Causal Robust Trajectory Prediction Against Adversarial Attacks for Autonomous Vehicles

Autonomous vehicles may mistakenly predict the future trajectories of neighboring vehicles when the trajectory prediction model is under attack. Recent works utilize adversarial training to mitigate the prediction errors of the trajectory prediction model under attacks. However, adversarial training exhibits high training costs and poor generality for different attack methods. Meanwhile, adversarial training improves the trajectory prediction performance under attacks by learning the adversarial examples, which leads to greater performance degradation in normal (without attacks) cases. In this article, to ensure the driving safety of autonomous vehicles, we propose a causal robust trajectory prediction method named CausalRobTra, which employs total direct effect (TDE) inference to defend trajectory predictors against adversarial attacks from the perspective of causal inference theory. First, we propose four directional metrics to evaluate the prediction errors of the trajectory prediction model under attacks. Then, we construct the causal graph of trajectory prediction under attacks and analyze the causalities among the nodes. Next, we conduct the counterfactual intervention on the history trajectory by replacing the history trajectory with the counterfactual trajectory to cut off the link between the history trajectory and the adversarial perturbation. Finally, we calculate TDE by subtracting the counterfactual prediction from the factual prediction to eliminate the impact of adversarial perturbation on the final prediction. Compared with the no-defense case, our method improves the performance by 13.4% under attacks and at the cost of 7.7% performance degradation on clean data. In addition, our method improves the performance by 20.6% on clean data compared with adversarial training and has a similar performance to adversarial training under attacks. Such an improvement can ensure the safety of autonomous vehicles under attacks and avoid many traffic accidents. Our CausalRobTra is a plug-and-play defense method that can be easily applied to any other trajectory prediction model. Extensive experiments demonstrate that our method effectively improves the adversarial robustness of the trajectory prediction model under attacks at the expense of lower performance degradation in normal (without attacks) cases.