Automatic detection and classification of adversarial attacks

摘要

The invention relates to a method and a system for the detection of adversarial attacks on an automated detection system, in particular an image-based detection system, e.g. an object detection system of an intelligent camera sensor (1; 2; 3) for assisted or automated driving. The method comprises the steps: a) Providing a reference image / video / audio signal, e.g. an original image and a potentially manipulated image / video / audio signal (S12). b) Calculation of a set of n metrics (S14) which quantify differences between the reference signal and the potentially manipulated signal in different ways, where n is a natural number is greater than one. c) Structure of an n-dimensional feature space based on the calculated metrics (S16). d) Classification of the type of adversarial attack based on the calculated metrics in the n-dimensional feature space (S18) (S20). The Adversarial Attack classification enables a specific countermeasure (S30) to be initiated against a class of Adversarial Attacks recognized as critical (E1).