ML-Driven Malware that Targets AV Safety

Ensuring the safety of autonomous vehicles (AVs) is critical for their mass deployment and public adoption. However, security attacks that violate safety constraints and cause accidents are a significant deterrent to achieving public trust in AVs, and that hinders a vendor's ability to deploy AVs. Creating a security hazard that results in a severe safety compromise (for example, an accident) is compelling from an attacker's perspective. In this paper, we introduce an attack model, a method to deploy the attack in the form of smart malware, and an experimental evaluation of its impact on production-grade autonomous driving software. We find that determining the time interval during which to launch the attack is{ critically} important for causing safety hazards (such as collisions) with a high degree of success. For example, the smart malware caused 33X more forced emergency braking than random attacks did, and accidents in 52.6% of the driving simulations.

[1]  Ravishankar K. Iyer,et al.  ML-Based Fault Injection for Autonomous Vehicles: A Case for Bayesian Fault Injection , 2019, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[2]  Fei Hu,et al.  Detection of Faults and Attacks Including False Data Injection Attack in Smart Grid Using Kalman Filter , 2014, IEEE Transactions on Control of Network Systems.

[3]  Atul Prakash,et al.  Robust Physical-World Attacks on Machine Learning Models , 2017, ArXiv.

[4]  Atul Prakash,et al.  Robust Physical-World Attacks on Deep Learning Visual Classification , 2018, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[5]  Ch. Ramesh Babu,et al.  Internet of Vehicles: From Intelligent Grid to Autonomous Cars and Vehicular Clouds , 2016 .

[6]  Karl Johan Åström,et al.  PID Controllers: Theory, Design, and Tuning , 1995 .

[7]  Kaiming He,et al.  Faster R-CNN: Towards Real-Time Object Detection with Region Proposal Networks , 2015, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[8]  David A. Forsyth,et al.  NO Need to Worry about Adversarial Examples in Object Detection in Autonomous Vehicles , 2017, ArXiv.

[9]  Ravishankar K. Iyer,et al.  Hands Off the Wheel in Autonomous Vehicles?: A Systems Perspective on over a Million Miles of Field Data , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[10]  J. L. Roux An Introduction to the Kalman Filter , 2003 .

[11]  Ali Farhadi,et al.  YOLOv3: An Incremental Improvement , 2018, ArXiv.

[12]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[13]  Philip Koopman,et al.  Robustness Testing of Autonomy Software , 2017, 2018 IEEE/ACM 40th International Conference on Software Engineering: Software Engineering in Practice Track (ICSE-SEIP).

[14]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[15]  Ravishankar K. Iyer,et al.  AVFI: Fault Injection for Autonomous Vehicles , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W).

[16]  Xin He,et al.  Attacking Vision-based Perception in End-to-End Autonomous Driving Models , 2019, J. Syst. Archit..

[17]  Ramakant Nevatia,et al.  Robust Object Tracking by Hierarchical Association of Detection Responses , 2008, ECCV.

[18]  Eray Yağdereli,et al.  A study on cyber-security of autonomous and unmanned vehicles , 2015 .

[19]  Wenhan Luo,et al.  Multiple Object Tracking: A Review , 2014, ArXiv.

[20]  Philip Koopman,et al.  A Safety Standard Approach for Fully Autonomous Vehicles , 2019, SAFECOMP Workshops.

[21]  Tao Wei,et al.  Fooling Detection Alone is Not Enough: First Adversarial Attack against Multiple Object Tracking , 2019, ArXiv.

[22]  Nahom M. Beyene,et al.  When Autonomous Vehicles Are Hacked, Who Is Liable? , 2019 .

[23]  Iftikhar Ahmad,et al.  Classes of attacks in VANET , 2011, 2011 Saudi International Electronics, Communications and Photonics Conference (SIECPC).

[24]  Dawn Song,et al.  Robust Physical-World Attacks on Deep Learning Models , 2017, 1707.08945.

[25]  Ravishankar K. Iyer,et al.  Kayotee: A Fault Injection-based System to Assess the Safety and Reliability of Autonomous Vehicles to Faults and Errors , 2019, ArXiv.

[26]  Ruigang Yang,et al.  Adversarial Objects Against LiDAR-Based Autonomous Driving Systems , 2019, ArXiv.

[27]  Jiajun Lu,et al.  Adversarial Examples that Fool Detectors , 2017, ArXiv.

[28]  Kyongsu Yi,et al.  Design and Evaluation of a Driving Mode Decision Algorithm for Automated Driving Vehicle on a Motorway , 2016 .

[29]  Jason Gregory,et al.  Game Engine Architecture , 2009 .

[30]  Ben Y. Zhao,et al.  Multi-channel Jamming Attacks using Cognitive Radios , 2007, 2007 16th International Conference on Computer Communications and Networks.