cs.CVcs.CRcs.LGcs.RO
Systematic Discovery of Semantic Attacks in Online Map Construction through Conditional Diffusion
May 14, 2026
The paper introduces MIRAGE, a framework that systematically discovers semantic attacks on online HD map construction by finding plausible environmental variations that bypass standard adversarial defenses, demonstrating attacks that remove or inject critical road boundaries.
Autonomous vehicles depend on online HD map construction to perceive lane boundaries, dividers, and pedestrian crossings -- safety-critical road elements that directly govern motion planning. While existing pixel perturbation attacks can disrupt the mapping, they can be neutralized by standard adversarial defenses. We present MIRAGE, a framework for systematic discovery of semantic attacks that bypass adversarial defenses and degrade mapping predictions by finding plausible environmental variation (e.g. shadows, wet roads). MIRAGE exploits the latent manifold of real-world data learned by diffusion models, and searches for semantically mutated scenes neighboring the ground truth with the same road topology yet mislead the mapping predictions. We evaluate MIRAGE on nuScenes and demonstrate two attacks: (1) boundary removal, suppressing 57.7% of detections and corrupting 96% of planned trajectories; and (2) boundary injection, the only method that successfully injects fictitious boundaries, while pixel PGD and AdvPatch fail entirely. Both attacks remain potent under various adversarial defenses. We use two independent VLM judges to quantify realism, where MIRAGE passes as realistic 80--84% of the time (vs. 97--99% for clean nuScenes), while AdvPatch only 0--9%. Our findings expose a categorical gap in current adversarial defenses: semantic-level perturbations that manifest as legitimate environmental variation are substantially harder to mitigate than pixel-level perturbations.
Diffusion-Guided Adversarial Perturbation Injection for Generalizable Defense Against Facial Manipul…
The paper proposes AEGIS, a novel diffusion-guided method for injecting adversar…
Lightweight True In-Pixel Encryption with FeFET Enabled Pixel Design for Secure Imaging
The paper proposes SecurePix, a compact CMOS-compatible pixel architecture that…
T-MAP: Red-Teaming LLM Agents with Trajectory-aware Evolutionary Search
The paper introduces T-MAP, a trajectory-aware evolutionary search method, to di…
AttackEval: A Systematic Empirical Study of Prompt Injection Attack Effectiveness Against Large Lang…
AttackEval systematically evaluates the effectiveness of 250 prompt injection pr…
FedTrident: Resilient Road Condition Classification Against Poisoning Attacks in Federated Learning
FedTrident proposes a comprehensive framework to defend Federated Learning-based…
Penny Wise, Pixel Foolish: Bypassing Price Constraints in Multimodal Agents via Visual Adversarial P…
The paper introduces PriceBlind, a white-box adversarial attack framework that d…
Poisoning the Pixels: Revisiting Backdoor Attacks on Semantic Segmentation
This paper systematically revisits and expands the threat model for backdoor att…
Adversarial attacks against Modern Vision-Language Models
The paper evaluates the adversarial robustness of two open-source Vision-Languag…