Abstract
Recent advancements in deep learning have substantially boosted the performance of monocular depth estimation (MDE), an essential component in fully-vision-based autonomous driving systems (e.g., Tesla and Toyota). These advancements, however, have been primarily directed towards optimizing performance, with limited consideration for security vulnerabilities. This study introduces the first backdoor attack against self-supervised MDE models. By conceptualizing backdoor attacks as a multi-task challenge, we propose a novel attack framework that employs multi-task learning to iteratively optimize the standard MDE subtask and the backdoor learning subtask. Within this framework, we design two types of backdoor attacks: Target Disappearing Backdoor Attack (TDBA) and Depth Increasing Backdoor Attack (DIBA). TDBA renders specific objects invisible to the compromised model, while DIBA dramatically inflates the depth of trigger-associated objects. Extensive evaluations on three mainstream MDE models show that TDBA can make the target model directly ignore the specific objects, with a mean depth error under 0.06 meters, while DIBA significantly increases the depth for trigger-associated objects, resulting in a mean depth error exceeding 94.2 meters. These findings highlight the urgent need for advanced security measures in the development of MDE models, to mitigate such vulnerabilities.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
