Monocular Depth Estimation (MDE) is a critical component in applications such as autonomous driving. There are various attacks against MDE networks. These attacks, especially the physical ones, pose a great threat to the security of such systems. Traditional adversarial training method requires ground-truth labels hence cannot be directly applied to self-supervised MDE that does not have ground-truth depth. Some self-supervised model hardening techniques (e.g., contrastive learning) ignore the domain knowledge of MDE and can hardly achieve optimal performance. In this work, we propose a novel adversarial training method for self-supervised MDE models based on view synthesis without using ground-truth depth. We improve adversarial robustness against physical-world attacks using L0-norm-bounded perturbation in training. We compare our method with supervised learning based and contrastive learning based methods that are tailored for MDE. Results on two representative MDE networks show that we achieve better robustness against various adversarial attacks with nearly no benign performance degradation.

翻译：单目深度估计(Monocular Depth Estimation，简称MDE)是自动驾驶等应用中的关键组件。存在各种针对MDE网络的攻击，特别是物理攻击对此类系统的安全构成巨大威胁。传统的对抗性训练方法需要基于真实标签，因此不能直接应用于没有真实深度标签的自我监督式MDE。一些针对MDE的自我监督模型固化技术（例如对比学习）忽略了MDE的领域知识，难以实现最佳性能。本研究提出了一种基于视图合成的新型自我监督MDE模型的对抗性训练方法，无需使用真实深度标签，在训练中使用L0范数限制的扰动来提高对物理攻击的对抗性。我们将我们的方法与针对MDE的基于监督学习和基于对比学习的方法进行了比较。两个代表性的MDE网络表明，我们在各种对抗攻击方面实现了更好的鲁棒性，几乎没有正常性能损失。