SoK: On the Semantic AI Security in Autonomous Driving

Shen, Junjie; Wang, Ningfei; Wan, Ziwen; Luo, Yunpeng; Sato, Takami; Hu, Zhisheng; Zhang, Xinyang; Guo, Song; Zhong, Zhenyu; Li, Kang; Zhao, Ziming; Qiao, Chunming; Chen, Qi Alfred

doi:10.48550/arxiv.2203.05314

Cited by 5 publications

(13 citation statements)

References 90 publications

(231 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Notably, the literature has not thoroughly evaluated the robustness of commercial e-commerce ranking systems or delineated the distinction between real-world and manipulated queries. Commercial ranking systems, such as Google or Amazon, often exhibit greater robustness than standalone ML models [12,44,53]. For example, these systems usually include query rewrite, auto-completion, and search facet to create a smooth search journey, which can potentially avoid the robustness problem from tweaking characters [27] in the input.…”

Section: Methodology 31 Ranking Modelmentioning

confidence: 99%

“…Thus, recent research has focused on ranking robustness by generating adversarial examples to evaluate the model's response disparities [15,28,30,31]. However, these works have limitations: ignore evaluation in commercialized ranking systems, which is generally more robust than ML models [12,44,53], and fail to substantiate the relevance between realworld and manipulated queries. To overcome the first limitation above, we perform the first systematic investigation into the robustness of a leading commercialized e-commerce ranking system.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Towards Robustness Analysis of E-Commerce Ranking System

Wang,

Huang,

Cheng

et al. 2024

Companion Proceedings of the ACM Web Conference 2024

View full text Add to dashboard Cite

Information retrieval (IR) is a pivotal component in various applications. Recent advances in machine learning (ML) have enabled the integration of ML algorithms into IR, particularly in ranking systems. While there is a plethora of research on the robustness of ML-based ranking systems, these studies largely neglect commercial e-commerce systems and fail to establish a connection between real-world and manipulated query relevance. In this paper, we present the first systematic measurement study on the robustness of e-commerce ranking systems. We define robustness as the consistency of ranking outcomes for semantically identical queries. To quantitatively analyze robustness, we propose a novel metric that considers both ranking position and item-specific information that are absent in existing metrics. Our large-scale measurement study with real-world data from e-commerce retailers reveals an open opportunity to measure and improve robustness since semantically identical queries often yield inconsistent ranking results. Based on our observations, we propose several solution directions to enhance robustness, such as the use of Large Language Models. Note that the issue of robustness discussed herein does not constitute an error or oversight. Rather, in scenarios where there exists a vast array of choices, it is feasible to present a multitude of products in various permutations, all of which could be equally appealing. However, this extensive selection may lead to customer confusion. As e-commerce retailers use various techniques to improve the quality of search results, we hope that this research offers valuable guidance for measuring the robustness of the ranking systems.

show abstract

Section: Methodology 31 Ranking Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Towards Robustness Analysis of E-Commerce Ranking System

Wang,

Huang,

Cheng

et al. 2024

Companion Proceedings of the ACM Web Conference 2024

View full text Add to dashboard Cite

show abstract

“…However, we found that system-level evaluation is generally lacking in existing works. Specifically, one of our ongoing works analyzes recent AI security and safety works [36] aimed at creating system-level impact on AD systems in recent 5 years published in commonly-recognized top-tier venues [2] in closely-related fields to AD AI (i.e., security, Computer Vision (CV), Machine Learning (ML), AI, and robotics), as well as a few well-known works published in arXiv and other venues based on our best knowledge. Particularly, for the top-tier venues, we exhaustively search over the paper lists from 2017 to 2021 to find the ones that fall into our scope above.…”

Section: Workhop On Automotive and Autonomous Vehicle Security (Autos...mentioning

confidence: 99%

PASS: A System-Driven Evaluation Platform for Autonomous Driving Safety and Security

Hu¹,

Shen²,

Guo³

et al. 2022

Proceedings Fourth International Workshop on Automotive and Autonomous Vehicle Security

View full text Add to dashboard Cite

Safety and security play critical roles for the success of Autonomous Driving (AD) systems. Since AD systems heavily rely on AI components, the safety and security research of such components has also received great attention in recent years. While it is widely recognized that AI component-level (mis)behavior does not necessarily lead to AD system-level impacts, most of existing work still only adopts component-level evaluation. To fill such critical scientific methodology-level gap from component-level to real system-level impact, a system-driven evaluation platform jointly constructed by the community could be the solution. In this paper, we present P ASS (Platform for Auto-driving Safety and Security), a system-driven evaluation prototype based on simulation. By sharing our platform building concept and preliminary efforts, we hope to call on the community to build a uniform and extensible platform to make AI safety and security work sufficiently meaningful at the system level.

show abstract

“…For these vehicles, camera-based perception is pivotal, enabling them to detect real-time environmental objects such as pedestrians to ensure safety. Given its significance for safety and security, various prior works (Cao et al 2021;Shen et al 2022;Sato et al 2021a;Wang et al 2023) have studied its security, especially on integrity such as making the object vanished or changing the label of the objects to cause traffic rule violations or safety hazards. We refer to these as system-level effects throughout this paper.…”

Section: Introductionmentioning

confidence: 99%

“…While some existing AD security analysis has studied availability in object detection (Shapira et al 2023;Chen et al 2023), they do not encompass the entire AD perception since usually, object detection is a part of the AD perception (Jia et al 2020). In addition, in the Cyber-Physical System area, it is widely recognized that small component level errors do not necessarily lead to systemlevel effects (Shen et al 2022;Wang et al 2023). Thus, these studies leave a critical research gap: their proposed attack strategies may not be effective enough to conduct systemlevel effects in end-to-end AD systems.…”

Section: Introductionmentioning

confidence: 99%

SlowTrack: Increasing the Latency of Camera-Based Perception in Autonomous Driving Using Adversarial Examples

Ma,

Wang,

Chen

et al. 2024

AAAI

View full text Add to dashboard Cite

In Autonomous Driving (AD), real-time perception is a critical component responsible for detecting surrounding objects to ensure safe driving. While researchers have extensively explored the integrity of AD perception due to its safety and security implications, the aspect of availability (real-time performance) or latency has received limited attention. Existing works on latency-based attack have focused mainly on object detection, i.e., a component in camera-based AD perception, overlooking the entire camera-based AD perception, which hinders them to achieve effective system-level effects, such as vehicle crashes. In this paper, we propose SlowTrack, a novel framework for generating adversarial attacks to increase the execution time of camera-based AD perception. We propose a novel two-stage attack strategy along with the three new loss function designs. Our evaluation is conducted on four popular camera-based AD perception pipelines, and the results demonstrate that SlowTrack significantly outperforms existing latency-based attacks while maintaining comparable imperceptibility levels. Furthermore, we perform the evaluation on Baidu Apollo, an industry-grade full-stack AD system, and LGSVL, a production-grade AD simulator, with two scenarios to compare the system-level effects of SlowTrack and existing attacks. Our evaluation results show that the system-level effects can be significantly improved, i.e., the vehicle crash rate of SlowTrack is around 95% on average while existing works only have around 30%.

show abstract

SoK: On the Semantic AI Security in Autonomous Driving

Cited by 5 publications

References 90 publications

Towards Robustness Analysis of E-Commerce Ranking System

Towards Robustness Analysis of E-Commerce Ranking System

PASS: A System-Driven Evaluation Platform for Autonomous Driving Safety and Security

SlowTrack: Increasing the Latency of Camera-Based Perception in Autonomous Driving Using Adversarial Examples

Contact Info

Product

Resources

About