.1109/ITSC.2016.7795619
]Search in Google Scholar
[
[61] R. Martin-Brualla, N. Radwan, M. S. M. Sajjadi, J. T. Barron, A. Dosovitskiy, and D. Duckworth, “NeRF in the wild: Neural radiance fields for unconstrained photo collections,” in 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Nashville, TN, USA, June 2021, pp. 7206–7215. https://doi.org/10.1109/CVPR46437.2021.0071310.1109/CVPR46437.2021.00713
]Search in Google Scholar
[
[62] C. Sitawarin, A. Bhagoji, A. Mosenia, P. Mittal, and M. Chiang, “Rogue signs: Deceiving traffic sign recognition with malicious ads and logos,” ArXiv, Art no. 1801.02780, 2018.
]Search in Google Scholar
[
[63] M. Cordts et al., “The cityscapes dataset for semantic urban scene understanding,” in 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Vegas, NV, USA, June 2016, pp. 3213–3223. https://doi.org/10.1109/CVPR.2016.35010.1109/CVPR.2016.350
]Search in Google Scholar
[
[64] “Udacity self-driving car driving data,” udacity, 2016. [Online]. Available: https://github.com/udacity/self-driving-car
]Search in Google Scholar
[
[65] Y. Zhou, L. Liu, L. Shao, and M. Mellor, “DAVE: A unified framework for fast vehicle detection and annotation,” ArXiv, Art no. 1607.04564, 2016.
]Search in Google Scholar
[
[66] A. Geiger, P. Lenz, C. Stiller, and R. Urtasun, “Vision meets robotics: The KITTI dataset,” The International Journal of Robotics Research, vol. 32, no. 11, pp. 1231–1237, Aug. 2013. https://doi.org/10.1177/027836491349129710.1177/0278364913491297
]Search in Google Scholar
[
[67] A. Mahendran and A. Vedaldi, “Understanding deep image representations by inverting them,” in 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Boston, MA, USA, June 2015, pp. 5188–5196. https://doi.org/10.1109/CVPR.2015.729915510.1109/CVPR.2015.7299155
]Search in Google Scholar
[
[68] D. Temel, G. Kwon, M. Prabhushankar, and G. Al-Regib, “CURE-TSR: Challenging unreal and real environments for traffic sign recognition,” ArXiv, Art no. 1712.02463, 2017.
]Search in Google Scholar
[
[69] P. Bielik, P. Tsankov, A. Krause, and M. Vechev, “Reliability assessment of traffic sign classifiers,” Federal Office for Information Security, Jul. 2020. Accessed: Apr. 07, 2021. [Online]. Available: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/KI/Empirical_robustness_testing_of_AI_systems_for_traffic_sign_recognition.pdf?__blob=publicationFile&v=2
]Search in Google Scholar
[
[70] M. Shu, Y. Shen, M. C. Lin, and T. Goldstein, “Adversarial differentiable data augmentation for autonomous systems,” in 2021 IEEE International Conference on Robotics and Automation (ICRA), Xi’an, China, 2021, pp. 14069–14075. https://doi.org/10.1109/ICRA48506.2021.956120510.1109/ICRA48506.2021.9561205
]Search in Google Scholar
[
[71] A. S. Mohammed, A. Amamou, F. K. Ayevide, S. Kelouwani, K. Agbossou, and N. Zioui, “The perception system of intelligent ground vehicles in all weather conditions: A systematic literature review,” Sensors, vol. 20, no. 22, Art no. 6532, pp. 1–34, Nov. 2020. https://doi.org/10.3390/s2022653210.3390/s20226532769711033203155
]Search in Google Scholar
[
[72] N. M. Gurel, X. Qi, L. Rimanic, C. Zhang, and B. Li, “Knowledge enhanced machine learning pipeline against diverse adversarial attacks,” ArXiv, Art no. 2106.06235, 2021.
]Search in Google Scholar
[
[73] T. Zhang, Y. Deng, G. Lou, X. Zheng, J. Jin, and Q.-L. Han, “Deep learning-based autonomous driving systems: A survey of attacks and defenses,” IEEE Transactions on Industrial Informatics, vol. 17, no. 12, pp. 7897–7912, Dec. 2021. https://doi.org/10.1109/TII.2021.307140510.1109/TII.2021.3071405
]Search in Google Scholar
[
[74] A. Laugros, A. Caplier, and M. Ospici, “Are adversarial robustness and common perturbation robustness independent attributes ?” in 2019 IEEE/CVF International Conference on Computer Vision Workshop (ICCVW), Seoul, Korea (South), Oct. 2019, pp. 1045–1054. https://doi.org/10.1109/ICCVW.2019.0013410.1109/ICCVW.2019.00134
]Search in Google Scholar
[
[75] B. R. Kiran et al., “Deep reinforcement learning for autonomous driving: A survey,” ArXiv, Art no. 2002.00444, 2020.
]Search in Google Scholar
[
[76] L. Eliot, “Federated machine learning for AI self-driving cars,” 2018. [Online]. Available: https://www.aitrends.com/ai-insider/federated-machine-learning-for-ai-self-driving-cars/. Accessed on: Apr. 14, 2021.
]Search in Google Scholar
[
[77] A. M. Elbir and S. Coleri, “Federated learning for vehicular networks,” ArXiv, Art no. 2006.01412, 2020.
]Search in Google Scholar