EL-Attack: Explicit and Latent Space Hybrid Optimization based General and Effective Attack for Autonomous Driving Trajectory Prediction

Accurate prediction of nearby road actors' future trajectories is crucial for autonomous vehicles. With the development of foundational models, autonomous driving trajectory prediction has seen significant improvements. However, these neural network-based methods are vulnerable to adversarial attacks, challenging the reliability and safety of predictions. Previous attack methods focused on constraint spaces and objective functions, generating adversarial trajectories via perturbations in the explicit space followed by further optimization. However, these methods overlook the threat model's potential. To fully leverage the model's optimization, we propose a novel adversarial attack method, EL-Attack, which emphasizes multi-space collaborative optimization in both explicit and latent spaces. The framework first uses a spatio-temporal attention module to extract semantic representations of the trajectory's spatiotemporal context, then builds a threat model based on an adversarial autoencoder. In the explicit space, we introduce an interactive risk field based on the autonomous vehicle's drivable area to guide the target vehicle's trajectory. In the latent space, we apply semantic-level perturbations on latent vectors and regularize them, enhancing attack targeting and stealthiness. We conducted experiments and evaluations on the Argoverse dataset and a virtual-real testing platform. In terms of effectiveness, compared to the best performing baseline, our method improves the attack success rate by 4.0 % and 15.2 % on the VectorNet and TNT models respectively. we also tested in scenarios such as straight roads, curves, and intersections for real-world validation and transferability.