A Training-Based Identification Approach to VIN Adversarial Examples in Path Planning

Abstract

With the rapid development of Artificial Intelligence (AI), the problem of AI security has gradually emerged. Most existing machine learning algorithms may be attacked by adversarial examples. An adversarial example is a slightly modified input sample that can lead to a false result of machine learning algorithms. This poses a potential security threat for many AI applications. Especially in the domain of robot path planning, the adversarial maps may result in multiple harmful effects on the predicted path. However, there is no suitable approach to automatically identify them. To our knowledge, all previous works used manual observation method to identify the attack results of adversarial maps, which is time-consuming. Aiming at the existing problems, this paper explores a method to automatically identify the adversarial examples in Value Iteration Networks (VIN), which has a strong generalization ability. We analyze the possible scenarios caused by the adversarial maps. We propose a training-based identification approach to VIN adversarial examples by combining the path feature comparison and path image classification. Experiments show that our method can achieve a high-accuracy and effective identification on VIN adversarial examples.