Guided Diffusion-based Generation of Adversarial Objects for Real-World Monocular Depth Estimation Attacks

Monocular Depth Estimation (MDE) serves as a core perception module in autonomous driving systems, but it remains highly susceptible to adversarial attacks. Errors in depth estimation may propagate through downstream decision making and influence overall traffic safety. Existing physical attacks primarily rely on texture-based patches, which impose strict placement constraints and exhibit limited realism, thereby reducing their effectiveness in complex driving environments. To overcome these limitations, this work introduces a training-free generative adversarial attack framework that generates naturalistic, scene-consistent adversarial objects via a diffusion-based conditional generation process. The framework incorporates a Salient Region Selection module that identifies regions most influential to MDE and a Jacobian Vector Product Guidance mechanism that steers adversarial gradients toward update directions supported by the pre-trained diffusion model. This formulation enables the generation of physically plausible adversarial objects capable of inducing substantial adversarial depth shifts. Extensive digital and physical experiments demonstrate that our method significantly outperforms existing attacks in effectiveness, stealthiness, and physical deployability, underscoring its strong practical implications for autonomous driving safety assessment.

Key Contributions

• Training-free generative adversarial attack framework using diffusion-based conditional generation to produce naturalistic, scene-consistent adversarial objects without patch constraints
• Jacobian Vector Product Guidance mechanism that steers diffusion model sampling toward adversarial gradient directions supported by the pre-trained model
• Salient Region Selection module that identifies regions most influential to MDE depth predictions, focusing adversarial energy where it matters most

🛡️ Threat Analysis

Details

Similar Papers