Security investigation of autonomous driving systems

Autonomous Driving (AD) represents a breakthrough technology with immense potential to make our transportation more intelligent, as many Autonomous Vehicles (AV) are already deployed into real products on public roads. The brain of an AV is the Autonomous Driving System (ADS), which relies on a comb...

Full description

Saved in:
Bibliographic Details
Main Author: Han, Xingshuo
Other Authors: Zhang Tianwei
Format: Thesis-Doctor of Philosophy
Language:English
Published: Nanyang Technological University 2024
Subjects:
Online Access:https://hdl.handle.net/10356/173908
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:Autonomous Driving (AD) represents a breakthrough technology with immense potential to make our transportation more intelligent, as many Autonomous Vehicles (AV) are already deployed into real products on public roads. The brain of an AV is the Autonomous Driving System (ADS), which relies on a combination of sensors and various machine learning algorithms to perceive the environment, make decisions, and navigate safely. However, real-world scenarios are complex and dynamic, with numerous factors that can affect the performance of ADS. Adver- sarial attacks, including training-time adversarial attacks (i.e., backdoor attacks) and testing-time adversarial attacks, have emerged as a destructive means of com- promising AV. Nonetheless, current research lacks a comprehensive evaluation of its effectiveness and robustness in physical environments. Furthermore, there is still a huge room for improvement in the current defense methods against physical adversarial attacks against ADS. However, due to the complexity of ADS, conducting a comprehensive evaluation poses significant challenges. To address this challenge, my thesis focuses on the systematic analysis of building secure ADS through evaluation in both simulator and real-world environments. This involves holistic testing and assessment of ADS, using realistic attacks, and actively discovering new security issues. To achieve this goal, my thesis first evaluates the performance of existing physical adversarial attacks in real-world settings, summarizing new insights and identifying new attack surfaces and methods. Specifically, we introduce BatAV, a comprehen- sive platform for benchmarking physical backdoor attacks to ADS perception. To uncover new vulnerabilities of ADS, we develop STFA, a dynamic physical world vulnerability testing platform for the ADS decision-making module. Based on this, we demonstrate that some existing adversarial attacks and vulnerabilities proposed by us could pose significant dangers to AVs. Subsequently, various studies have investigated adversarial attacks on the perception modules in ADS. Therefore, our second focus is on developing novel defense mechanisms against adversarial attacks on ADS. To have a deep understanding of physical adversarial attacks, we comprehensively evaluate 9 state-of-the-art methods in real-world scenarios. Based on that, we introduce two novel defense methods: (1) ADS-Lead, an effective collaborative anomaly detection method to safeguard ADS lane-following mechanisms. (2) VisionGuard, a unified defense framework capable of detecting and mitigating various physical adversarial attacks on ADS perception. Both defense measures utilize positioning and navigation sensors (e.g., GPS, IMU) to defend against attacks on visual sensors (e.g., cameras, LiDAR). In summary, this thesis is committed to evaluating existing adversarial attack methods, finding new vulnerabilities and attack surfaces, and designing novel ADS defense methods to build a secure ADS.