Attacks and Defenses for Autonomous Driving Intelligence Models
In recent years,artificial intelligence(AI)technologies,notably deep learning algorithms,have ushered in significant innovations across various facets of human existence.One prominent domain benefiting from these advancements is autonomous driving.Intelligent vehicles equipped with autonomous driving systems have gradually integrated into people's daily lives,emerging as pivotal tools that enhance productivity and redefine transportation paradigms.However,the surge in traffic safety incidents in recent years has served as a stark warning,signaling that artificial intelligence models within autonomous driving systems are susceptible to potential safety hazards and risks.This reality poses a significant threat to the safety of people's lives and properties.This paper reviews previous research works related to intelligent attack and corresponding defense works to reveal the security risks of autonomous driving systems in the physical world,and summarizes the corresponding defense strategies.Specifically,we first introduce in this paper the security risk model for autonomous driving systems that includes attack surfaces,attack capa-bilities,and attack goals.The main workflow of the autonomous driving system can be grouped into three layers.The autonomous driving system first takes the information about the nearby environment gathered by the sensor layer as input,and then processes the data through the perception layer equipped with intelligent models to extract key information such as obstacles,traffic signs,traffic lights and lane lines.Subsequently,the decision layer predicts the movement trajectories of the surrounding obstacles and plans the travel path of the autonomous vehicle based on the extracted information.In this process,the attacker could use different physical attacks to execute attacks against the intelligent model,thus posing a huge security risk.Building upon the known attack intelligence of the attacker,we categorize attacks into three types:white-box,gray-box,and black-box attacks.Furthermore,considering the diverse methods of interference available to attackers,we classify the attacks into two main categories:physical world attacks and sensor injection attacks.Secondly,for the three key functional layers of the autonomous driving system including sensor layer,perception layer and decision layer,this paper summarizes and analyzes the corresponding attack methods as well as defense countermeasures depending on the victim intelligent models and methods of attack,and discusses the limitations of the existing methods.Finally,this paper discusses and outlooks the difficulties and challenges of attack and defense technologies for autonomous driving intelligent models,and indicates potential future research directions and development trends.We propose that the absence of comprehensive and objective evaluation criteria for physical countermeasure attacks,coupled with the limited feasi-bility studies on physical attacks and research gaps in system-level attack methodologies,pose challenges and point towards future research directions in the current landscape of intelligent model attacks in autonomous driving.Moreover,the current research on defense countermeasures remains relatively scant,and the development of defense strategies in the physical realm holds great promise as a research avenue for the future.Addressing these gaps in both attack and defense methodologies will contribute substantially to the robustness and security of the intelligent models in autonomous driving.
autonomous driving securityartificial intelligence securitycyber-physical system securityphysical adversarial attackdefense strategy
NETL
NSTL
万方数据
