Daniel Williams,Chelece Clark,Rachel McGahan,Bradley Potteiger,Daniel Cohen,Patrick Musau

DOI: https://doi.org/10.1109/icaa52185.2022.00020

2022-03-01

Abstract:Steady advancement in Artificial Intelligence (AI) development over recent years has caused AI systems to become more readily adopted across industry and military use-cases globally. As powerful as these algorithms are, there are still gaping questions regarding their security and reliability. Beyond adversarial machine learning, software supply chain vulnerabilities and model backdoor injection exploits are emerging as potential threats to the physical safety of AI reliant CPS such as autonomous vehicles. In this work in progress paper, we introduce the concept of AI supply chain vulnerabilities with a provided proof of concept autonomous exploitation framework. We investigate the viability of algorithm backdoors and software third party library dependencies for applicability into modern AI attack kill chains. We leverage an autonomous vehicle case study for demonstrating the applicability of our offensive methodologies within a realistic AI CPS operating environment.

R. Spencer Hallyburton,Qingzhao Zhang,Z. Morley Mao,Miroslav Pajic

2023-12-08

Abstract:What happens to an autonomous vehicle (AV) if its data are adversarially compromised? Prior security studies have addressed this question through mostly unrealistic threat models, with limited practical relevance, such as white-box adversarial learning or nanometer-scale laser aiming and spoofing. With growing evidence that cyber threats pose real, imminent danger to AVs and cyber-physical systems (CPS) in general, we present and evaluate a novel AV threat model: a cyber-level attacker capable of disrupting sensor data but lacking any situational awareness. We demonstrate that even though the attacker has minimal knowledge and only access to raw data from a single sensor (i.e., LiDAR), she can design several attacks that critically compromise perception and tracking in multi-sensor AVs. To mitigate vulnerabilities and advance secure architectures in AVs, we introduce two improvements for security-aware fusion: a probabilistic data-asymmetry monitor and a scalable track-to-track fusion of 3D LiDAR and monocular detections (T2T-3DLM); we demonstrate that the approaches significantly reduce attack effectiveness. To support objective safety and security evaluations in AVs, we release our security evaluation platform, AVsec, which is built on security-relevant metrics to benchmark AVs on gold-standard longitudinal AV datasets and AV simulators.

Cryptography and Security,Systems and Control

Xugui Zhou,Anna Schmedding,Haotian Ren,Lishan Yang,Philip Schowitz,Evgenia Smirni,Homa Alemzadeh

DOI: https://doi.org/10.48550/arXiv.2204.06768

2022-07-05

Abstract:A growing number of vehicles are being transformed into semi-autonomous vehicles (Level 2 autonomy) by relying on advanced driver assistance systems (ADAS) to improve the driving experience. However, the increasing complexity and connectivity of ADAS expose the vehicles to safety-critical faults and attacks. This paper investigates the resilience of a widely-used ADAS against safety-critical attacks that target the control system at opportune times during different driving scenarios and cause accidents. Experimental results show that our proposed Context-Aware attacks can achieve an 83.4% success rate in causing hazards, 99.7% of which occur without any warnings. These results highlight the intolerance of ADAS to safety-critical attacks and the importance of timely interventions by human drivers or automated recovery mechanisms to prevent accidents.

Software Engineering,Cryptography and Security

Ivo Zenden,Han Wang,Alfonso Iacovazzi,Arash Vahidi,Rolf Blom,Shahid Raza

DOI: https://doi.org/10.1109/VNC57357.2023.10136285

2023-06-26

Abstract:Modern automotive functions are controlled by a large number of small computers called electronic control units (ECUs). These functions span from safety-critical autonomous driving to comfort and infotainment. ECUs communicate with one another over multiple internal networks using different technologies. Some, such as Controller Area Network (CAN), are very simple and provide minimal or no security services. Machine learning techniques can be used to detect anomalous activities in such networks. However, it is necessary that these machine learning techniques are not prone to adversarial attacks. In this paper, we investigate adversarial sample vulnerabilities in four different machine learning-based intrusion detection systems for automotive networks. We show that adversarial samples negatively impact three of the four studied solutions. Furthermore, we analyze transferability of adversarial samples between different systems. We also investigate detection performance and the attack success rate after using adversarial samples in the training. After analyzing these results, we discuss whether current solutions are mature enough for a use in modern vehicles.

Cryptography and Security

Hui Cao,Wenlong Zou,Yinkun Wang,Ting Song,Mengjun Liu

2022-10-19

Abstract:Since the 2004 DARPA Grand Challenge, the autonomous driving technology has witnessed nearly two decades of rapid development. Particularly, in recent years, with the application of new sensors and deep learning technologies extending to the autonomous field, the development of autonomous driving technology has continued to make breakthroughs. Thus, many carmakers and high-tech giants dedicated to research and system development of autonomous driving. However, as the foundation of autonomous driving, the deep learning technology faces many new security risks. The academic community has proposed deep learning countermeasures against the adversarial examples and AI backdoor, and has introduced them into the autonomous driving field for verification. Deep learning security matters to autonomous driving system security, and then matters to personal safety, which is an issue that deserves attention and research.This paper provides an summary of the concepts, developments and recent research in deep learning security technologies in autonomous driving. Firstly, we briefly introduce the deep learning framework and pipeline in the autonomous driving system, which mainly include the deep learning technologies and algorithms commonly used in this field. Moreover, we focus on the potential security threats of the deep learning based autonomous driving system in each functional layer in turn. We reviews the development of deep learning attack technologies to autonomous driving, investigates the State-of-the-Art algorithms, and reveals the potential risks. At last, we provides an outlook on deep learning security in the autonomous driving field and proposes recommendations for building a safe and trustworthy autonomous driving system.

Cryptography and Security,Artificial Intelligence,Machine Learning

Bhavani Bhavani,Soundarya. S.,Tejashwini. V.,Sumitha. S.,,,,

DOI: https://doi.org/10.54216/jchci.070105

2024-01-01

Journal of Cognitive Human-Computer Interaction

Abstract:The increasing prevalence of deep learning technology has paved the way for a new era of AI-powered capabilities, promising revolutionary advancements across various societal domains such as healthcare and autonomous vehicles. Despite offering potent solutions to complex problems, the formidable power of these AI systems is accompanied by a susceptibility that malicious actors could exploit. Adversarial attacks, particularly targeting deep learning models, involve the crafting of altered inputs, often imperceptible changes to images, to deceive or undermine the functionality of the AI system. Within the domain of autonomous driving systems, adversarial attacks pose a severe risk. Envision a situation where a precisely manipulated adversarial attack targets a red traffic light sign, causing the AI system to misclassify it as an entirely unrelated object, perhaps identifying it as a bird. The potential consequences of such misclassifications underscore the serious impact that adversarial attacks can exert on the safety and dependability of autonomous vehicles. The potential repercussions of such misclassification are severe, with the risk of causing traffic accidents and posing a notable safety threat. Ensuring the resilience and security of AI technologies against adversarial threats is of utmost importance as AI continues to play a pivotal role in critical applications such as healthcare, finance, and autonomous systems. It necessitates a holistic strategy that melds advanced research, meticulous testing, and the deployment of robust security measures. This comprehensive approach is essential for fostering trust and mitigating potential harm in an ever- growing, AI-driven world.

Austin Wyatt,

DOI: https://doi.org/10.60097/acig/162874

2023-12-28

Abstract:The development of increasingly AI-enabled autonomous systems and other military applications of Artificial Intelligence (AI) have been recognised as emergent major military innovations. In the absence of an effective and enforceable ban on their development and/or usage arising from the Group of Governmental Experts on Lethal Autonomous Weapon Systems (LAWS), it is likely that such systems will continue to be development. Amongst the legal, ethical, practical, and strategic concerns raised by the emergence of such systems, it is important not to lose sight of the risks involved in relying on a high-manufactured system in place of a human. This places additional strains and importance on securing diverse, complex, and over cross-jurisdictional supply chains. This article focuses on the vulnerability of and the risks to the integrity and security of the supply chains responsible for producing AI-enabled autonomous military systems.

Kaichen Yang,Tzungyu Tsai,Honggang Yu,Max Panoff,Tsung-Yi Ho,Yier Jin

DOI: https://doi.org/10.1145/3433210.3453106

2021-05-24

Abstract:As Autonomous Vehicles (AVs) mature into viable transportation solutions, mitigating potential vehicle control security risks becomes increasingly important. Perception modules in AVs combine multiple sensors to perceive the surrounding environment. As such, they have been the focus of efforts to exploit the aforementioned risks due to their critical role in controlling autonomous driving technology. Despite extensive and thorough research into the vulnerability of camera-based sensors, vulnerabilities originating from Lidar sensors and their corresponding deep learning models in AVs remain comparatively untouched. Being aware that small roadside objects can be occasionally incorrectly identified as vehicles through on-board deep learning models, we propose a novel adversarial attack inspired by this phenomenon in both white-box and black-box scenarios. The adversarial attacks proposed in this paper are launched against deep learning models that perform object detection tasks through raw 3D points collected by a Lidar sensor in an autonomous driving scenario. In comparison to existing works, our attack creates not only adversarial point clouds in simulated environments, but also robust adversarial objects that can cause behavioral reactions in state of the art autonomous driving systems. Defense methods are then proposed and evaluated against this type of adversarial objects.

Ayodeji Oseni,Nour Moustafa,Helge Janicke,Peng Liu,Zahir Tari,Athanasios Vasilakos

DOI: https://doi.org/10.48550/arXiv.2102.04661

2021-02-09

Cryptography and Security

Abstract:The increased adoption of Artificial Intelligence (AI) presents an opportunity to solve many socio-economic and environmental challenges; however, this cannot happen without securing AI-enabled technologies. In recent years, most AI models are vulnerable to advanced and sophisticated hacking techniques. This challenge has motivated concerted research efforts into adversarial AI, with the aim of developing robust machine and deep learning models that are resilient to different types of adversarial scenarios. In this paper, we present a holistic cyber security review that demonstrates adversarial attacks against AI applications, including aspects such as adversarial knowledge and capabilities, as well as existing methods for generating adversarial examples and existing cyber defence models. We explain mathematical AI models, especially new variants of reinforcement and federated learning, to demonstrate how attack vectors would exploit vulnerabilities of AI models. We also propose a systematic framework for demonstrating attack techniques against AI applications and reviewed several cyber defences that would protect AI applications against those attacks. We also highlight the importance of understanding the adversarial goals and their capabilities, especially the recent attacks against industry applications, to develop adaptive defences that assess to secure AI applications. Finally, we describe the main challenges and future research directions in the domain of security and privacy of AI technologies.

Amirhosein Chahe,Chenan Wang,Abhishek Jeyapratap,Kaidi Xu,Lifeng Zhou

2024-05-15

Abstract:This paper introduces an attacking mechanism to challenge the resilience of autonomous driving systems. Specifically, we manipulate the decision-making processes of an autonomous vehicle by dynamically displaying adversarial patches on a screen mounted on another moving vehicle. These patches are optimized to deceive the object detection models into misclassifying targeted objects, e.g., traffic signs. Such manipulation has significant implications for critical multi-vehicle interactions such as intersection crossing and lane changing, which are vital for safe and efficient autonomous driving systems. Particularly, we make four major contributions. First, we introduce a novel adversarial attack approach where the patch is not co-located with its target, enabling more versatile and stealthy attacks. Moreover, our method utilizes dynamic patches displayed on a screen, allowing for adaptive changes and movement, enhancing the flexibility and performance of the attack. To do so, we design a Screen Image Transformation Network (SIT-Net), which simulates environmental effects on the displayed images, narrowing the gap between simulated and real-world scenarios. Further, we integrate a positional loss term into the adversarial training process to increase the success rate of the dynamic attack. Finally, we shift the focus from merely attacking perceptual systems to influencing the decision-making algorithms of self-driving systems. Our experiments demonstrate the first successful implementation of such dynamic adversarial attacks in real-world autonomous driving scenarios, paving the way for advancements in the field of robust and secure autonomous driving.

Robotics,Computer Vision and Pattern Recognition,Machine Learning

Saurabh Jha,Shengkun Cui,Subho S. Banerjee,Timothy Tsai,Zbigniew Kalbarczyk,Ravi Iyer

DOI: https://doi.org/10.48550/arXiv.2004.13004

2020-06-13

Abstract:Ensuring the safety of autonomous vehicles (AVs) is critical for their mass deployment and public adoption. However, security attacks that violate safety constraints and cause accidents are a significant deterrent to achieving public trust in AVs, and that hinders a vendor's ability to deploy AVs. Creating a security hazard that results in a severe safety compromise (for example, an accident) is compelling from an attacker's perspective. In this paper, we introduce an attack model, a method to deploy the attack in the form of smart malware, and an experimental evaluation of its impact on production-grade autonomous driving software. We find that determining the time interval during which to launch the attack is{ critically} important for causing safety hazards (such as collisions) with a high degree of success. For example, the smart malware caused 33X more forced emergency braking than random attacks did, and accidents in 52.6% of the driving simulations.

Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning,Robotics

Vipin Kumar Kukkala,Sooryaa Vignesh Thiruloga,Sudeep Pasricha

DOI: https://doi.org/10.48550/arXiv.2201.10349

2022-01-20

Abstract:Autonomous vehicles are on the horizon and will be transforming transportation safety and comfort. These vehicles will be connected to various external systems and utilize advanced embedded systems to perceive their environment and make intelligent decisions. However, this increased connectivity makes these vehicles vulnerable to various cyber-attacks that can have catastrophic effects. Attacks on automotive systems are already on the rise in today's vehicles and are expected to become more commonplace in future autonomous vehicles. Thus, there is a need to strengthen cybersecurity in future autonomous vehicles. In this article, we discuss major automotive cyber-attacks over the past decade and present state-of-the-art solutions that leverage artificial intelligence (AI). We propose a roadmap towards building secure autonomous vehicles and highlight key open challenges that need to be addressed.

Cryptography and Security,Artificial Intelligence,Machine Learning

Tong Wang,Gang Zhao,Huan Deng,Hu Li,Qianjin Du,Zhan Hu,Xiaohui Kuang

DOI: https://doi.org/10.1109/ISCC58397.2023.10218291

2023-07-09

Abstract:Deep learning-based autonomous driving systems have been extensively researched due to their superior performance compared to traditional methods. Specifically, end-to-end deep learning systems have been developed, which directly output control signals for vehicles using various sensor inputs. However, deep learning techniques are vulnerable to security issues, generating adversarial examples that can attack the output of the relevant model. This paper proposes an adversarial example generation method that applies a patch to pedestrians' clothing, which can generate dangerous behaviors when the pedestrian appears within the camera lens, thereby attacking the end-to-end autonomous driving system. The proposed method is validated using the CARLA simulator, and the results demonstrate successful attacks in various weather and lighting conditions, exposing the security vulnerabilities of this type of system. This study highlights the need for further research to address these vulnerabilities and ensure the safety of autonomous driving systems.

Engineering,Computer Science

John Oluwafemi Ogun,Segun Philip Olupinla

DOI: https://doi.org/10.30574/wjaets.2024.13.1.0459

2024-10-30

World Journal of Advanced Engineering Technology and Sciences

Abstract:Cyber-attacks targeting supply chains represent a significant and increasing risk for small and medium-sized businesses (SMBs) in the United States. This paper examines the role of machine learning (ML) and artificial intelligence (AI) in detecting and mitigating these cybersecurity threats. Key challenges faced by SMBs include high implementation costs, a shortage of skilled personnel, inadequate data quality, and the complexity of integrating advanced technologies into existing systems. Despite these hurdles, the paper identifies strategic approaches that can empower SMBs to effectively leverage ML and AI, including affordable solutions, targeted training, and improved data management practices. It emphasizes the importance of addressing privacy and usability concerns to facilitate successful technology adoption. Recommendations include pursuing cost-effective, subscription-based AI and ML models, utilizing government incentives, and enhancing workforce skills through training and partnerships. Additionally, collaboration with larger organizations can improve data management and system efficacy. By implementing robust protective measures and increasing awareness through educational initiatives, SMBs can strengthen their cybersecurity posture and better navigate the evolving landscape of cyber threats.

Ahmed Dawod Mohammed Ibrahum,Manzoor Hussain,Jang-Eui Hong

DOI: https://doi.org/10.1007/s10462-024-11014-8

IF: 9.588

2024-11-28

Artificial Intelligence Review

Abstract:The integration of Deep Learning (DL) algorithms in Autonomous Vehicles (AVs) has revolutionized their precision in navigating various driving scenarios, ranging from anti-fatigue safe driving to intelligent route planning. Despite their proven effectiveness, concerns regarding the safety and reliability of DL algorithms in AVs have emerged, particularly in light of the escalating threat of adversarial attacks, as emphasized by recent research. These digital or physical attacks present formidable challenges to AV safety, relying extensively on collecting and interpreting environmental data through integrated sensors and DL. This paper addresses this pressing issue through a systematic survey that meticulously explores robust adversarial attacks and defenses, specifically focusing on DL in AVs from a safety perspective. Going beyond a review of existing research papers on adversarial attacks and defenses, the paper introduces a safety scenarios taxonomy matrix Inspired by SOTIF designed to augment the safety of DL in AVs. This matrix categorizes safety scenarios into four distinct areas and classifies attacks into those areas in three scenarios, along with two defense scenarios. Furthermore, the paper investigates the testing and evaluation measurements critical for assessing attacks in the context of DL for AVs. It further explores the dynamic landscape of datasets and simulation platforms. This contribution significantly enriches the ongoing discourse surrounding the assurance of safety and reliability in autonomous vehicles, especially in the face of continually evolving adversarial challenges.

computer science, artificial intelligence

Ivan A. Fernandez,Subash Neupane,Trisha Chakraborty,Shaswata Mitra,Sudip Mittal,Nisha Pillai,Jingdao Chen,Shahram Rahimi

2024-06-27

Abstract:Industry 4.0 has witnessed the rise of complex robots fueled by the integration of Artificial Intelligence/Machine Learning (AI/ML) and Digital Twin (DT) technologies. While these technologies offer numerous benefits, they also introduce potential privacy and security risks. This paper surveys privacy attacks targeting robots enabled by AI and DT models. Exfiltration and data leakage of ML models are discussed in addition to the potential extraction of models derived from first-principles (e.g., physics-based). We also discuss design considerations with DT-integrated robotics touching on the impact of ML model training, responsible AI and DT safeguards, data governance and ethical considerations on the effectiveness of these attacks. We advocate for a trusted autonomy approach, emphasizing the need to combine robotics, AI, and DT technologies with robust ethical frameworks and trustworthiness principles for secure and reliable AI robotic systems.

Robotics,Artificial Intelligence

Francesco Marchiori,Alessandro Brighente,Mauro Conti

2024-05-14

Abstract:Autonomous driving is a research direction that has gained enormous traction in the last few years thanks to advancements in Artificial Intelligence (AI). Depending on the level of independence from the human driver, several studies show that Autonomous Vehicles (AVs) can reduce the number of on-road crashes and decrease overall fuel emissions by improving efficiency. However, security research on this topic is mixed and presents some gaps. On one hand, these studies often neglect the intrinsic vulnerabilities of AI algorithms, which are known to compromise the security of these systems. On the other, the most prevalent attacks towards AI rely on unrealistic assumptions, such as access to the model parameters or the training dataset. As such, it is unclear if autonomous driving can still claim several advantages over human driving in real-world applications. This paper evaluates the inherent risks in autonomous driving by examining the current landscape of AVs and establishing a pragmatic threat model. Through our analysis, we develop specific claims highlighting the delicate balance between the advantages of AVs and potential security challenges in real-world scenarios. Our evaluation serves as a foundation for providing essential takeaway messages, guiding both researchers and practitioners at various stages of the automation pipeline. In doing so, we contribute valuable insights to advance the discourse on the security and viability of autonomous driving in real-world applications.

Cryptography and Security

Tianyi Li,Mingfeng Shang,Shian Wang,Raphael Stern

DOI: https://doi.org/10.48550/arXiv.2310.17091

2023-10-26

Multiagent Systems

Abstract:With the advent of vehicles equipped with advanced driver-assistance systems, such as adaptive cruise control (ACC) and other automated driving features, the potential for cyberattacks on these automated vehicles (AVs) has emerged. While overt attacks that force vehicles to collide may be easily identified, more insidious attacks, which only slightly alter driving behavior, can result in network-wide increases in congestion, fuel consumption, and even crash risk without being easily detected. To address the detection of such attacks, we first present a traffic model framework for three types of potential cyberattacks: malicious manipulation of vehicle control commands, false data injection attacks on sensor measurements, and denial-of-service (DoS) attacks. We then investigate the impacts of these attacks at both the individual vehicle (micro) and traffic flow (macro) levels. A novel generative adversarial network (GAN)-based anomaly detection model is proposed for real-time identification of such attacks using vehicle trajectory data. We provide numerical evidence {to demonstrate} the efficacy of our machine learning approach in detecting cyberattacks on ACC-equipped vehicles. The proposed method is compared against some recently proposed neural network models and observed to have higher accuracy in identifying anomalous driving behaviors of ACC vehicles.

Lu Wang,Tianyuan Zhang,Yikai Han,Muyang Fang,Ting Jin,Jiaqi Kang

2024-09-12

Abstract:With recent breakthroughs in deep neural networks, numerous tasks within autonomous driving have exhibited remarkable performance. However, deep learning models are susceptible to adversarial attacks, presenting significant security risks to autonomous driving systems. Presently, end-to-end architectures have emerged as the predominant solution for autonomous driving, owing to their collaborative nature across different tasks. Yet, the implications of adversarial attacks on such models remain relatively unexplored. In this paper, we conduct comprehensive adversarial security research on the modular end-to-end autonomous driving model for the first time. We thoroughly consider the potential vulnerabilities in the model inference process and design a universal attack scheme through module-wise noise injection. We conduct large-scale experiments on the full-stack autonomous driving model and demonstrate that our attack method outperforms previous attack methods. We trust that our research will offer fresh insights into ensuring the safety and reliability of autonomous driving systems.

Machine Learning,Artificial Intelligence

Iwona Chomiak-Orsa,Artur Rot,Bartosz Blaicke

DOI: https://doi.org/10.1007/978-3-030-28374-2_35

2019-01-01

Abstract:The current challenge with defense against cyberattacks is that the speed and quantity of threats often outpace human-centered cyber defense capabilities. That is why a new Artificial Intelligence driven approach may enhance the effectiveness of security controls. However, it can also be used by adversaries to create more sophisticated and adaptable attack mechanisms. Distinguishing three key AI capabilities (knowledge acquisition, human-like perception and decision making), the goal of this paper is to assert where within the cyber kill chain have AI capabilities already been applied, and which phase holds the greatest near-term potential given recent developments and publications. Based on literature review, authors see the strongest potential for deploying AI capabilities during the reconnaissance, intrusion, privilege escalation and data exfiltration steps of the cyber kill chain with other uses being deployed in the remaining steps.