Sample selection of adversarial attacks against traffic signs

In the real world, the correct recognition of traffic signs plays a crucial role in vehicle autonomous driving and traffic monitoring. The research on its adversarial attack can test the security of vehicle autonomous driving system and provide enlightenment for improving the recognition algorithm. However, with the development of transportation infrastructure, new traffic signs may be introduced. The adversarial attack model for traffic signs needs to adapt to the addition of new types. Based on this, class incremental learning for traffic sign adversarial attacks has become an interesting research field. We propose a class incremental learning method for adversarial attacks on traffic signs. First, this method uses Pinpoint Region Probability Estimation Network (PRPEN) to predict the probability of each pixel being attacked in old samples. It helps to identify the high attack probability regions of the samples. Subsequently, based on the size of high probability pixel concentration area, the replay sample set is constructed. Old samples with smaller concentration areas receive higher priority and are prioritized for incremental learning. The experimental results show that compared with other sample selection methods, our method selects more representative samples and can train PRPEN more effectively to generate probability maps, thereby better generating adversarial attacks on traffic signs.