Abstract:Autonomous Driving (AD) systems rely on AI components to make safety and correct driving decisions. Unfortunately, today's AI algorithms are known to be generally vulnerable to adversarial attacks. However, for such AI component-level vulnerabilities to be semantically impactful at the system level, it needs to address non-trivial semantic gaps both (1) from the system-level attack input spaces to those at AI component level, and (2) from AI component-level attack impacts to those at the system level. In this paper, we define such research space as semantic AI security as opposed to generic AI security. Over the past 5 years, increasingly more research works are performed to tackle such semantic AI security challenges in AD context, which has started to show an exponential growth trend. In this paper, we perform the first systematization of knowledge of such growing semantic AD AI security research space. In total, we collect and analyze 53 such papers, and systematically taxonomize them based on research aspects critical for the security field. We summarize 6 most substantial scientific gaps observed based on quantitative comparisons both vertically among existing AD AI security works and horizontally with security works from closely-related domains. With these, we are able to provide insights and potential future directions not only at the design level, but also at the research goal, methodology, and community levels. To address the most critical scientific methodology-level gap, we take the initiative to develop an open-source, uniform, and extensible system-driven evaluation platform, named PASS, for the semantic AD AI security research community. We also use our implemented platform prototype to showcase the capabilities and benefits of such a platform using representative semantic AD AI attacks.

What problem does this paper attempt to address?

The paper primarily focuses on the safety issues of artificial intelligence (AI) components in autonomous driving (AD) systems, particularly on the semantic-level attacks that AI might face in real-world applications and their defense mechanisms. Specifically, the paper aims to address the following core issues: 1. **Defining the Concept of "Semantic AI Safety"**: The paper first defines a new research area—"semantic AI safety," which differs from general AI safety. It emphasizes the non-trivial semantic gap between system-level inputs to AI component-level inputs and from AI component-level impacts to system-level impacts. 2. **Systematic Knowledge Organization**: Due to the rapid increase in research on semantic AI safety for autonomous driving in recent years, there is a lack of comprehensive systematic organization. Therefore, the authors collected and analyzed 53 related papers and systematically classified them based on key safety research aspects (such as the target AI components of attacks/defenses, attack targets, attack vectors, etc.). 3. **Identifying Scientific Gaps**: Through quantitative comparison of existing work, the paper summarizes six of the most important scientific gaps. These gaps are not limited to the design level but also include issues at the research objectives, methodology, and community levels. 4. **Developing an Evaluation Platform**: To fill the most critical methodological gap—namely, the lack of system-level evaluation—the paper develops an open-source, unified, and extensible system-driven evaluation platform (PASS) for the autonomous driving semantic AI safety research community. Through this platform, researchers can better assess the effectiveness of attacks and defenses and promote further development in this field. In summary, the main purpose of this paper is to conduct an in-depth study of semantic AI safety in autonomous vehicles and to advance this field through systematic knowledge organization and the development of new evaluation tools.

SoK: On the Semantic AI Security in Autonomous Driving

Too Afraid to Drive: Systematic Discovery of Semantic DoS Vulnerability in Autonomous Driving Planning under Physical-World Attacks

Does Physical Adversarial Example Really Matter to Autonomous Driving? Towards System-Level Effect of Adversarial Object Evasion Attack

Strategic Safety-Critical Attacks Against an Advanced Driver Assistance System

Autonomous Driving Security: State of the Art and Challenges

The Security of Autonomous Driving: Threats, Defenses, and Future Directions

Deep Learning-Based Autonomous Driving Systems: A Survey of Attacks and Defenses

A Survey on Adversarial Attack in the Age of Artificial Intelligence

Security Challenges in Autonomous Systems Design

Security and Privacy for Artificial Intelligence: Opportunities and Challenges

Artificial Intelligence Security: Threats and Countermeasures

Emerging Threats in Deep Learning-Based Autonomous Driving: A Comprehensive Survey

Work-in-Progress: Crash Course: Can (Under Attack) Autonomous Driving Beat Human Drivers?

Achieving the Safety and Security of the End-to-End AV Pipeline

Defense Against Adversarial Ai

Deep learning adversarial attacks and defenses in autonomous vehicles: a systematic literature review from a safety perspective

AI Security for Geoscience and Remote Sensing: Challenges and Future Trends

Artificial intelligence in cyber security: research advances, challenges, and opportunities

AI Agents Under Threat: A Survey of Key Security Challenges and Future Pathways

Safety Co-Pilot: A System for Autonomous Vehicle to Make Decision Safer and Smarter