A Periodic Adversarial Threat Model for Deep Neural Networks in Aerial Vehicle Detection

Deep neural network (DNN)-based vehicle detection systems deployed on autonomous aerial vehicles (AAVs) are susceptible to adversarial attacks, resulting in significant implications for public safety and system reliability. Despite advancements in DNN-based detection, the adversarial robustness of these systems in aerial video contexts remains underexplored. Existing attack models fail to exploit the sequential and periodic nature of video frames in aerial vehicle detection systems. To address this, we propose a periodic adversarial attack for aerial video (P3AV), which is the first to take advantage of the periodic nature of tasks related to road traffic parameters and improve the success of attacks. P3AV systematically selects critical video frames to be attacked by employing Bayesian optimization combined with domain-specific knowledge. The sensitive pixels in the frames are then chosen based on the gradient magnitudes of the loss function. Finally, an improved version of the projected gradient descent algorithm is developed by using gradient norms to generate perturbations and enhance the manipulation of selected pixels. Our experiments using four adversarial attacks against ten DNN architectures, which are developed based on convolutional neural network (CNN) and YOLO, on two datasets demonstrate that P3AV can improve the false rate in detection systems by 6% and the attack success rate by 5% over other attack models. Meanwhile, CNN models perform the worst against adversarial attacks. These findings highlight the critical need for improved adversarial defenses in AAV-based detection systems and underscore the broader implications for secure and reliable ITS.