Adversarial Attacks on Faster R-CNN Model for Object Detection in Autonomous Vehicles

Melike Başer; Şerif Bahtiyar

doi:10.1109/NTMS65597.2025.11076942

Adversarial Attacks on Faster R-CNN Model for Object Detection in Autonomous Vehicles

Melike Başer^*, Şerif Bahtiyar

^*Corresponding author for this work

Department of Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Object detection models used in autonomous driving systems provide environmental awareness of vehicles by making reliable and accurate predictions. However, these models show significant vulnerabilities in the face of adversarial attacks that can jeopardize system security. In this research, we compare the test performance and evaluation of the Faster R-CNN model under adversarial attacks using the ApolloScape dataset. We apply adversarial attacks to object detection models of autonomous driving systems on the ApolloScape dataset, which contains real-world scenes and high-resolution images for the first time. We analyze the prediction performance of the model using two common attack methods, FGSM and PGD. Our results show that PGD severely reduces the accuracy of the model due to its iterative nature and increases the false detection rate, especially in real-life scenes of the ApolloScape dataset. FGSM, on the other hand, showed a more limited effect, although it caused performance loss in critical categories. This research emphasizes that the Faster R-CNN model, which shows high performance on complex real-world datasets, is vulnerable to adversarial attacks. It also highlights the need for robust defense mechanisms tailored to the challenges of autonomous driving systems. We aim to contribute to the development of safer and more secure object detection systems in the face of hostile threats.

Original language	English
Title of host publication	2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	330-336
Number of pages	7
ISBN (Electronic)	9798331552763
DOIs	https://doi.org/10.1109/NTMS65597.2025.11076942
Publication status	Published - 2025
Event	12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025 - Paris, France Duration: 18 Jun 2025 → 20 Jun 2025

Publication series

Name	2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025

Conference

Conference	12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025
Country/Territory	France
City	Paris
Period	18/06/25 → 20/06/25

Bibliographical note

Publisher Copyright:
© 2025 IEEE.

Keywords

Adversarial Attacks
Apolloscape Dateset
Autonomous Vehicles
Faster R-CNN
Object Detection

Access to Document

10.1109/NTMS65597.2025.11076942

Cite this

Başer, M., & Bahtiyar, Ş. (2025). Adversarial Attacks on Faster R-CNN Model for Object Detection in Autonomous Vehicles. In 2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025 (pp. 330-336). (2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/NTMS65597.2025.11076942

Başer, Melike ; Bahtiyar, Şerif. / Adversarial Attacks on Faster R-CNN Model for Object Detection in Autonomous Vehicles. 2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025. Institute of Electrical and Electronics Engineers Inc., 2025. pp. 330-336 (2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025).

@inproceedings{4e5cf7ea5912400080179f2ffdfbe5d6,

title = "Adversarial Attacks on Faster R-CNN Model for Object Detection in Autonomous Vehicles",

abstract = "Object detection models used in autonomous driving systems provide environmental awareness of vehicles by making reliable and accurate predictions. However, these models show significant vulnerabilities in the face of adversarial attacks that can jeopardize system security. In this research, we compare the test performance and evaluation of the Faster R-CNN model under adversarial attacks using the ApolloScape dataset. We apply adversarial attacks to object detection models of autonomous driving systems on the ApolloScape dataset, which contains real-world scenes and high-resolution images for the first time. We analyze the prediction performance of the model using two common attack methods, FGSM and PGD. Our results show that PGD severely reduces the accuracy of the model due to its iterative nature and increases the false detection rate, especially in real-life scenes of the ApolloScape dataset. FGSM, on the other hand, showed a more limited effect, although it caused performance loss in critical categories. This research emphasizes that the Faster R-CNN model, which shows high performance on complex real-world datasets, is vulnerable to adversarial attacks. It also highlights the need for robust defense mechanisms tailored to the challenges of autonomous driving systems. We aim to contribute to the development of safer and more secure object detection systems in the face of hostile threats.",

keywords = "Adversarial Attacks, Apolloscape Dateset, Autonomous Vehicles, Faster R-CNN, Object Detection",

author = "Melike Ba{\c s}er and {\c S}erif Bahtiyar",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025 ; Conference date: 18-06-2025 Through 20-06-2025",

year = "2025",

doi = "10.1109/NTMS65597.2025.11076942",

language = "English",

series = "2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "330--336",

booktitle = "2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025",

address = "United States",

}

Başer, M & Bahtiyar, Ş 2025, Adversarial Attacks on Faster R-CNN Model for Object Detection in Autonomous Vehicles. in 2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025. 2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025, Institute of Electrical and Electronics Engineers Inc., pp. 330-336, 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025, Paris, France, 18/06/25. https://doi.org/10.1109/NTMS65597.2025.11076942

Adversarial Attacks on Faster R-CNN Model for Object Detection in Autonomous Vehicles. / Başer, Melike; Bahtiyar, Şerif.
2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025. Institute of Electrical and Electronics Engineers Inc., 2025. p. 330-336 (2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Adversarial Attacks on Faster R-CNN Model for Object Detection in Autonomous Vehicles

AU - Başer, Melike

AU - Bahtiyar, Şerif

PY - 2025

Y1 - 2025

N2 - Object detection models used in autonomous driving systems provide environmental awareness of vehicles by making reliable and accurate predictions. However, these models show significant vulnerabilities in the face of adversarial attacks that can jeopardize system security. In this research, we compare the test performance and evaluation of the Faster R-CNN model under adversarial attacks using the ApolloScape dataset. We apply adversarial attacks to object detection models of autonomous driving systems on the ApolloScape dataset, which contains real-world scenes and high-resolution images for the first time. We analyze the prediction performance of the model using two common attack methods, FGSM and PGD. Our results show that PGD severely reduces the accuracy of the model due to its iterative nature and increases the false detection rate, especially in real-life scenes of the ApolloScape dataset. FGSM, on the other hand, showed a more limited effect, although it caused performance loss in critical categories. This research emphasizes that the Faster R-CNN model, which shows high performance on complex real-world datasets, is vulnerable to adversarial attacks. It also highlights the need for robust defense mechanisms tailored to the challenges of autonomous driving systems. We aim to contribute to the development of safer and more secure object detection systems in the face of hostile threats.

AB - Object detection models used in autonomous driving systems provide environmental awareness of vehicles by making reliable and accurate predictions. However, these models show significant vulnerabilities in the face of adversarial attacks that can jeopardize system security. In this research, we compare the test performance and evaluation of the Faster R-CNN model under adversarial attacks using the ApolloScape dataset. We apply adversarial attacks to object detection models of autonomous driving systems on the ApolloScape dataset, which contains real-world scenes and high-resolution images for the first time. We analyze the prediction performance of the model using two common attack methods, FGSM and PGD. Our results show that PGD severely reduces the accuracy of the model due to its iterative nature and increases the false detection rate, especially in real-life scenes of the ApolloScape dataset. FGSM, on the other hand, showed a more limited effect, although it caused performance loss in critical categories. This research emphasizes that the Faster R-CNN model, which shows high performance on complex real-world datasets, is vulnerable to adversarial attacks. It also highlights the need for robust defense mechanisms tailored to the challenges of autonomous driving systems. We aim to contribute to the development of safer and more secure object detection systems in the face of hostile threats.

KW - Adversarial Attacks

KW - Apolloscape Dateset

KW - Autonomous Vehicles

KW - Faster R-CNN

KW - Object Detection

UR - https://www.scopus.com/pages/publications/105012573702

U2 - 10.1109/NTMS65597.2025.11076942

DO - 10.1109/NTMS65597.2025.11076942

M3 - Conference contribution

AN - SCOPUS:105012573702

T3 - 2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025

SP - 330

EP - 336

BT - 2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025

Y2 - 18 June 2025 through 20 June 2025

ER -

Başer M, Bahtiyar Ş. Adversarial Attacks on Faster R-CNN Model for Object Detection in Autonomous Vehicles. In 2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025. Institute of Electrical and Electronics Engineers Inc. 2025. p. 330-336. (2025 12th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2025). doi: 10.1109/NTMS65597.2025.11076942

Adversarial Attacks on Faster R-CNN Model for Object Detection in Autonomous Vehicles

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this