Ayoosh Bansal,Hunmin Kim,Simon Yu,Bo Li,Naira Hovakimyan,Marco Caccamo,Lui Sha

DOI: https://doi.org/10.1002/stvr.1879

2024-05-29

Software Testing Verification and Reliability

Abstract:The traditional autonomous driving system (mission layer) is monitored at runtime by the safety layer, which includes verifiable algorithms only. Utilizing the detectability model for such perception algorithms, safety layer provides deterministic fault detection and collision avoidance properties. This framework presents a promising approach towards the end goal of verifiable end‐to‐end safety in autonomous vehicles. Detectability model provides deterministic translation between safety policies, sensors and algorithm parameters and safety guarantees. Such a model can only be devised for fully analysable and verifiable solutions, a requirement not met by deep neural networks. Advances in deep learning have revolutionized cyber‐physical applications, including the development of autonomous vehicles. However, real‐world collisions involving autonomous control of vehicles have raised significant safety concerns regarding the use of deep neural networks (DNNs) in safety‐critical tasks, particularly perception. The inherent unverifiability of DNNs poses a key challenge in ensuring their safe and reliable operation. In this work, we propose perception simplex (PS ), a fault‐tolerant application architecture designed for obstacle detection and collision avoidance. We analyse an existing LiDAR‐based classical obstacle detection algorithm to establish strict bounds on its capabilities and limitations. Such analysis and verification have not been possible for deep learning‐based perception systems yet. By employing verifiable obstacle detection algorithms, PS identifies obstacle existence detection faults in the output of unverifiable DNN‐based object detectors. When faults with potential collision risks are detected, appropriate corrective actions are initiated. Through extensive analysis and software‐in‐the‐loop simulations, we demonstrate that PS provides deterministic fault tolerance against obstacle existence detection faults, establishing a robust safety guarantee.

computer science, software engineering

Ayoosh Bansal,Hunmin Kim,Simon Yu,Bo Li,Naira Hovakimyan,Marco Caccamo,Lui Sha

DOI: https://doi.org/10.1109/ISSRE55969.2022.00017

2022-08-31

Abstract:Perception of obstacles remains a critical safety concern for autonomous vehicles. Real-world collisions have shown that the autonomy faults leading to fatal collisions originate from obstacle existence detection. Open source autonomous driving implementations show a perception pipeline with complex interdependent Deep Neural Networks. These networks are not fully verifiable, making them unsuitable for safety-critical tasks. In this work, we present a safety verification of an existing LiDAR based classical obstacle detection algorithm. We establish strict bounds on the capabilities of this obstacle detection algorithm. Given safety standards, such bounds allow for determining LiDAR sensor properties that would reliably satisfy the standards. Such analysis has as yet been unattainable for neural network based perception systems. We provide a rigorous analysis of the obstacle detection system with empirical results based on real-world sensor data.

Robotics,Computer Vision and Pattern Recognition,Systems and Control

Ayoosh Bansal,Yang Zhao,James Zhu,Sheng Cheng,Yuliang Gu,Hyung-Jin Yoon,Hunmin Kim,Naira Hovakimyan,Lui Sha

DOI: https://doi.org/10.2514/6.2024-1167

2023-12-06

Abstract:Perception, Planning, and Control form the essential components of autonomy in advanced air mobility. This work advances the holistic integration of these components to enhance the performance and robustness of the complete cyber-physical system. We adapt Perception Simplex, a system for verifiable collision avoidance amidst obstacle detection faults, to the vertical landing maneuver for autonomous air mobility vehicles. We improve upon this system by replacing static assumptions of control capabilities with dynamic confirmation, i.e., real-time confirmation of control limitations of the system, ensuring reliable fulfillment of safety maneuvers and overrides, without dependence on overly pessimistic assumptions. Parameters defining control system capabilities and limitations, e.g., maximum deceleration, are continuously tracked within the system and used to make safety-critical decisions. We apply these techniques to propose a verifiable collision avoidance solution for autonomous aerial mobility vehicles operating in cluttered and potentially unsafe environments.

Robotics,Systems and Control

Cornelius Buerkle,Florian Geissler,Michael Paulitsch,Kay-Ulrich Scholl

DOI: https://doi.org/10.48550/arXiv.2111.12360

2021-11-24

Abstract:While the most visible part of the safety verification process of automated vehicles concerns the planning and control system, it is often overlooked that safety of the latter crucially depends on the fault-tolerance of the preceding environment perception. Modern perception systems feature complex and often machine-learning-based components with various failure modes that can jeopardize the overall safety. At the same time, a verification by for example redundant execution is not always feasible due to resource constraints. In this paper, we address the need for feasible and efficient perception monitors and propose a lightweight approach that helps to protect the integrity of the perception system while keeping the additional compute overhead minimal. In contrast to existing solutions, the monitor is realized by a well-balanced combination of sensor checks -- here using LiDAR information -- and plausibility checks on the object motion history. It is designed to detect relevant errors in the distance and velocity of objects in the environment of the automated vehicle. In conjunction with an appropriate planning system, such a monitor can help to make safe automated driving feasible.

Robotics

Chiao Hsieh,Keyur Joshi,Sasa Misailovic,Sayan Mitra

DOI: https://doi.org/10.48550/arXiv.2111.05534

IF: 3.7

2021-11-10

Robotics

Abstract:Convolutional Neural Networks (CNN) for object detection, lane detection, and segmentation now sit at the head of most autonomy pipelines, and yet, their safety analysis remains an important challenge. Formal analysis of perception models is fundamentally difficult because their correctness is hard if not impossible to specify. We present a technique for inferring intelligible and safe abstractions for perception models from system-level safety requirements, data, and program analysis of the modules that are downstream from perception. The technique can help tradeoff safety, size, and precision, in creating abstractions and the subsequent verification. We apply the method to two significant case studies based on high-fidelity simulations (a) a vision-based lane keeping controller for an autonomous vehicle and (b) a controller for an agricultural robot. We show how the generated abstractions can be composed with the downstream modules and then the resulting abstract system can be verified using program analysis tools like CBMC. Detailed evaluations of the impacts of size, safety requirements, and the environmental parameters (e.g., lighting, road surface, plant type) on the precision of the generated abstractions suggest that the approach can help guide the search for corner cases and safe operating envelops.

Stephanie Abrecht,Alexander Hirsch,Shervin Raafatnia,Matthias Woehrle

2024-07-12

Abstract:Recent advances in the field of deep learning and impressive performance of deep neural networks (DNNs) for perception have resulted in an increased demand for their use in automated driving (AD) systems. The safety of such systems is of utmost importance and thus requires to consider the unique properties of DNNs. In order to achieve safety of AD systems with DNN-based perception components in a systematic and comprehensive approach, so-called safety concerns have been introduced as a suitable structuring element. On the one hand, the concept of safety concerns is -- by design -- well aligned to existing standards relevant for safety of AD systems such as ISO 21448 (SOTIF). On the other hand, it has already inspired several academic publications and upcoming standards on AI safety such as ISO PAS 8800. While the concept of safety concerns has been previously introduced, this paper extends and refines it, leveraging feedback from various domain and safety experts in the field. In particular, this paper introduces an additional categorization for a better understanding as well as enabling cross-functional teams to jointly address the concerns.

Machine Learning,Computer Vision and Pattern Recognition,Systems and Control

Chih-Hong Cheng,Chung-Hao Huang,Thomas Brunner,Vahid Hashemi

DOI: https://doi.org/10.48550/arXiv.1904.04706

2019-11-21

Abstract:We study the problem of safety verification of direct perception neural networks, where camera images are used as inputs to produce high-level features for autonomous vehicles to make control decisions. Formal verification of direct perception neural networks is extremely challenging, as it is difficult to formulate the specification that requires characterizing input as constraints, while the number of neurons in such a network can reach millions. We approach the specification problem by learning an input property characterizer which carefully extends a direct perception neural network at close-to-output layers, and address the scalability problem by a novel assume-guarantee based verification approach. The presented workflow is used to understand a direct perception neural network (developed by Audi) which computes the next waypoint and orientation for autonomous vehicles to follow.

Software Engineering,Machine Learning

Sever Topan,Karen Leung,Yuxiao Chen,Pritish Tupekar,Edward Schmerling,Jonas Nilsson,Michael Cox,Marco Pavone

DOI: https://doi.org/10.48550/arXiv.2206.12471

2022-06-25

Abstract:To enable safe autonomous vehicle (AV) operations, it is critical that an AV's obstacle detection module can reliably detect obstacles that pose a safety threat (i.e., are safety-critical). It is therefore desirable that the evaluation metric for the perception system captures the safety-criticality of objects. Unfortunately, existing perception evaluation metrics tend to make strong assumptions about the objects and ignore the dynamic interactions between agents, and thus do not accurately capture the safety risks in reality. To address these shortcomings, we introduce an interaction-dynamics-aware obstacle detection evaluation metric by accounting for closed-loop dynamic interactions between an ego vehicle and obstacles in the scene. By borrowing existing theory from optimal control theory, namely Hamilton-Jacobi reachability, we present a computationally tractable method for constructing a ``safety zone'': a region in state space that defines where safety-critical obstacles lie for the purpose of defining safety metrics. Our proposed safety zone is mathematically complete, and can be easily computed to reflect a variety of safety requirements. Using an off-the-shelf detection algorithm from the nuScenes detection challenge leaderboard, we demonstrate that our approach is computationally lightweight, and can better capture safety-critical perception errors than a baseline approach.

Robotics,Systems and Control

Jiachen Sun,Yulong Cao,Qi Alfred Chen,Z. Morley Mao

DOI: https://doi.org/10.48550/arXiv.2006.16974

2020-06-30

Cryptography and Security

Abstract:Perception plays a pivotal role in autonomous driving systems, which utilizes onboard sensors like cameras and LiDARs (Light Detection and Ranging) to assess surroundings. Recent studies have demonstrated that LiDAR-based perception is vulnerable to spoofing attacks, in which adversaries spoof a fake vehicle in front of a victim self-driving car by strategically transmitting laser signals to the victim's LiDAR sensor. However, existing attacks suffer from effectiveness and generality limitations. In this work, we perform the first study to explore the general vulnerability of current LiDAR-based perception architectures and discover that the ignored occlusion patterns in LiDAR point clouds make self-driving cars vulnerable to spoofing attacks. We construct the first black-box spoofing attack based on our identified vulnerability, which universally achieves around 80% mean success rates on all target models. We perform the first defense study, proposing CARLO to mitigate LiDAR spoofing attacks. CARLO detects spoofed data by treating ignored occlusion patterns as invariant physical features, which reduces the mean attack success rate to 5.5%. Meanwhile, we take the first step towards exploring a general architecture for robust LiDAR-based perception, and propose SVF that embeds the neglected physical features into end-to-end learning. SVF further reduces the mean attack success rate to around 2.3%.

Chen Sun,Minghao Ning,Zejian Deng,Amir Khajepour

DOI: https://doi.org/10.1109/tvt.2024.3369100

IF: 6.8

2024-01-01

IEEE Transactions on Vehicular Technology

Abstract:Self-evaluation and monitoring are critical components in autonomous driving applications, especially for safety purposes, and yet there is no systematic framework to estimate the learning-based perception system in real-time. This paper aims to provide a general strategy for estimating how reliable the perception results generated from the black-box neural networks are in real-time. The perception safety evaluation problem has been formulated in a probabilistic framework, and theoretical analysis suggests that the existing geofencing or rule-based safety checking is a simplified version of the proposed strategy. The offline testing knowledge and real-time measured evidence are encoded as conditional probabilities and priors in the Bayesian network. The confidence score of the neural networks is utilized as an auxiliary factor to regularize the perception safety evaluation. Simulation and experimental results demonstrate the effectiveness of the proposed safety evaluation for perception systems under virtual and real data in city driving. In addition, we show that the proposed method can generate the necessary warning signals to support downstream safety monitoring and fail-degraded system functionalities.

telecommunications,engineering, electrical & electronic,transportation science & technology

Adith Boloor,Karthik Garimella,Xin He,Christopher Gill,Yevgeniy Vorobeychik,Xuan Zhang

DOI: https://doi.org/10.1016/j.sysarc.2020.101766

IF: 5.836

2020-11-01

Journal of Systems Architecture

Abstract:<p>Recent advances in machine learning, especially techniques such as deep neural networks, are enabling a range of emerging applications. One such example is autonomous driving, which often relies on deep learning for perception. However, deep learning-based perception has been shown to be vulnerable to a host of subtle adversarial manipulations of images. Nevertheless, the vast majority of such demonstrations focus on perception that is disembodied from end-to-end control. We present novel end-to-end attacks on autonomous driving in simulation, using simple physically realizable attacks: the painting of black lines on the road. These attacks target deep neural network models for end-to-end autonomous driving control. A systematic investigation shows that such attacks are easy to engineer, and we describe scenarios (e.g., right turns) in which they are highly effective. We define several objective functions that quantify the success of an attack and develop techniques based on Bayesian Optimization to efficiently traverse the search space of higher dimensional attacks. Additionally, we define a novel class of <em>hijacking</em> attacks, where painting lines on the road cause the driverless car to follow a target path. Through the use of network deconvolution, we provide insights into the successful attacks, which appear to work by mimicking activations of entirely different scenarios. Our code is available on <a href="https://github.com/xz-group/AdverseDrive">https://github.com/xz-group/AdverseDrive</a></p>

computer science, software engineering, hardware & architecture

Oliver Willers,Sebastian Sudholt,Shervin Raafatnia,Stephanie Abrecht

DOI: https://doi.org/10.48550/arXiv.2001.08001

2020-01-22

Abstract:Deep learning methods are widely regarded as indispensable when it comes to designing perception pipelines for autonomous agents such as robots, drones or automated vehicles. The main reasons, however, for deep learning not being used for autonomous agents at large scale already are safety concerns. Deep learning approaches typically exhibit a black-box behavior which makes it hard for them to be evaluated with respect to safety-critical aspects. While there have been some work on safety in deep learning, most papers typically focus on high-level safety concerns. In this work, we seek to dive into the safety concerns of deep learning methods and present a concise enumeration on a deeply technical level. Additionally, we present extensive discussions on possible mitigation methods and give an outlook regarding what mitigation methods are still missing in order to facilitate an argumentation for the safety of a deep learning method.

Machine Learning,Computer Vision and Pattern Recognition

Qinbing Fu,Nicola Bellotto,Huatian Wang,F. Claire Rind,Hongxin Wang,Shigang Yue

DOI: https://doi.org/10.1007/978-3-030-19823-7_5

2019-01-01

Abstract:This research addresses the challenging problem of visual collision detection in very complex and dynamic real physical scenes, specifically, the vehicle driving scenarios. This research takes inspiration from a large-field looming sensitive neuron, i.e., the lobula giant movement detector (LGMD) in the locust’s visual pathways, which represents high spike frequency to rapid approaching objects. Building upon our previous models, in this paper we propose a novel inhibition mechanism that is capable of adapting to different levels of background complexity. This adaptive mechanism works effectively to mediate the local inhibition strength and tune the temporal latency of local excitation reaching the LGMD neuron. As a result, the proposed model is effective to extract colliding cues from complex dynamic visual scenes. We tested the proposed method using a range of stimuli including simulated movements in grating backgrounds and shifting of a natural panoramic scene, as well as vehicle crash video sequences. The experimental results demonstrate the proposed method is feasible for fast collision perception in real-world situations with potential applications in future autonomous vehicles.

Xiaotong Zhang,Jinger Chong,Kamal Youcef-Toumi

DOI: https://doi.org/10.48550/arXiv.2312.07744

2023-12-13

Abstract:Perception serves as a critical component in the functionality of autonomous agents. However, the intricate relationship between perception metrics and robotic metrics remains unclear, leading to ambiguity in the development and fine-tuning of perception algorithms. In this paper, we introduce a methodology for quantifying this relationship, taking into account factors such as detection rate, detection quality, and latency. Furthermore, we introduce two novel metrics for Human-Robot Collaboration safety predicated upon perception metrics: Critical Collision Probability (CCP) and Average Collision Probability (ACP). To validate the utility of these metrics in facilitating algorithm development and tuning, we develop an attentive processing strategy that focuses exclusively on key input features. This approach significantly reduces computational time while preserving a similar level of accuracy. Experimental results indicate that the implementation of this strategy in an object detector leads to a maximum reduction of 30.091% in inference time and 26.534% in total time per frame. Additionally, the strategy lowers the CCP and ACP in a baseline model by 11.252% and 13.501%, respectively. The source code will be made publicly available in the final proof version of the manuscript.

Robotics

Qi Zhu,Wenchao Li,Chao Huang,Xin Chen,Weichao Zhou,Yixuan Wang,Jiajun Li,Feisi Fu

DOI: https://doi.org/10.1109/Allerton58177.2023.10313451

2023-01-01

Abstract:Neural networks are being applied to a wide range of tasks in autonomous systems, such as perception, prediction, planning, control, and general decision making. While they may improve system performance over traditional physical model-based methods, pressing concerns have been raised on the uncertain behaviors of neural networks under varying inputs, especially for safety-critical systems such as autonomous vehicles and robots. In this paper, we will discuss the challenges in ensuring the safety and robustness of neural network-enabled autonomous systems, and present our recent work in addressing these challenges. These include methods for certifying the robustness of neural networks, verifying the safety of neural network-controlled systems, designing these systems with safety assurance, and conducting safety-assured runtime adaptation.

T.K.Shaik Shavali

DOI: https://doi.org/10.52783/jes.1374

2024-04-04

Abstract:This examination explores ongoing risk location in independent vehicles through the use of profound learning philosophies, expecting to upgrade street security. Utilizing Convolutional Neural Networks (CNNs) and Recurrent Neural Networks (RNNs), the review centers around distinguishing and grouping dangers like people on foot, vehicles, obstructions, and street abnormalities in assorted driving situations. By examining information from locally available sensors including cameras, LiDAR, and radar, the profound learning models learn perplexing examples and portrayals, empowering them to settle on informed choices in powerful conditions. The trial results exhibit the viability of the proposed approaches, with CNN-based and RNN-based models accomplishing high exactness, accuracy, review, and F1-score upsides of 0.95, 0.93, 0.96, and 0.94 individually. These outcomes outperform those of conventional AI calculations and pattern techniques, displaying the predominance of profound learning in danger identification undertakings. Also, examinations with related work highlight the headways accomplished, featuring the capability of profoundly figuring out how to upgrade the well-being abilities of independent vehicles. In general, this examination adds to the continuous endeavors in creating solid and effective danger recognition frameworks, making ready for more secure and more dependable independent driving innovation.

Vijayakumar P.,Jegatha Deborah L.,Rajkumar S. C.

DOI: https://doi.org/10.4018/ijssci.291712

2022-01-01

International Journal of Software Science and Computational Intelligence

Abstract:The Light Detection and Ranging (LiDAR) sensor is utilized to track each sensed obstructions at their respective locations with their relative distance, speed, and direction; such sensitive information forwards to the cloud server to predict the vehicle-hit, traffic congestion and road damages. Learn the behaviour of the state to produce an appropriate reward as the recommendation to avoid tragedy. Deep Reinforcement Learning and Q-network predict the complexity and uncertainty of the environment to generate optimal reward to states. Consequently, it activates automatic emergency braking and safe parking assistance to the vehicles. In addition, the proposed work provides safer transport for pedestrians and independent vehicles. Compared to the newer methods, the proposed system experimental results achieved 92.15% higher prediction rate accuracy. Finally, the proposed system saves many humans, animal lives from the vehicle hit, suggests drivers for rerouting to avoid unpredictable traffic, saves fuel consumption, and avoids carbon emission.

Huihui Wu,Deyun Lv,Tengxiang Cui,Gang Hou,Masahiko Watanabe,Weiqiang Kong

DOI: https://doi.org/10.1007/s00165-021-00539-2

2021-01-01

Formal Aspects of Computing

Abstract:Self-driving cars over the last decade have achieved significant progress like driving millions of miles without any human intervention. However, behavioral safety in applying deep-neural-network-based (DNN based) systems for self-driving cars could not be guaranteed. Several real-world accidents involving self-driving cars have already happened, some of which have led to fatal collisions. In this paper, we present a novel and automated technique for verifying steering angle safety for self-driving cars. The technique is based on deep learning verification (DLV), which is an automated verification framework for safety of image classification neural networks. We extend DLV by leveraging neuron coverage and slack relationship to solve the judgement problem of predicted behaviors, and thus, to achieve verification of steering angle safety for self-driving cars. We evaluate our technique on the NVIDIA’s end-to-end self-driving architecture, which is a crucial ingredient in many modern self-driving cars. Experimental results show that our technique can successfully find adversarial misclassifications (i.e., incorrect steering decisions) within given regions if they exist. Therefore, we can achieve safety verification (if no misclassification is found for all DNN layers, in which case the network can be said to be stable or reliable w.r.t. steering decisions) or falsification (in which case the adversarial examples can be used to fine-tune the network).

Shengduo Chen,Yaowei Sun,Dachuan Li,Qiang Wang,Qi Hao,Joseph Sifakis

DOI: https://doi.org/10.48550/arXiv.2109.13446

2021-09-28

Abstract:Providing safety guarantees for Autonomous Vehicle (AV) systems with machine-learning-based controllers remains a challenging issue. In this work, we propose Simplex-Drive, a framework that can achieve runtime safety assurance for machine-learning enabled controllers of AVs. The proposed Simplex-Drive consists of an unverified Deep Reinforcement Learning (DRL)-based advanced controller (AC) that achieves desirable performance in complex scenarios, a Velocity-Obstacle (VO) based baseline safe controller (BC) with provably safety guarantees, and a verified mode management unit that monitors the operation status and switches the control authority between AC and BC based on safety-related conditions. We provide a formal correctness proof of Simplex-Drive and conduct a lane-changing case study in dense traffic scenarios. The simulation experiment results demonstrate that Simplex-Drive can always ensure operation safety without sacrificing control performance, even if the DRL policy may lead to deviations from the safe status.

Robotics,Systems and Control

Yulong Cao,Chaowei Xiao,Benjamin Cyr,Yimeng Zhou,Won Park,Sara Rampazzi,Qi Alfred Chen,Kevin Fu,Z. Morley Mao

DOI: https://doi.org/10.1145/3319535.3339815

2019-11-06

Abstract:In Autonomous Vehicles (AVs), one fundamental pillar is perception,which leverages sensors like cameras and LiDARs (Light Detection and Ranging) to understand the driving environment. Due to its direct impact on road safety, multiple prior efforts have been made to study its the security of perception systems. In contrast to prior work that concentrates on camera-based perception, in this work we perform the first security study of LiDAR-based perception in AV settings, which is highly important but unexplored. We consider LiDAR spoofing attacks as the threat model and set the attack goal as spoofing obstacles close to the front of a victim AV. We find that blindly applying LiDAR spoofing is insufficient to achieve this goal due to the machine learning-based object detection process.Thus, we then explore the possibility of strategically controlling the spoofed attack to fool the machine learning model. We formulate this task as an optimization problem and design modeling methods for the input perturbation function and the objective function.We also identify the inherent limitations of directly solving the problem using optimization and design an algorithm that combines optimization and global sampling, which improves the attack success rates to around 75%. As a case study to understand the attack impact at the AV driving decision level, we construct and evaluate two attack scenarios that may damage road safety and mobility.We also discuss defense directions at the AV system, sensor, and machine learning model levels.