Model-Agnostic Defense for Lane Detection against Adversarial Attack

Abstract: The modularity carries the additional benefit of being lane detection model-agnostic, paving a path for integration into any lane detection pipeline. Given the constant improvement and refinement of lane detection techniques, detaching our defense from a particular architecture allows it to remain viable as the underlying methods become more sophisticated.

“…It is unknown whether we can spoof the LiDAR to achieve the same result. (2) Attacks based on camera spoofing (AF13, 14,16,[36][37][38] or LiDAR spoofing (AF5, 6,8,[39][40][41]. They are built on the assumption that the SLAM function can be fooled to re-localize the RV to a false position.…”

“…Then the RV will mistakenly think a new location is visited before, and mis-estimate its location. This can lead to a series of spoofing attacks (AF5, 6,8,13,14,16,[36][37][38][39][40][41]. Experiments.…”

“…Existing works on sensor spoofing attacks fall into two main categories. (1) Perception-level attacks [18]- [37] target one particular perception function to make it estimate incorrect states. (2) Vehicle-level attacks [6], [38]- [78] consider not only fooling the perception function, but also propagating the wrong state estimates towards the subsequent stages and final actions.…”

SoK: Rethinking Sensor Spoofing Attacks against Robotic Vehicles from a Systematic View

“…It is unknown whether we can spoof the LiDAR to achieve the same result. (2) Attacks based on camera spoofing (AF13, 14,16,[36][37][38] or LiDAR spoofing (AF5, 6,8,[39][40][41]. They are built on the assumption that the SLAM function can be fooled to re-localize the RV to a false position.…”

“…Then the RV will mistakenly think a new location is visited before, and mis-estimate its location. This can lead to a series of spoofing attacks (AF5, 6,8,13,14,16,[36][37][38][39][40][41]. Experiments.…”

“…Existing works on sensor spoofing attacks fall into two main categories. (1) Perception-level attacks [18]- [37] target one particular perception function to make it estimate incorrect states. (2) Vehicle-level attacks [6], [38]- [78] consider not only fooling the perception function, but also propagating the wrong state estimates towards the subsequent stages and final actions.…”

SoK: Rethinking Sensor Spoofing Attacks against Robotic Vehicles from a Systematic View

“…First, we propose two novel types of attacks, i.e., Direct-attack and Indirect-attack for the decision-making module, leveraging the interaction between the ego vehicle and non-playable characters (NPCs), Past works from both academia and industry have shown that ADSs are vulnerable to various attacks. However, the majority of works focus on attacking the AI models in the perception module [3][4][5][6][7][8][9][10][11][12][13][14][15]. There are relatively fewer works exploring the vulnerability of the decision-making module, which may cause a more straightforward and severe detrimental influence on the motion of the vehicle, as the generated wrong trajectory will directly act on the vehicle's motion.…”

“…Any uncertainty of failure in these modules will lead to undesired driving behaviors, causing serious catastrophes, such as collisions and life threats. For example, multiple efforts have demonstrated that the perception module is easily affected by physical adversarial attacks, an attacker can add a paper sticker to traffic signs to mislead the camera perception models [3][4][5][6][7][8][9][10][11][12][13][14][15], or he can place an optimized traffic cone to fool the Multiple-sensor Fusion (MSF) perception module [16]. Recently, some work target prediction submodule in the decision-making module to cause the victim AV to generate a trajectory is unsafe by crafting false historical trajectory of passer-by vehicles [17][18][19].…”

Security investigation of autonomous driving systems

SoK: Rethinking Sensor Spoofing Attacks against Robotic Vehicles from a Systematic View