Yanjiao Chen,Xiaotian Zhu,Xueluan Gong,Xinjing Yi,Shuyang Li

DOI: https://doi.org/10.1109/tii.2022.3198481

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:With the unprecedented development of deep learning, autonomous vehicles (AVs) have achieved tremendous progress nowadays. However, AV supported by DNN models is vulnerable to data poisoning attacks, hindering the large-scale application of autonomous driving. For example, by injecting carefully designed poisons into the training dataset of the DNN model in the traffic sign recognition system, the attacker can mislead the system to make targeted misclassification or cause a reduction in model classification accuracy. In this article, we conduct a thorough investigation of the state-of-the-art data poisoning attacks and defenses against AVs. According to whether the attacker needs to manipulate the data labeling process, we divide the state-of-the-art attack approaches into two categories, i.e., dirty-label attacks and clean-label attacks. We also differentiate the existing defense methods into two categories based on whether to modify the training data or the models, i.e., data-based defenses and model-based defenses. In addition to a detailed review of attacks and defenses in each category, we also give a qualitative comparison of the existing attacks and defenses. Besides, we provide a quantitative comparison of the existing attack and defense methods through experiments. Last but not least, we pinpoint several future directions for data poisoning attacks and defenses in AVs, providing possible ways for further research.

Chen Wang,Jian Chen,Yang Yang,Xiaoqiang Ma,Jiangchuan Liu

DOI: https://doi.org/10.1016/j.dcan.2021.07.009

IF: 6.348

2022-04-01

Digital Communications and Networks

Abstract:Over the past years, the emergence of intelligent networks empowered by machine learning techniques has brought great facilitates to different aspects of human life. However, using machine learning in intelligent networks also presents potential security and privacy threats. A common practice is the so-called poisoning attacks where malicious users inject fake training data with the aim of corrupting the learned model. In this survey, we comprehensively review existing poisoning attacks as well as the countermeasures in intelligent networks for the first time. We emphasize and compare the principles of the formal poisoning attacks employed in different categories of learning algorithms, and analyze the strengths and limitations of corresponding defense methods in a compact form. We also highlight some remaining challenges and future directions in the attack-defense confrontation to promote further research in this emerging yet promising area.

telecommunications

Xiaoyu Jiang,Zhiqiang Ge

DOI: https://doi.org/10.1109/tai.2022.3145335

2022-01-01

IEEE Transactions on Artificial Intelligence

Abstract:With the rapid development of information technology, intelligent upgrading of the manufacturing industry has broken the closed environment of traditional industrial control systems (ICS); thus, the information security of ICS has been seriously threatened. As part of ICS, the process monitoring system (PMS) is heavily subject to external risks. Data-driven PMSs have been widely used as initial lines of defense to ensure ICS safety. Once the PMS is under attack, the consequences on the whole ICS will be unimaginable. Unfortunately, the safety issues of the PMS have received inadequate attention. This article reveals PMS’s vulnerabilities through effective attacks. A novel method called subspace transfer network (STN) is proposed to conduct adversarial and poisoning attacks on the PMS simultaneously. Then the attack task flow is defined and explained to make online adversarial attacks and data poisoning on PMS. Meanwhile, aiming at two poisoning goals, targeted and untargeted attacks of STN are designed, respectively. Finally, the PMS’s fragility is verified in two industrial benchmarks.

Jie Lin,Wei Yu,Nan Zhang,Xinyu Yang,Linqiang Ge

DOI: https://doi.org/10.1109/tvt.2018.2845744

IF: 6.8

2018-01-01

IEEE Transactions on Vehicular Technology

Abstract:Transportation-based Cyber-Physical Systems (TCPS), also known as Intelligent Transportation Systems (ITS), have been introduced to increase traffic efficiency and safety. To reduce traffic congestion and traveling time, a number of real-time route guidance schemes have been developed to assist travelers in determining the optimal route for their transit. In this paper, we address the vulnerability issue of the route guiding process and study data integrity attacks against route guidance schemes. To be specific, we consider a generic attack, in which the adversary may compromise vehicles via wireless communication networks and then manipulate the real-time traffic information generated or forwarded by these vehicles, and finally broadcast the forged real-time traffic information into vehicular networks. We formally model the attack and quantitatively analyze its impact on the effectiveness of route guidance schemes. Our findings show that the investigated data integrity attack can effectively disrupt route guidance, resulting in significant traffic congestion, the increase of travel time, and the imbalanced use of transportation resources.

Liang Ming,Gang Zhao,Minhuan Huang,Xiaohui Kuang,Hu Li,Ming Zhang

DOI: https://doi.org/10.1109/icdis.2018.00037

2018-04-01

Abstract:Modern vehicles in Intelligent Transportation Systems (ITS) can communicate with each other as well as roadside infrastructure units (RSUs) in order to increase transportation efficiency and road safety. For example, there are techniques to alert drivers in advance about traffic incidents and to help them avoid congestion. Threats to these systems, on the other hand, can limit the benefits of these technologies. Securing ITS itself is an important concern in ITS design and implementation. In this paper, we provide a security model of ITS which extends the classic layered network security model with transportation security and information security, and gives a reference for designing ITS architectures. Based on this security model, we also present a classification of ITS threats for defense. Finally a proof-of-concept example with malicious nodes in an ITS system is also given to demonstrate the impact of attacks. We analyzed the threat of malicious nodes and their effects to commuters, like increasing toll fees, travel distances, and travel times etc. Experimental results from simulations based on Veins shows the threats will bring about 43.40% more total toll fees, 39.45% longer travel distances, and 63.10% more travel times.

Junping Zhang,Fei-Yue Wang,Kunfeng Wang,Wei-Hua Lin,Xin Xu,Cheng Chen

DOI: https://doi.org/10.1109/TITS.2011.2158001

IF: 8.5

2011-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:For the last two decades, intelligent transportation systems (ITS) have emerged as an efficient way of improving the performance of transportation systems, enhancing travel security, and providing more choices to travelers. A significant change in ITS in recent years is that much more data are collected from a variety of sources and can be processed into various forms for different stakeholders. The availability of a large amount of data can potentially lead to a revolution in ITS development, changing an ITS from a conventional technology-driven system into a more powerful multifunctional data-driven intelligent transportation system (D2ITS) : a system that is vision, multisource, and learning algorithm driven to optimize its performance. Furthermore, D2ITS is trending to become a privacy-aware people-centric more intelligent system. In this paper, we provide a survey on the development of D2ITS, discussing the functionality of its key components and some deployment issues associated with D2ITS Future research directions for the development of D2ITS is also presented.

Zhibo Wang,Jingjing Ma,Xue Wang,Jiahui Hu,Zhan Qin,Kui Ren

DOI: https://doi.org/10.1145/3538707

IF: 16.6

2023-01-01

ACM Computing Surveys

Abstract:Machine learning (ML) has been universally adopted for automated decisions in a variety of fields, including recognition and classification applications, recommendation systems, natural language processing, and so on. However, in light of high expenses on training data and computing resources, recent years have witnessed a rapid increase in outsourced ML training, either partially or completely, which provides vulnerabilities for adversaries to exploit. A prime threat in training phase is called poisoning attack, where adversaries strive to subvert the behavior of machine learning systems by poisoning training data or other means of interference. Although a growing number of relevant studies have been proposed, the research among poisoning attack is still overly scattered, with each paper focusing on a particular task in a specific domain. In this survey, we summarize and categorize existing attack methods and corresponding defenses, as well as demonstrate compelling application scenarios, thus providing a unified framework to analyze poisoning attacks. Besides, we also discuss the main limitations of current works, along with the corresponding future directions to facilitate further researches. Our ultimate motivation is to provide a comprehensive and self-contained survey of this growing field of research and lay the foundation for a more standardized approach to reproducible studies.

Ya-Ting Yang,Quanyan Zhu

2024-12-06

Abstract:The growing complexity and interconnectivity of Intelligent Transportation Systems (ITS) make them increasingly vulnerable to advanced cyber threats, particularly deceptive information attacks. These sophisticated threats exploit vulnerabilities to manipulate data integrity and decision-making processes through techniques such as data poisoning, spoofing, and phishing. They target multiple ITS domains, including intra-vehicle systems, inter-vehicle communications, transportation infrastructure, and human interactions, creating cascading effects across the ecosystem. This chapter introduces a game-theoretic framework, enhanced by control and learning theories, to systematically analyze and mitigate these risks. By modeling the strategic interactions among attackers, users, and system operators, the framework facilitates comprehensive risk assessment and the design of adaptive, scalable resilience mechanisms. A prime example of this approach is the Proactive Risk Assessment and Mitigation of Misinformed Demand Attacks (PRADA) system, which integrates trust mechanisms, dynamic learning processes, and multi-layered defense strategies to counteract deceptive attacks on navigational recommendation systems. In addition, the chapter explores the broader applicability of these methodologies to address various ITS threats, including spoofing, Advanced Persistent Threats (APTs), and denial-of-service attacks. It highlights cross-domain resilience strategies, offering actionable insights to bolster the security, reliability, and adaptability of ITS. By providing a robust game-theoretic foundation, this work advances the development of comprehensive solutions to the evolving challenges in ITS cybersecurity.

Computer Science and Game Theory

Wenjun Qiu

DOI: https://doi.org/10.48550/arXiv.2202.02510

2022-02-05

Cryptography and Security

Abstract:With the rise of artificial intelligence and machine learning in modern computing, one of the major concerns regarding such techniques is to provide privacy and security against adversaries. We present this survey paper to cover the most representative papers in poisoning attacks against supervised machine learning models. We first provide a taxonomy to categorize existing studies and then present detailed summaries for selected papers. We summarize and compare the methodology and limitations of existing literature. We conclude this paper with potential improvements and future directions to further exploit and prevent poisoning attacks on supervised models. We propose several unanswered research questions to encourage and inspire researchers for future work.

Zhong Li,Xianke Wu,Changjun Jiang

DOI: https://doi.org/10.1051/sands/2022003

2022-01-01

Abstract:Nowadays, large numbers of smart sensors (e.g., road-side cameras) which communicate with nearby base stations could launch distributed denial of services (DDoS) attack storms in intelligent transportation systems. DDoS attacks disable the services provided by base stations. Thus in this paper, considering the uneven communication traffic flows and privacy preserving, we give a hidden Markov model-based prediction model by utilizing the multi-step characteristic of DDoS with a federated learning framework to predict whether DDoS attacks will happen on base stations in the future. However, in the federated learning, we need to consider the problem of poisoning attacks due to malicious participants. The poisoning attacks will lead to the intelligent transportation systems paralysis without security protection. Traditional poisoning attacks mainly apply to the classification model with labeled data. In this paper, we propose a reinforcement learning-based poisoning method specifically for poisoning the prediction model with unlabeled data. Besides, previous related defense strategies rely on validation datasets with labeled data in the server. However, it is unrealistic since the local training datasets are not uploaded to the server due to privacy preserving, and our datasets are also unlabeled. Furthermore, we give a validation dataset-free defense strategy based on Dempster–Shafer (D–S) evidence theory avoiding anomaly aggregation to obtain a robust global model for precise DDoS prediction. In our experiments, we simulate 3000 points in combination with DARPA2000 dataset to carry out evaluations. The results indicate that our poisoning method can successfully poison the global prediction model with unlabeled data in a short time. Meanwhile, we compare our proposed defense algorithm with three popularly used defense algorithms. The results show that our defense method has a high accuracy rate of excluding poisoners and can obtain a high attack prediction probability.

Chao Hong,Zengji Liu,Yiwei Yang,Zhihong Liang,Pandeng Li,Qi Wang

DOI: https://doi.org/10.1109/CYBER59472.2023.10256574

2023-01-01

Abstract:With the expansion of system scale and data size in power systems, data-driven methods are gradually becoming widely used. However, compared with conventional methods, data-driven methods encounter greater risks in terms of data security and algorithm security. This paper suggests a method of poisoning attacks on data-driven strategies in power systems, which considers the success rate of the attack on each node and the bad data detection method. The proposed attack method can generate backdoors during the training of data-driven algorithms, which can be activated not only by information methods such as injecting poisoned data, but also by physical techniques such as artificially creating short-circuit faults. The effectiveness of the proposed poisoning attack is demonstrated with the experiment on an online transient stability application.

Yanxu Zhu,Hong Wen,Runhui Zhao,Yixin Jiang,Qiang Liu,Peng Zhang

DOI: https://doi.org/10.3390/s23094509

IF: 3.9

2023-05-05

Sensors

Abstract:Data poisoning attack is a well-known attack against machine learning models, where malicious attackers contaminate the training data to manipulate critical models and predictive outcomes by masquerading as terminal devices. As this type of attack can be fatal to the operation of a smart grid, addressing data poisoning is of utmost importance. However, this attack requires solving an expensive two-level optimization problem, which can be challenging to implement in resource-constrained edge environments of the smart grid. To mitigate this issue, it is crucial to enhance efficiency and reduce the costs of the attack. This paper proposes an online data poisoning attack framework based on the online regression task model. The framework achieves the goal of manipulating the model by polluting the sample data stream that arrives at the cache incrementally. Furthermore, a point selection strategy based on sample loss is proposed in this framework. Compared to the traditional random point selection strategy, this strategy makes the attack more targeted, thereby enhancing the attack’s efficiency. Additionally, a batch-polluting strategy is proposed in this paper, which synchronously updates the poisoning points based on the direction of gradient ascent. This strategy reduces the number of iterations required for inner optimization and thus reduces the time overhead. Finally, multiple experiments are conducted to compare the proposed method with the baseline method, and the evaluation index of loss over time is proposed to demonstrate the effectiveness of the method. The results show that the proposed method outperforms the existing baseline method in both attack effectiveness and overhead.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yanxu Zhu,Hong Wen,Jinsong Wu,Runhui Zhao

DOI: https://doi.org/10.3934/mbe.2023788

2023-09-15

Abstract:The deep integration of edge computing and Artificial Intelligence (AI) in IoT (Internet of Things)-enabled smart cities has given rise to new edge AI paradigms that are more vulnerable to attacks such as data and model poisoning and evasion of attacks. This work proposes an online poisoning attack framework based on the edge AI environment of IoT-enabled smart cities, which takes into account the limited storage space and proposes a rehearsal-based buffer mechanism to manipulate the model by incrementally polluting the sample data stream that arrives at the appropriately sized cache. A maximum-gradient-based sample selection strategy is presented, which converts the operation of traversing historical sample gradients into an online iterative computation method to overcome the problem of periodic overwriting of the sample data cache after training. Additionally, a maximum-loss-based sample pollution strategy is proposed to solve the problem of each poisoning sample being updated only once in basic online attacks, transforming the bi-level optimization problem from offline mode to online mode. Finally, the proposed online gray-box poisoning attack algorithms are implemented and evaluated on edge devices of IoT-enabled smart cities using an online data stream simulated with offline open-grid datasets. The results show that the proposed method outperforms the existing baseline methods in both attack effectiveness and overhead.

Shaohua Ding,Yulong Tian,Fengyuan Xu,Qun Li,Sheng Zhong

2019-01-01

Abstract:Deep generative models (DGMs) have empowered unprecedented innovations in many application domains. However, their security has not been thoroughly assessed when deploying such models in practice, especially in those mission-critical tasks like autonomous driving. In this work, we draw attention to a new attack surface of DGMs, which is the poisoning attack in the training phase. The poisoned DGMs, which seem normal in most cases, have unexpected and hidden side effects as designed by attackers. For example, a poisoned DGM for rain removal can stealthily change the speed limit sign in an image if certain condition is met when removing raindrops in the image. Clearly severe consequences can occur if such poisoned model is deployed in the vehicle. Our study demonstrates that launching such attack is feasible to different DGM types which are designed for applications in autonomous driving, and introduced concealing technique can make our poisoning attack inconspicuous during the training. Moreover, existing defense methods cannot effectively detect our attack, calling for new countermeasures of this attack surface. In the end, we propose some potential defense strategies inspiring future explorations.

Feilong Wang,Xin Wang,Hong Yuan,Xuegang Ban

DOI: https://doi.org/10.2139/ssrn.4395716

2023-01-01

SSRN Electronic Journal

Abstract:Traffic State Estimation and Prediction (TSEP) is one of the most important and extensively studied areas in traffic modeling. TSEP largely relies on data collected at the infrastructure side and produces traffic measures, which are important both in their own merit (e.g., for performance evaluation) and as a critical input to control and optimization applications. Recent studies have revealed that TSEP applications could be vulnerable to data poisoning attacks, which aim to compromise TSEP solutions by maliciously perturbing input datasets. Despite the threat, defending against data poisoning attacks on TSEP is still an open security problem. This study explores the potential of applying secure infrastructure data to defend against data attacks on TSEP. An infrastructure-enabled framework is developed to extract features from secure infrastructure data, based on which a learning-based attack detector is constructed. Once an attack is detected, the secure infrastructure data is used to correct the TSEP solution. The proposed framework is demonstrated by the queue length estimation model using mobile sensing data. The results show that the proposed framework is more effective than existing defense solutions in detecting attacks and mitigating errors in queue length estimates.

Emad Alsuwat

DOI: https://doi.org/10.1166/jno.2023.3436

2023-05-01

Journal of Nanoelectronics and Optoelectronics

Abstract:One of the primary challenges of artificial intelligence in modern computing is providing privacy and security against adversarial opponents. This survey study covers the most representative poisoning attacks against supervised ML models. The major purpose of this survey is to highlight the most essential facts on security vulnerabilities in context of ML classifiers. Data poisoning attacks entail tampering with data samples provided to method during training stage, which may lead to a drop in the correctness and accuracy during inference stage. This research gathers most significant insights as well as discoveries from most recent existing literature on this topic. Furthermore, this work discusses several defence strategies that promise to provide feasible detection as well as mitigation procedures, as well as extra robustness against malicious attacks.

engineering, electrical & electronic,nanoscience & nanotechnology,physics, applied

Dalton Hahn,Arslan Munir,Vahid Behzadan

DOI: https://doi.org/10.1109/mits.2019.2898973

IF: 5.293

2021-01-01

IEEE Intelligent Transportation Systems Magazine

Abstract:Intelligent Transportation Systems (ITS) aim at integrating sensing, control, analysis, and communication technologies into travel infrastructure and transportation to improve mobility, comfort, safety, and efficiency. Car manufacturers are continuously creating smarter vehicles, and advancements in roadways and infrastructure are changing the feel of travel. Traveling is becoming more efficient and reliable with a range of novel technologies, and research and development in ITS. Safer vehicles are introduced every year with greater considerations for passenger and pedestrian safety, nevertheless, the new technology and increasing connectivity in ITS present unique attack vectors for malicious actors. Smart cities with connected public transportation systems introduce new privacy concerns with the data collected about passengers and their travel habits. In this paper, we provide a comprehensive classification of security and privacy vulnerabilities in ITS. Furthermore, we discuss challenges in addressing security and privacy issues in ITS and contemplate potential mitigation techniques. Finally, we highlight future research directions to make ITS more safe, secure, and privacy-preserving.

engineering, electrical & electronic,transportation science & technology

Wajid Rafique,Maqbool Khan,Xuan Zhao,Nadeem Sarwar,Wanchun Dou

DOI: https://doi.org/10.1007/978-981-15-5232-8_6

2020-01-01

Abstract:Efficient utilization of the IoT generated data helps in the decision-making process as well as the realization of the concept of smart cities into a reality. The smart cities utilize Intelligent Transportation System (ITS) to facilitate smart vehicles to operate independently without much human intervention. The ITS system utilizes the data produced by the smart infrastructure to intelligently operate the smart vehicles and make highly precise decisions in the whole smart city ecosystem. Although ITS has been in its evolutionary phase, this is the right time to realize the vulnerabilities present in the ITS infrastructure that can be exploited by the adversaries to render devastating attacks. The ITS network involves highly sophisticated infrastructure where any anomaly provokes threat to human lives. The ITS data can be manipulated by the adversaries for attacks such as password theft, information spoofing, data manipulation, information loss, eavesdropping, and key fob attacks.

Geming Xia,Jian Chen,Chaodong Yu,Jun Ma

DOI: https://doi.org/10.1109/access.2023.3238823

IF: 3.9

2023-01-01

IEEE Access

Abstract:Federated learning faces many security and privacy issues. Among them, poisoning attacks can significantly impact global models, and malicious attackers can prevent global models from converging or even manipulating the prediction results of global models. Defending against poisoning attacks is a very urgent and challenging task. However, the systematic reviews of poisoning attacks and their corresponding defense strategies from a privacy-preserving perspective still need more effort. This survey provides an in-depth and up-to-date overview of poisoning attacks and corresponding defense strategies in federated learning. We first classify the poisoning attacks according to their methods and targets. Next, we analyze the differences and connections between the various categories of poisoning attacks. In addition, we classify the defense strategies against poisoning attacks in federated learning into three categories and analyze their advantages and disadvantages. Finally, we discuss the privacy protection problem in poisoning attacks and their countermeasure and propose potential research directions from the perspective of attack and defense, respectively.

Li Zhu,Fei Richard Yu,Yige Wang,Bin Ning,Tao Tang

DOI: https://doi.org/10.1109/tits.2018.2815678

IF: 8.5

2019-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Big data is becoming a research focus in intelligent transportation systems (ITS), which can be seen in many projects around the world. Intelligent transportation systems will produce a large amount of data. The produced big data will have profound impacts on the design and application of intelligent transportation systems, which makes ITS safer, more efficient, and profitable. Studying big data analytics in ITS is a flourishing field. This paper first reviews the history and characteristics of big data and intelligent transportation systems. The framework of conducting big data analytics in ITS is discussed next, where the data source and collection methods, data analytics methods and platforms, and big data analytics application categories are summarized. Several case studies of big data analytics applications in intelligent transportation systems, including road traffic accidents analysis, road traffic flow prediction, public transportation service plan, personal travel route plan, rail transportation management and control, and assets maintenance are introduced. Finally, this paper discusses some open challenges of using big data analytics in ITS.

engineering, electrical & electronic,transportation science & technology, civil