Security investigation of autonomous driving systems
Autonomous Driving (AD) represents a breakthrough technology with immense potential to make our transportation more intelligent, as many Autonomous Vehicles (AV) are already deployed into real products on public roads. The brain of an AV is the Autonomous Driving System (ADS), which relies on a comb...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Thesis-Doctor of Philosophy |
Language: | English |
Published: |
Nanyang Technological University
2024
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/173908 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-173908 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1739082024-04-09T03:58:57Z Security investigation of autonomous driving systems Han, Xingshuo Zhang Tianwei School of Computer Science and Engineering tianwei.zhang@ntu.edu.sg Computer and Information Science Autonomous Driving (AD) represents a breakthrough technology with immense potential to make our transportation more intelligent, as many Autonomous Vehicles (AV) are already deployed into real products on public roads. The brain of an AV is the Autonomous Driving System (ADS), which relies on a combination of sensors and various machine learning algorithms to perceive the environment, make decisions, and navigate safely. However, real-world scenarios are complex and dynamic, with numerous factors that can affect the performance of ADS. Adver- sarial attacks, including training-time adversarial attacks (i.e., backdoor attacks) and testing-time adversarial attacks, have emerged as a destructive means of com- promising AV. Nonetheless, current research lacks a comprehensive evaluation of its effectiveness and robustness in physical environments. Furthermore, there is still a huge room for improvement in the current defense methods against physical adversarial attacks against ADS. However, due to the complexity of ADS, conducting a comprehensive evaluation poses significant challenges. To address this challenge, my thesis focuses on the systematic analysis of building secure ADS through evaluation in both simulator and real-world environments. This involves holistic testing and assessment of ADS, using realistic attacks, and actively discovering new security issues. To achieve this goal, my thesis first evaluates the performance of existing physical adversarial attacks in real-world settings, summarizing new insights and identifying new attack surfaces and methods. Specifically, we introduce BatAV, a comprehen- sive platform for benchmarking physical backdoor attacks to ADS perception. To uncover new vulnerabilities of ADS, we develop STFA, a dynamic physical world vulnerability testing platform for the ADS decision-making module. Based on this, we demonstrate that some existing adversarial attacks and vulnerabilities proposed by us could pose significant dangers to AVs. Subsequently, various studies have investigated adversarial attacks on the perception modules in ADS. Therefore, our second focus is on developing novel defense mechanisms against adversarial attacks on ADS. To have a deep understanding of physical adversarial attacks, we comprehensively evaluate 9 state-of-the-art methods in real-world scenarios. Based on that, we introduce two novel defense methods: (1) ADS-Lead, an effective collaborative anomaly detection method to safeguard ADS lane-following mechanisms. (2) VisionGuard, a unified defense framework capable of detecting and mitigating various physical adversarial attacks on ADS perception. Both defense measures utilize positioning and navigation sensors (e.g., GPS, IMU) to defend against attacks on visual sensors (e.g., cameras, LiDAR). In summary, this thesis is committed to evaluating existing adversarial attack methods, finding new vulnerabilities and attack surfaces, and designing novel ADS defense methods to build a secure ADS. Doctor of Philosophy 2024-03-06T03:57:44Z 2024-03-06T03:57:44Z 2024 Thesis-Doctor of Philosophy Han, X. (2024). Security investigation of autonomous driving systems. Doctoral thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/173908 https://hdl.handle.net/10356/173908 10.32657/10356/173908 en This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0). application/pdf Nanyang Technological University |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Computer and Information Science |
spellingShingle |
Computer and Information Science Han, Xingshuo Security investigation of autonomous driving systems |
description |
Autonomous Driving (AD) represents a breakthrough technology with immense potential to make our transportation more intelligent, as many Autonomous Vehicles (AV) are already deployed into real products on public roads. The brain of an AV is the Autonomous Driving System (ADS), which relies on a combination of sensors and various machine learning algorithms to perceive the environment, make decisions, and navigate safely. However, real-world scenarios are complex and dynamic, with numerous factors that can affect the performance of ADS. Adver- sarial attacks, including training-time adversarial attacks (i.e., backdoor attacks) and testing-time adversarial attacks, have emerged as a destructive means of com- promising AV. Nonetheless, current research lacks a comprehensive evaluation of its effectiveness and robustness in physical environments. Furthermore, there is still a huge room for improvement in the current defense methods against physical adversarial attacks against ADS.
However, due to the complexity of ADS, conducting a comprehensive evaluation poses significant challenges. To address this challenge, my thesis focuses on the systematic analysis of building secure ADS through evaluation in both simulator and real-world environments. This involves holistic testing and assessment of ADS, using realistic attacks, and actively discovering new security issues.
To achieve this goal, my thesis first evaluates the performance of existing physical adversarial attacks in real-world settings, summarizing new insights and identifying new attack surfaces and methods. Specifically, we introduce BatAV, a comprehen- sive platform for benchmarking physical backdoor attacks to ADS perception. To uncover new vulnerabilities of ADS, we develop STFA, a dynamic physical world vulnerability testing platform for the ADS decision-making module. Based on this, we demonstrate that some existing adversarial attacks and vulnerabilities proposed by us could pose significant dangers to AVs.
Subsequently, various studies have investigated adversarial attacks on the perception modules in ADS. Therefore, our second focus is on developing novel defense mechanisms against adversarial attacks on ADS. To have a deep understanding of physical adversarial attacks, we comprehensively evaluate 9 state-of-the-art methods in real-world scenarios. Based on that, we introduce two novel defense methods: (1) ADS-Lead, an effective collaborative anomaly detection method to safeguard ADS lane-following mechanisms. (2) VisionGuard, a unified defense framework capable of detecting and mitigating various physical adversarial attacks on ADS perception. Both defense measures utilize positioning and navigation sensors (e.g., GPS, IMU) to defend against attacks on visual sensors (e.g., cameras, LiDAR).
In summary, this thesis is committed to evaluating existing adversarial attack methods, finding new vulnerabilities and attack surfaces, and designing novel ADS defense methods to build a secure ADS. |
author2 |
Zhang Tianwei |
author_facet |
Zhang Tianwei Han, Xingshuo |
format |
Thesis-Doctor of Philosophy |
author |
Han, Xingshuo |
author_sort |
Han, Xingshuo |
title |
Security investigation of autonomous driving systems |
title_short |
Security investigation of autonomous driving systems |
title_full |
Security investigation of autonomous driving systems |
title_fullStr |
Security investigation of autonomous driving systems |
title_full_unstemmed |
Security investigation of autonomous driving systems |
title_sort |
security investigation of autonomous driving systems |
publisher |
Nanyang Technological University |
publishDate |
2024 |
url |
https://hdl.handle.net/10356/173908 |
_version_ |
1806059836285124608 |