Security investigation of autonomous driving systems

Autonomous Driving (AD) represents a breakthrough technology with immense potential to make our transportation more intelligent, as many Autonomous Vehicles (AV) are already deployed into real products on public roads. The brain of an AV is the Autonomous Driving System (ADS), which relies on a comb...

Full description

Saved in:
Bibliographic Details
Main Author: Han, Xingshuo
Other Authors: Zhang Tianwei
Format: Thesis-Doctor of Philosophy
Language:English
Published: Nanyang Technological University 2024
Subjects:
Online Access:https://hdl.handle.net/10356/173908
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-173908
record_format dspace
spelling sg-ntu-dr.10356-1739082024-04-09T03:58:57Z Security investigation of autonomous driving systems Han, Xingshuo Zhang Tianwei School of Computer Science and Engineering tianwei.zhang@ntu.edu.sg Computer and Information Science Autonomous Driving (AD) represents a breakthrough technology with immense potential to make our transportation more intelligent, as many Autonomous Vehicles (AV) are already deployed into real products on public roads. The brain of an AV is the Autonomous Driving System (ADS), which relies on a combination of sensors and various machine learning algorithms to perceive the environment, make decisions, and navigate safely. However, real-world scenarios are complex and dynamic, with numerous factors that can affect the performance of ADS. Adver- sarial attacks, including training-time adversarial attacks (i.e., backdoor attacks) and testing-time adversarial attacks, have emerged as a destructive means of com- promising AV. Nonetheless, current research lacks a comprehensive evaluation of its effectiveness and robustness in physical environments. Furthermore, there is still a huge room for improvement in the current defense methods against physical adversarial attacks against ADS. However, due to the complexity of ADS, conducting a comprehensive evaluation poses significant challenges. To address this challenge, my thesis focuses on the systematic analysis of building secure ADS through evaluation in both simulator and real-world environments. This involves holistic testing and assessment of ADS, using realistic attacks, and actively discovering new security issues. To achieve this goal, my thesis first evaluates the performance of existing physical adversarial attacks in real-world settings, summarizing new insights and identifying new attack surfaces and methods. Specifically, we introduce BatAV, a comprehen- sive platform for benchmarking physical backdoor attacks to ADS perception. To uncover new vulnerabilities of ADS, we develop STFA, a dynamic physical world vulnerability testing platform for the ADS decision-making module. Based on this, we demonstrate that some existing adversarial attacks and vulnerabilities proposed by us could pose significant dangers to AVs. Subsequently, various studies have investigated adversarial attacks on the perception modules in ADS. Therefore, our second focus is on developing novel defense mechanisms against adversarial attacks on ADS. To have a deep understanding of physical adversarial attacks, we comprehensively evaluate 9 state-of-the-art methods in real-world scenarios. Based on that, we introduce two novel defense methods: (1) ADS-Lead, an effective collaborative anomaly detection method to safeguard ADS lane-following mechanisms. (2) VisionGuard, a unified defense framework capable of detecting and mitigating various physical adversarial attacks on ADS perception. Both defense measures utilize positioning and navigation sensors (e.g., GPS, IMU) to defend against attacks on visual sensors (e.g., cameras, LiDAR). In summary, this thesis is committed to evaluating existing adversarial attack methods, finding new vulnerabilities and attack surfaces, and designing novel ADS defense methods to build a secure ADS. Doctor of Philosophy 2024-03-06T03:57:44Z 2024-03-06T03:57:44Z 2024 Thesis-Doctor of Philosophy Han, X. (2024). Security investigation of autonomous driving systems. Doctoral thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/173908 https://hdl.handle.net/10356/173908 10.32657/10356/173908 en This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0). application/pdf Nanyang Technological University
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Computer and Information Science
spellingShingle Computer and Information Science
Han, Xingshuo
Security investigation of autonomous driving systems
description Autonomous Driving (AD) represents a breakthrough technology with immense potential to make our transportation more intelligent, as many Autonomous Vehicles (AV) are already deployed into real products on public roads. The brain of an AV is the Autonomous Driving System (ADS), which relies on a combination of sensors and various machine learning algorithms to perceive the environment, make decisions, and navigate safely. However, real-world scenarios are complex and dynamic, with numerous factors that can affect the performance of ADS. Adver- sarial attacks, including training-time adversarial attacks (i.e., backdoor attacks) and testing-time adversarial attacks, have emerged as a destructive means of com- promising AV. Nonetheless, current research lacks a comprehensive evaluation of its effectiveness and robustness in physical environments. Furthermore, there is still a huge room for improvement in the current defense methods against physical adversarial attacks against ADS. However, due to the complexity of ADS, conducting a comprehensive evaluation poses significant challenges. To address this challenge, my thesis focuses on the systematic analysis of building secure ADS through evaluation in both simulator and real-world environments. This involves holistic testing and assessment of ADS, using realistic attacks, and actively discovering new security issues. To achieve this goal, my thesis first evaluates the performance of existing physical adversarial attacks in real-world settings, summarizing new insights and identifying new attack surfaces and methods. Specifically, we introduce BatAV, a comprehen- sive platform for benchmarking physical backdoor attacks to ADS perception. To uncover new vulnerabilities of ADS, we develop STFA, a dynamic physical world vulnerability testing platform for the ADS decision-making module. Based on this, we demonstrate that some existing adversarial attacks and vulnerabilities proposed by us could pose significant dangers to AVs. Subsequently, various studies have investigated adversarial attacks on the perception modules in ADS. Therefore, our second focus is on developing novel defense mechanisms against adversarial attacks on ADS. To have a deep understanding of physical adversarial attacks, we comprehensively evaluate 9 state-of-the-art methods in real-world scenarios. Based on that, we introduce two novel defense methods: (1) ADS-Lead, an effective collaborative anomaly detection method to safeguard ADS lane-following mechanisms. (2) VisionGuard, a unified defense framework capable of detecting and mitigating various physical adversarial attacks on ADS perception. Both defense measures utilize positioning and navigation sensors (e.g., GPS, IMU) to defend against attacks on visual sensors (e.g., cameras, LiDAR). In summary, this thesis is committed to evaluating existing adversarial attack methods, finding new vulnerabilities and attack surfaces, and designing novel ADS defense methods to build a secure ADS.
author2 Zhang Tianwei
author_facet Zhang Tianwei
Han, Xingshuo
format Thesis-Doctor of Philosophy
author Han, Xingshuo
author_sort Han, Xingshuo
title Security investigation of autonomous driving systems
title_short Security investigation of autonomous driving systems
title_full Security investigation of autonomous driving systems
title_fullStr Security investigation of autonomous driving systems
title_full_unstemmed Security investigation of autonomous driving systems
title_sort security investigation of autonomous driving systems
publisher Nanyang Technological University
publishDate 2024
url https://hdl.handle.net/10356/173908
_version_ 1806059836285124608