Universal Adversarial Attacks on the Raw Data From a Frequency Modulated Continuous Wave Radar
As more and more applications rely on Artificial Intelligence (AI), it is inevitable to explore the associated safety and security risks, especially for sensitive applications where physical integrity is at risk. One of the most interesting challenges that come with AI are adversarial attacks being...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2022-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/9933434/ |
_version_ | 1798023728050733056 |
---|---|
author | Jakob Valtl Vadim Issakov |
author_facet | Jakob Valtl Vadim Issakov |
author_sort | Jakob Valtl |
collection | DOAJ |
description | As more and more applications rely on Artificial Intelligence (AI), it is inevitable to explore the associated safety and security risks, especially for sensitive applications where physical integrity is at risk. One of the most interesting challenges that come with AI are adversarial attacks being a well-researched problem in the visual domain, where a small change in the input data can cause the Neural Network (NN) to make an incorrect prediction. In the radar domain, AI is not that widespread yet but the results that AI applications produce are very promising, which is why more and more applications based on it are being used. This work presents three possible attack methods that are particularly suitable for the radar domain. The developed algorithms generate universal adversarial attack patches for all sorts of radar applications based on NN. The main goal of the algorithms, apart from the computation of universal patches, is the identification of sensitive areas in the raw radar data input which than can be examined more closely. To the best of our knowledge, this is the first work that deals with calculating universal patches on raw radar data, which is of great importance especially for interference analysis. The developed algorithms have been verified on two data sets. One in the field of autonomous driving where the attacks lead to a steering misprediction of up to 0.3 for the steering value which is within [−1,1], with the results also being successfully tested on a demonstrator. The other data set originated from a gesture recognition task, where the attacks decreased the accuracy, originally at 97.0% up to a minimum of 16.5%, which is slightly above 12.5% being the accuracy for a purely random prediction. |
first_indexed | 2024-04-11T17:51:02Z |
format | Article |
id | doaj.art-7b689871d75149c1b73126f36833ab54 |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-04-11T17:51:02Z |
publishDate | 2022-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-7b689871d75149c1b73126f36833ab542022-12-22T04:11:06ZengIEEEIEEE Access2169-35362022-01-011011409211410210.1109/ACCESS.2022.32183499933434Universal Adversarial Attacks on the Raw Data From a Frequency Modulated Continuous Wave RadarJakob Valtl0https://orcid.org/0000-0001-9562-2213Vadim Issakov1https://orcid.org/0000-0003-3450-8745Infineon Technologies AG, Neubiberg, GermanyTechnische Universitát Braunschweig, Braunschweig, GermanyAs more and more applications rely on Artificial Intelligence (AI), it is inevitable to explore the associated safety and security risks, especially for sensitive applications where physical integrity is at risk. One of the most interesting challenges that come with AI are adversarial attacks being a well-researched problem in the visual domain, where a small change in the input data can cause the Neural Network (NN) to make an incorrect prediction. In the radar domain, AI is not that widespread yet but the results that AI applications produce are very promising, which is why more and more applications based on it are being used. This work presents three possible attack methods that are particularly suitable for the radar domain. The developed algorithms generate universal adversarial attack patches for all sorts of radar applications based on NN. The main goal of the algorithms, apart from the computation of universal patches, is the identification of sensitive areas in the raw radar data input which than can be examined more closely. To the best of our knowledge, this is the first work that deals with calculating universal patches on raw radar data, which is of great importance especially for interference analysis. The developed algorithms have been verified on two data sets. One in the field of autonomous driving where the attacks lead to a steering misprediction of up to 0.3 for the steering value which is within [−1,1], with the results also being successfully tested on a demonstrator. The other data set originated from a gesture recognition task, where the attacks decreased the accuracy, originally at 97.0% up to a minimum of 16.5%, which is slightly above 12.5% being the accuracy for a purely random prediction.https://ieeexplore.ieee.org/document/9933434/Adversarial attacksartificial neural networksautonomous vehiclesedge computingobject recognitionradar applications |
spellingShingle | Jakob Valtl Vadim Issakov Universal Adversarial Attacks on the Raw Data From a Frequency Modulated Continuous Wave Radar IEEE Access Adversarial attacks artificial neural networks autonomous vehicles edge computing object recognition radar applications |
title | Universal Adversarial Attacks on the Raw Data From a Frequency Modulated Continuous Wave Radar |
title_full | Universal Adversarial Attacks on the Raw Data From a Frequency Modulated Continuous Wave Radar |
title_fullStr | Universal Adversarial Attacks on the Raw Data From a Frequency Modulated Continuous Wave Radar |
title_full_unstemmed | Universal Adversarial Attacks on the Raw Data From a Frequency Modulated Continuous Wave Radar |
title_short | Universal Adversarial Attacks on the Raw Data From a Frequency Modulated Continuous Wave Radar |
title_sort | universal adversarial attacks on the raw data from a frequency modulated continuous wave radar |
topic | Adversarial attacks artificial neural networks autonomous vehicles edge computing object recognition radar applications |
url | https://ieeexplore.ieee.org/document/9933434/ |
work_keys_str_mv | AT jakobvaltl universaladversarialattacksontherawdatafromafrequencymodulatedcontinuouswaveradar AT vadimissakov universaladversarialattacksontherawdatafromafrequencymodulatedcontinuouswaveradar |