cs.CRcs.CV
Still Camouflage, Moving Illusion: View-Induced Trajectory Manipulation in Autonomous Driving
May 12, 2026
The paper introduces a novel adversarial attack that uses static, view-dependent camouflage on a vehicle to induce consistent feature drift, causing autonomous systems to predict false, yet plausible, trajectories like unnecessary cut-ins.
Existing physical adversarial attacks on vision-based autonomous driving induce time-evolving perception errors, including biased object tracking or trajectory prediction, through (i) sophisticated physical patch inducing detection box drift when entering the view distance, or (ii) dynamically changing patches that cause different perception errors at different time. In both cases, viewing-angle variation is treated as a challenge, requiring adversarial patches to remain effective across frames under varying views, leading to complex multi-view optimization. In contrast, we show that viewing-angle variation itself can be turned into an attack tool. We design a new attack paradigm where a static, passive adversarial camouflage is mounted on a vehicle whose view-dependent appearance naturally evolves with relative motion, inducing consistent feature drift across frames. This causes the system to infer a physically plausible but incorrect trajectory, such as a false cut-in, which propagates to downstream decision-making and triggers unnecessary braking. Unlike prior approaches that require multi-view robustness or active intervention, our attack emerges from normal driving dynamics and is easy to deploy: a parked vehicle with a natural camouflage can induce hard braking in passing autonomous vehicles. We demonstrate the novel attack on nuScenes dataset, showing the effectiveness with an end-to-end success rate of up to 87.5%, measured by hard-braking events, and robustness across different scene backgrounds, victim vehicle speeds, and perception models.
Hermes Seal: Zero-Knowledge Assurance for Autonomous Vehicle Communications
The paper proposes Hermes Seal, a zk-SNARK framework that enables autonomous veh…
PatchPoison: Poisoning Multi-View Datasets to Degrade 3D Reconstruction
PatchPoison introduces a lightweight dataset-poisoning method that injects small…
Security and Resilience in Autonomous Vehicles: A Proactive Design Approach
The paper proposes a proactive, resilient architecture for autonomous vehicles b…
SHIFT: Stochastic Hidden-Trajectory Deflection for Removing Diffusion-based Watermark
The paper introduces SHIFT, a training-free attack that exploits the vulnerabili…
Privacy-Aware Smart Cameras: View Coverage via Socially Responsible Coordination
The paper proposes a decentralized, privacy-aware framework enabling smart camer…
Detection of Adversarial Attacks in Robotic Perception
This paper addresses the vulnerability of DNNs used in robotic semantic segmenta…
Mobile GUI Agent Privacy Personalization with Trajectory Induced Preference Optimization
The paper proposes Trajectory Induced Preference Optimization (TIPO) to improve…
T-MAP: Red-Teaming LLM Agents with Trajectory-aware Evolutionary Search
The paper introduces T-MAP, a trajectory-aware evolutionary search method, to di…