Securing Connected & Autonomous Vehicles: Challenges Posed by Adversarial Machine Learning and the Way Forward

Connected and autonomous vehicles (CAVs) will form the backbone of future next-generation intelligent transportation systems (ITS) providing travel comfort, road safety, along with a number of value-added services. Such a transformation—which will be fuelled by concomitant advances in technologies for machine learning (ML) and wireless communications—will enable a future vehicular ecosystem that is better featured and more efficient. However, there are lurking security problems related to the use of ML in such a critical setting where an incorrect ML decision may not only be a nuisance but can lead to loss of precious lives. In this paper, we present an in-depth overview of the various challenges associated with the application of ML in vehicular networks. In addition, we formulate the ML pipeline of CAVs and present various potential security issues associated with the adoption of ML methods. In particular, we focus on the perspective of adversarial ML attacks on CAVs and outline a solution to defend against adversarial attacks in multiple settings.

[1]  Yuan He,et al.  A Trust System for Detecting Selective Forwarding Attacks in VANETs , 2016, BigCom.

[2]  Dumitru Erhan,et al.  Going deeper with convolutions , 2014, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[3]  Jason Yosinski,et al.  Deep neural networks are easily fooled: High confidence predictions for unrecognizable images , 2014, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[4]  Mykel J. Kochenderfer,et al.  Reluplex: An Efficient SMT Solver for Verifying Deep Neural Networks , 2017, CAV.

[5]  Christopher Meek,et al.  Good Word Attacks on Statistical Spam Filters , 2005, CEAS.

[6]  Thomas Brox,et al.  Universal Adversarial Perturbations Against Semantic Image Segmentation , 2017, 2017 IEEE International Conference on Computer Vision (ICCV).

[7]  Sherali Zeadally,et al.  Vehicular ad hoc networks (VANETS): status, results, and challenges , 2010, Telecommunication Systems.

[8]  Fabio Roli,et al.  Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning , 2018, CCS.

[9]  Kun Jiang,et al.  Intelligent and connected vehicles: Current status and future perspectives , 2018, Science China Technological Sciences.

[10]  Victor C. M. Leung,et al.  Delay-Optimal Virtualized Radio Resource Scheduling in Software-Defined Vehicular Networks via Stochastic Learning , 2016, IEEE Transactions on Vehicular Technology.

[11]  David A. Forsyth,et al.  SafetyNet: Detecting and Rejecting Adversarial Examples Robustly , 2017, 2017 IEEE International Conference on Computer Vision (ICCV).

[12]  James A. Storer,et al.  Deflecting Adversarial Attacks with Pixel Deflection , 2018, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[13]  Zhi Xue,et al.  IDSGAN: Generative Adversarial Networks for Attack Generation against Intrusion Detection , 2018, PAKDD.

[14]  Aleksander Madry,et al.  Robustness May Be at Odds with Accuracy , 2018, ICLR.

[15]  Yang Song,et al.  PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples , 2017, ICLR.

[16]  Tomas Olovsson,et al.  Security aspects of the in-vehicle network in the connected car , 2011, 2011 IEEE Intelligent Vehicles Symposium (IV).

[17]  Daniel Kroening,et al.  Concolic Testing for Deep Neural Networks , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[18]  David Hurych,et al.  Challenges in Designing Datasets and Validation for Autonomous Driving , 2019, VISIGRAPP.

[19]  Athanasios V. Vasilakos,et al.  Mobile Crowd Sensing for Traffic Prediction in Internet of Vehicles , 2016, Sensors.

[20]  Baowen Xu,et al.  An Efficient Identity-Based Conditional Privacy-Preserving Authentication Scheme for Vehicular Ad Hoc Networks , 2015, IEEE Transactions on Information Forensics and Security.

[21]  Ankur Taly,et al.  Did the Model Understand the Question? , 2018, ACL.

[22]  Yue Zhao,et al.  DLFuzz: differential fuzzing testing of deep learning systems , 2018, ESEC/SIGSOFT FSE.

[23]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Universal Adversarial Perturbations , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[24]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[25]  Steven E. Shladover,et al.  Potential Cyberattacks on Automated Vehicles , 2015, IEEE Transactions on Intelligent Transportation Systems.

[26]  Christopher Meek,et al.  Adversarial learning , 2005, KDD '05.

[27]  Yongdong Zhang,et al.  APE-GAN: Adversarial Perturbation Elimination with GAN , 2017, ICASSP 2019 - 2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[28]  Dipak Ghosal,et al.  Security vulnerabilities of connected vehicle streams and their impact on cooperative driving , 2015, IEEE Communications Magazine.

[29]  Rama Chellappa,et al.  Defense-GAN: Protecting Classifiers Against Adversarial Attacks Using Generative Models , 2018, ICLR.

[30]  Ting Wang,et al.  TextBugger: Generating Adversarial Text Against Real-world Applications , 2018, NDSS.

[31]  Massimo Bernaschi,et al.  Adversarial Out-domain Examples for Generative Models , 2019, 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[32]  David A. Wagner,et al.  Audio Adversarial Examples: Targeted Attacks on Speech-to-Text , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[33]  Blaine Nelson,et al.  Poisoning Attacks against Support Vector Machines , 2012, ICML.

[34]  Moustapha Cissé,et al.  Houdini: Fooling Deep Structured Visual and Speech Recognition Models with Adversarial Examples , 2017, NIPS.

[35]  Jianxiong Xiao,et al.  DeepDriving: Learning Affordance for Direct Perception in Autonomous Driving , 2015, 2015 IEEE International Conference on Computer Vision (ICCV).

[36]  Cheng Wang,et al.  User Association for Load Balancing in Vehicular Networks: An Online Reinforcement Learning Approach , 2017, IEEE Transactions on Intelligent Transportation Systems.

[37]  Taxonomy and definitions for terms related to driving automation systems for on-road motor vehicles , 2022 .

[38]  Fabio Roli,et al.  Evasion Attacks against Machine Learning at Test Time , 2013, ECML/PKDD.

[39]  Marco Gruteser,et al.  Automatic Unusual Driving Event Identification for Dependable Self-Driving , 2018, SenSys.

[40]  Jennie Lioris,et al.  Platoons of connected vehicles can double throughput in urban roads , 2015, 1511.00775.

[41]  Alexei A. Efros,et al.  The Unreasonable Effectiveness of Deep Features as a Perceptual Metric , 2018, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[42]  Guneet Singh Dhillon,et al.  TOCHASTIC ACTIVATION PRUNING FOR ROBUST ADVERSARIAL DEFENSE , 2018 .

[43]  Aleksander Madry,et al.  Exploring the Landscape of Spatial Robustness , 2017, ICML.

[44]  Eduardo Valle,et al.  Adversarial Attacks on Variational Autoencoders , 2018, LatinX in AI at Neural Information Processing Systems Conference 2018.

[45]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[46]  Bernd Eissfeller,et al.  Emerging attacks on VANET security based on GPS Time Spoofing , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[47]  Tao Li,et al.  Modeling Uncertainty in Vehicle Trajectory Prediction in a Mixed Connected and Autonomous Vehicle Environment using Deep Learning and Kernel Density Estimation , 2018 .

[48]  Mohamed Azab,et al.  Survey on Security Issues in Vehicular Ad Hoc Networks , 2015 .

[49]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[50]  Alan L. Yuille,et al.  Mitigating adversarial effects through randomization , 2017, ICLR.

[51]  Sabina Jeschke,et al.  A Review of Truck Platooning Projects for Energy Savings , 2016, IEEE Transactions on Intelligent Vehicles.

[52]  Mohsen Guizani,et al.  ACPN: A Novel Authentication Framework with Conditional Privacy-Preservation and Non-Repudiation for VANETs , 2015, IEEE Transactions on Parallel and Distributed Systems.

[53]  Ali Farhadi,et al.  YOLOv3: An Incremental Improvement , 2018, ArXiv.

[54]  Steven E Shladover,et al.  ROADWAY AUTOMATION TECHNOLOGY--RESEARCH NEEDS , 1990 .

[55]  Sadayuki Tsugawa,et al.  Super smart vehicle system: AVCS related systems for the future , 1992, Proceedings of the Intelligent Vehicles `92 Symposium.

[56]  Pedro J. Navarro,et al.  A Systematic Review of Perception System and Simulators for Autonomous Vehicles Research , 2019, Sensors.

[57]  Beilun Wang,et al.  DeepCloak: Masking Deep Neural Network Models for Robustness Against Adversarial Samples , 2017, ICLR.

[58]  Steven E. Shladover,et al.  Connected and automated vehicle systems: Introduction and overview , 2018, J. Intell. Transp. Syst..

[59]  Judy Hoffman,et al.  Predictive Inequity in Object Detection , 2019, ArXiv.

[60]  Zoubin Ghahramani,et al.  Adversarial Examples, Uncertainty, and Transfer Testing Robustness in Gaussian Process Hybrid Deep Networks , 2017, 1707.02476.

[61]  Georgios Fainekos,et al.  Gray-box adversarial testing for control systems with machine learning components , 2018, HSCC.

[62]  Minglu Li,et al.  A novel vehicular location prediction based on mobility patterns for routing in urban VANET , 2012, EURASIP J. Wirel. Commun. Netw..

[63]  Samuel Pierre,et al.  Centralized and Localized Data Congestion Control Strategy for Vehicular Ad Hoc Networks Using a Machine Learning Clustering Algorithm , 2016, IEEE Transactions on Intelligent Transportation Systems.

[64]  Sanjay E. Sarma,et al.  A Survey of the Connected Vehicle Landscape—Architectures, Enabling Technologies, Applications, and Development Areas , 2017, IEEE Transactions on Intelligent Transportation Systems.

[65]  Junfeng Yang,et al.  Towards Practical Verification of Machine Learning: The Case of Computer Vision Systems , 2017, ArXiv.

[66]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[67]  Hao Chen,et al.  MagNet: A Two-Pronged Defense against Adversarial Examples , 2017, CCS.

[68]  Srikrishna Varadarajan,et al.  RADnet: Radiologist level accuracy using deep learning for hemorrhage detection in CT scans , 2017, 2018 IEEE 15th International Symposium on Biomedical Imaging (ISBI 2018).

[69]  Girish Chowdhary,et al.  Robust Deep Reinforcement Learning with Adversarial Attacks , 2017, AAMAS.

[70]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[71]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[72]  Dayong Shen,et al.  Traffic Sign Recognition Using Kernel Extreme Learning Machines With Deep Perceptual Features , 2017, IEEE Transactions on Intelligent Transportation Systems.

[73]  Vicente Milanés Montero,et al.  Cooperative Adaptive Cruise Control in Real Traffic Situations , 2014, IEEE Transactions on Intelligent Transportation Systems.

[74]  Fei-Fei Li,et al.  ImageNet: A large-scale hierarchical image database , 2009, 2009 IEEE Conference on Computer Vision and Pattern Recognition.

[75]  Moustapha Cissé,et al.  Countering Adversarial Images using Input Transformations , 2018, ICLR.

[76]  Arslan Munir,et al.  Vulnerability of Deep Reinforcement Learning to Policy Induction Attacks , 2017, MLDM.

[77]  Maxim Raya,et al.  Certificate Revocation in Vehicular Networks , 2006 .

[78]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[79]  Kamyar Azizzadenesheli,et al.  Stochastic Activation Pruning for Robust Adversarial Defense , 2018, ICLR.

[80]  Jalel Ben-Othman,et al.  Survey on VANET security challenges and possible cryptographic solutions , 2014, Veh. Commun..

[81]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[82]  Nan Zhao,et al.  Integrated Networking, Caching, and Computing for Connected Vehicles: A Deep Reinforcement Learning Approach , 2018, IEEE Transactions on Vehicular Technology.

[83]  Seong Joon Oh,et al.  Sequential Attacks on Agents for Long-Term Adversarial Goals , 2018, ArXiv.

[84]  Lei Ma,et al.  DeepGauge: Multi-Granularity Testing Criteria for Deep Learning Systems , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[85]  Dawn Xiaodong Song,et al.  Adversarial Example Defenses: Ensembles of Weak Defenses are not Strong , 2017, ArXiv.

[86]  Patrick D. McDaniel,et al.  Adversarial Perturbations Against Deep Neural Networks for Malware Classification , 2016, ArXiv.

[87]  Zheng Liu,et al.  Traffic light recognition in varying illumination using deep learning and saliency map , 2014, 17th International IEEE Conference on Intelligent Transportation Systems (ITSC).

[88]  Sherali Zeadally,et al.  Autonomous Cars: Research Results, Issues, and Future Challenges , 2019, IEEE Communications Surveys & Tutorials.

[89]  Aleksander Madry,et al.  On Evaluating Adversarial Robustness , 2019, ArXiv.

[90]  Massimo Bernaschi,et al.  Out-domain examples for generative models , 2019, ArXiv.

[91]  Joseph Gardiner,et al.  On the Security of Machine Learning in Malware C&C Detection , 2016, ACM Comput. Surv..

[92]  Nathalie Japkowicz,et al.  Anomaly Detection in Automobile Control Network Data with Long Short-Term Memory Networks , 2016, 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA).

[93]  Amin Karami,et al.  ACCPndn: Adaptive Congestion Control Protocol in Named Data Networking by learning capacities using optimized Time-Lagged Feedforward Neural Network , 2015, J. Netw. Comput. Appl..

[94]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[95]  Dr.Irshad Ahmed Sumra,et al.  Attacks on Security Goals (Confidentiality, Integrity, Availability) in VANET: A Survey , 2015 .

[96]  Etienne Perot,et al.  Deep Reinforcement Learning framework for Autonomous Driving , 2017, Autonomous Vehicles and Machines.

[97]  Debdeep Mukhopadhyay,et al.  Adversarial Attacks and Defences: A Survey , 2018, ArXiv.

[98]  Heng Wang,et al.  Robotics and Autonomous Systems , 2022 .

[99]  Xinming Huang,et al.  End-to-end learning for lane keeping of self-driving cars , 2017, 2017 IEEE Intelligent Vehicles Symposium (IV).

[100]  Xiang Cheng,et al.  Channel Prediction Based Scheduling for Data Dissemination in VANETs , 2017, IEEE Communications Letters.

[101]  Andrew Walenstein,et al.  A Survey of Anomaly Detection for Connected Vehicle Cybersecurity and Safety , 2018, 2018 IEEE Intelligent Vehicles Symposium (IV).

[102]  Yi Zhang,et al.  Human-like Autonomous Vehicle Speed Control by Deep Reinforcement Learning with Double Q-Learning , 2018, 2018 IEEE Intelligent Vehicles Symposium (IV).

[103]  Jiann-Shiun Yuan,et al.  Anomaly Generation Using Generative Adversarial Networks in Host-Based Intrusion Detection , 2018, 2018 9th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON).

[104]  Xiangyu Zhang,et al.  Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples , 2018, NeurIPS.

[105]  Philip H. S. Torr,et al.  On the Robustness of Semantic Segmentation Models to Adversarial Attacks , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[106]  Murat Kantarcioglu,et al.  Adversarial Machine Learning , 2018, Adversarial Machine Learning.

[107]  Nitin H. Vaidya,et al.  A vehicle-to-vehicle communication protocol for cooperative collision warning , 2004, The First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004..

[108]  Jan Hendrik Metzen,et al.  On Detecting Adversarial Perturbations , 2017, ICLR.

[109]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[110]  Aleksander Madry,et al.  Towards Deep Learning Models Resistant to Adversarial Attacks , 2017, ICLR.

[111]  Alexey V. Vinel,et al.  AI-Based Malicious Network Traffic Detection in VANETs , 2018, IEEE Network.

[112]  Sarfraz Khurshid,et al.  DeepRoad: GAN-Based Metamorphic Testing and Input Validation Framework for Autonomous Driving Systems , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[113]  Junfeng Yang,et al.  Formal Security Analysis of Neural Networks using Symbolic Intervals , 2018, USENIX Security Symposium.

[114]  Paulina Grnarova,et al.  Defending Against Adversarial Attacks by Leveraging an Entire GAN , 2018, ArXiv.

[115]  Vatsal Sharan,et al.  A Spectral View of Adversarially Robust Features , 2018, NeurIPS.

[116]  David Wagner,et al.  Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods , 2017, AISec@CCS.

[117]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[118]  Demis Hassabis,et al.  Mastering the game of Go with deep neural networks and tree search , 2016, Nature.

[119]  Ming-Yu Liu,et al.  Tactics of Adversarial Attack on Deep Reinforcement Learning Agents , 2017, IJCAI.

[120]  Dongpu Cao,et al.  Neural Network Based Uncertainty Prediction for Autonomous Vehicle Application , 2019, Front. Neurorobot..

[121]  Sebastian Ramos,et al.  Detecting unexpected obstacles for self-driving cars: Fusing deep learning and geometric modeling , 2016, 2017 IEEE Intelligent Vehicles Symposium (IV).

[122]  Ajmal Mian,et al.  Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey , 2018, IEEE Access.

[123]  Ian Goodfellow,et al.  TensorFuzz: Debugging Neural Networks with Coverage-Guided Fuzzing , 2018, ICML.

[124]  Colin Raffel,et al.  Thermometer Encoding: One Hot Way To Resist Adversarial Examples , 2018, ICLR.

[125]  Gregory Dudek,et al.  Generating Adversarial Driving Scenarios in High-Fidelity Simulators , 2019, 2019 International Conference on Robotics and Automation (ICRA).

[126]  Bistra N. Dilkina,et al.  Combinatorial Attacks on Binarized Neural Networks , 2019, ICLR.

[127]  Azim Eskandarian,et al.  Challenges of intervehicle ad hoc networks , 2004, IEEE Transactions on Intelligent Transportation Systems.

[128]  Dan Boneh,et al.  Ensemble Adversarial Training: Attacks and Defenses , 2017, ICLR.

[129]  Kouichi Sakurai,et al.  One Pixel Attack for Fooling Deep Neural Networks , 2017, IEEE Transactions on Evolutionary Computation.

[130]  Geoffrey Ye Li,et al.  Toward Intelligent Vehicular Networks: A Machine Learning Framework , 2018, IEEE Internet of Things Journal.

[131]  Xin Zhang,et al.  End to End Learning for Self-Driving Cars , 2016, ArXiv.

[132]  Kaizhu Huang,et al.  A Unified Gradient Regularization Family for Adversarial Examples , 2015, 2015 IEEE International Conference on Data Mining.

[133]  Geoffrey E. Hinton,et al.  Distilling the Knowledge in a Neural Network , 2015, ArXiv.

[134]  Yinan Yu,et al.  Elements of Effective Deep Reinforcement Learning towards Tactical Driving Decision Making , 2018, ArXiv.

[135]  James H Rillings AUTOMATED HIGHWAYS : CARS THAT DRIVE THEMSELVES IN TIGHT FORMATION MIGHT ALLEVIATE THE CONGESTION NOW PLAGUING URBAN FREEWAYS , 1997 .

[136]  Dan Boneh,et al.  The Space of Transferable Adversarial Examples , 2017, ArXiv.

[137]  Adrian Perrig,et al.  Challenges in Securing Vehicular Networks , 2005 .

[138]  Muhammad Ejaz Ahmed,et al.  Poster: Adversarial Examples for Classifiers in High-Dimensional Network Data , 2017, CCS.

[139]  Mayank Bansal,et al.  ChauffeurNet: Learning to Drive by Imitating the Best and Synthesizing the Worst , 2018, Robotics: Science and Systems.

[140]  Hassan Foroosh,et al.  CAMOU: Learning Physical Vehicle Camouflages to Adversarially Attack Detectors in the Wild , 2018, ICLR.

[141]  Azzedine Boukerche,et al.  Data communication in VANETs: Protocols, applications and challenges , 2016, Ad Hoc Networks.

[142]  Nic Ford,et al.  Adversarial Examples Are a Natural Consequence of Test Error in Noise , 2019, ICML.

[143]  Matthias Bethge,et al.  Towards the first adversarially robust neural network model on MNIST , 2018, ICLR.

[144]  Xin He,et al.  Simple Physical Adversarial Examples against End-to-End Autonomous Driving Models , 2019, 2019 IEEE International Conference on Embedded Software and Systems (ICESS).

[145]  Andrew Y. Ng,et al.  CheXNet: Radiologist-Level Pneumonia Detection on Chest X-Rays with Deep Learning , 2017, ArXiv.

[146]  Antonella Molinaro,et al.  From Theory to Experimental Evaluation: Resource Management in Software-Defined Vehicular Networks , 2017, IEEE Access.

[147]  Mario Gerla,et al.  Congestion Attacks to Autonomous Cars Using Vehicular Botnets , 2015 .

[148]  Gang Wang,et al.  Man vs. Machine: Practical Adversarial Detection of Malicious Crowdsourcing Workers , 2014, USENIX Security Symposium.

[149]  Sinem Coleri Ergen,et al.  Data-driven abnormal behavior detection for autonomous platoon , 2017, 2017 IEEE Vehicular Networking Conference (VNC).

[150]  Dorothea Kolossa,et al.  Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding , 2018, NDSS.

[151]  Alex Krizhevsky,et al.  Learning Multiple Layers of Features from Tiny Images , 2009 .

[152]  Andrew M. Dai,et al.  Adversarial Training Methods for Semi-Supervised Text Classification , 2016, ICLR.

[153]  Prateek Mittal,et al.  Rogue Signs: Deceiving Traffic Sign Recognition with Malicious Ads and Logos , 2018, ArXiv.

[154]  Luis Gonzalez,et al.  Building Robust Deep Neural Networks for Road Sign Detection , 2017, ArXiv.

[155]  Zhendong Ma,et al.  Privacy in inter-vehicular networks: Why simple pseudonym change is not enough , 2010, 2010 Seventh International Conference on Wireless On-demand Network Systems and Services (WONS).

[156]  Wen-Chuan Lee,et al.  Trojaning Attack on Neural Networks , 2018, NDSS.

[157]  Duen Horng Chau,et al.  ShapeShifter: Robust Physical Adversarial Attack on Faster R-CNN Object Detector , 2018, ECML/PKDD.

[158]  Ernst Dieter Dickmanns VISION FOR GROUND VEHICLES: HISTORY AND PROSPECTS , 2002 .

[159]  Dawn Song,et al.  Physical Adversarial Examples for Object Detectors , 2018, WOOT @ USENIX Security Symposium.

[160]  Matthias Hein,et al.  Provable Robustness of ReLU networks via Maximization of Linear Regions , 2018, AISTATS.

[161]  Luiz Eduardo Soares de Oliveira,et al.  Stream learning and anomaly-based intrusion detection in the adversarial settings , 2017, 2017 IEEE Symposium on Computers and Communications (ISCC).

[162]  Hiroyuki Shindo,et al.  Interpretable Adversarial Perturbation in Input Embedding Space for Text , 2018, IJCAI.

[163]  Ricardo Omar Chávez García,et al.  Multiple Sensor Fusion and Classification for Moving Object Detection and Tracking , 2016, IEEE Transactions on Intelligent Transportation Systems.

[164]  Kaiming He,et al.  Mask R-CNN , 2017, 2017 IEEE International Conference on Computer Vision (ICCV).

[165]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[166]  Yongdong Zhang,et al.  Supervised Hash Coding With Deep Neural Network for Environment Perception of Intelligent Vehicles , 2018, IEEE Transactions on Intelligent Transportation Systems.

[167]  Jia Yuan Yu,et al.  A Reinforcement Learning Technique for Optimizing Downlink Scheduling in an Energy-Limited Vehicular Network , 2017, IEEE Transactions on Vehicular Technology.

[168]  Geoffrey Ye Li,et al.  Deep Reinforcement Learning for Resource Allocation in V2V Communications , 2017, 2018 IEEE International Conference on Communications (ICC).

[169]  Hans-Peter Glathe Prometheus - A Cooperative Effort of the European Automotive Manufacturers , 1994 .

[170]  Corina S. Pasareanu,et al.  DeepSafe: A Data-driven Approach for Checking Adversarial Robustness in Neural Networks , 2017, ArXiv.

[171]  Ananthram Swami,et al.  Crafting adversarial input sequences for recurrent neural networks , 2016, MILCOM 2016 - 2016 IEEE Military Communications Conference.

[172]  Zhibo Wang,et al.  A survey on Adversarial Attacks and Defenses in Text , 2019, ArXiv.

[173]  Prateek Mittal,et al.  DARTS: Deceiving Autonomous Cars with Toxic Signs , 2018, ArXiv.

[174]  Luca Rigazio,et al.  Towards Deep Neural Network Architectures Robust to Adversarial Examples , 2014, ICLR.

[175]  J. Zico Kolter,et al.  Provable defenses against adversarial examples via the convex outer adversarial polytope , 2017, ICML.

[176]  Mykel J. Kochenderfer,et al.  Reinforcement Learning with Probabilistic Guarantees for Autonomous Driving , 2019, ArXiv.

[177]  Clark W. Barrett,et al.  Provably Minimally-Distorted Adversarial Examples , 2017 .

[178]  Thomas Brox,et al.  Adversarial Examples for Semantic Image Segmentation , 2017, ICLR.

[179]  Patrick D. McDaniel,et al.  Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples , 2016, ArXiv.

[180]  Aleksander Madry,et al.  A Rotation and a Translation Suffice: Fooling CNNs with Simple Transformations , 2017, ArXiv.

[181]  Christos Katrakazas,et al.  Real-time motion planning methods for autonomous on-road driving: State-of-the-art and future research directions , 2015 .

[182]  Philip Koopman,et al.  Autonomous Vehicle Safety: An Interdisciplinary Challenge , 2017, IEEE Intelligent Transportation Systems Magazine.

[183]  Chung Choo Chung,et al.  Probabilistic vehicle trajectory prediction over occupancy grid map via recurrent neural network , 2017, 2017 IEEE 20th International Conference on Intelligent Transportation Systems (ITSC).

[184]  Chadi Assi,et al.  Deep reinforcement learning-based scheduling for roadside communication networks , 2017, 2017 15th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks (WiOpt).

[185]  Toshiyuki Yamamoto,et al.  Modeling connected and autonomous vehicles in heterogeneous traffic flow , 2018 .

[186]  Pedro M. Domingos,et al.  Adversarial classification , 2004, KDD.

[187]  Xiaolin Hu,et al.  Defense Against Adversarial Attacks Using High-Level Representation Guided Denoiser , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[188]  Percy Liang,et al.  Adversarial Examples for Evaluating Reading Comprehension Systems , 2017, EMNLP.

[189]  Ian S. Fischer,et al.  Learning to Attack: Adversarial Transformation Networks , 2018, AAAI.

[190]  Dawn Xiaodong Song,et al.  Adversarial Examples for Generative Models , 2017, 2018 IEEE Security and Privacy Workshops (SPW).

[191]  Geoffrey Ye Li,et al.  Machine Learning for Vehicular Networks: Recent Advances and Application Examples , 2018, IEEE Vehicular Technology Magazine.

[192]  Rama Chellappa,et al.  UPSET and ANGRI : Breaking High Performance Image Classifiers , 2017, ArXiv.

[193]  Mykel J. Kochenderfer,et al.  Towards Proving the Adversarial Robustness of Deep Neural Networks , 2017, FVAV@iFM.

[194]  Ryan P. Adams,et al.  Motivating the Rules of the Game for Adversarial Example Research , 2018, ArXiv.

[195]  Xuemin Shen,et al.  Real-Time Path Planning Based on Hybrid-VANET-Enhanced Transportation System , 2015, IEEE Transactions on Vehicular Technology.

[196]  Martín Abadi,et al.  Adversarial Patch , 2017, ArXiv.

[197]  Paulo Tabuada,et al.  Non-invasive Spoofing Attacks for Anti-lock Braking Systems , 2013, CHES.

[198]  David L. Dill,et al.  Ground-Truth Adversarial Examples , 2017, ArXiv.

[199]  Blaine Nelson,et al.  The security of machine learning , 2010, Machine Learning.

[200]  Nicholas Carlini,et al.  Is AmI (Attacks Meet Interpretability) Robust to Adversarial Examples? , 2019, ArXiv.

[201]  Rudolf Mathar,et al.  On Generation of Adversarial Examples using Convex Programming , 2018, 2018 52nd Asilomar Conference on Signals, Systems, and Computers.

[202]  Georgios Fainekos,et al.  Simulation-based Adversarial Test Generation for Autonomous Vehicles with Machine Learning Components , 2018, 2018 IEEE Intelligent Vehicles Symposium (IV).

[203]  Yanjun Qi,et al.  Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks , 2017, NDSS.

[204]  Xiao-Yun Lu,et al.  COOPERATIVE ADAPTIVE CRUISE CONTROL (CACC) DEFINITIONS AND OPERATING CONCEPTS , 2015 .

[205]  Mohak Shah,et al.  Is it Safe to Drive? An Overview of Factors, Challenges, and Datasets for Driveability Assessment in Autonomous Driving , 2018, ArXiv.

[206]  Fabio Roli,et al.  Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues , 2013, Inf. Sci..

[207]  Suman Jana,et al.  DeepTest: Automated Testing of Deep-Neural-Network-Driven Autonomous Cars , 2017, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[208]  Daniel Kroening,et al.  Global Robustness Evaluation of Deep Neural Networks with Provable Guarantees for L0 Norm , 2018, ArXiv.

[209]  Arunesh Sinha,et al.  A Learning and Masking Approach to Secure Learning , 2017, GameSec.

[210]  Danilo Alves de Lima,et al.  Autonomous vehicles: scientometric and bibliometric review* , 2018, Transport Reviews.

[211]  Lin Yao,et al.  V2X Routing in a VANET Based on the Hidden Markov Model , 2018, IEEE Transactions on Intelligent Transportation Systems.

[212]  Véronique Berge-Cherfaoui,et al.  Vehicle trajectory prediction based on motion model and maneuver recognition , 2013, 2013 IEEE/RSJ International Conference on Intelligent Robots and Systems.

[213]  Samy Bengio,et al.  Adversarial examples in the physical world , 2016, ICLR.

[214]  Michael P. Wellman,et al.  Towards the Science of Security and Privacy in Machine Learning , 2016, ArXiv.

[215]  Ananthram Swami,et al.  Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[216]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[217]  Antonio Alfredo Ferreira Loureiro,et al.  Real-time path planning to prevent traffic jam through an intelligent transportation system , 2016, 2016 IEEE Symposium on Computers and Communication (ISCC).

[218]  Junaid Qadir,et al.  Adversarial Attacks on Cognitive Self-Organizing Networks: The Challenge and the Way Forward , 2018, 2018 IEEE 43rd Conference on Local Computer Networks Workshops (LCN Workshops).

[219]  Somesh Jha,et al.  Semantic Adversarial Deep Learning , 2018, IEEE Design & Test.

[220]  Hyunbum Kim,et al.  Detecting Location Spoofing using ADAS sensors in VANETs , 2019, 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[221]  Xuemin Shen,et al.  Connected Vehicles: Solutions and Challenges , 2014, IEEE Internet of Things Journal.

[222]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[223]  Geoffrey Ye Li,et al.  Vehicular Communications: A Network Layer Perspective , 2017, IEEE Transactions on Vehicular Technology.

[224]  Yoshua Bengio,et al.  Gradient-based learning applied to document recognition , 1998, Proc. IEEE.

[225]  Liqun Sun,et al.  Metamorphic testing of driverless cars , 2019, Commun. ACM.

[226]  Elisabeth Uhlemann,et al.  Introducing Connected Vehicles [Connected Vehicles] , 2015, IEEE Vehicular Technology Magazine.

[227]  Trevor Darrell,et al.  Caffe: Convolutional Architecture for Fast Feature Embedding , 2014, ACM Multimedia.

[228]  Wei Li,et al.  DeepBillboard: Systematic Physical-World Testing of Autonomous Driving Systems , 2018, 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE).

[229]  Dale Schuurmans,et al.  Learning with a Strong Adversary , 2015, ArXiv.

[230]  Zheng Wang,et al.  Deep Learning-Based Intrusion Detection With Adversaries , 2018, IEEE Access.

[231]  Qi Hao,et al.  Deep Learning for Intelligent Wireless Networks: A Comprehensive Survey , 2018, IEEE Communications Surveys & Tutorials.

[232]  Pan He,et al.  Adversarial Examples: Attacks and Defenses for Deep Learning , 2017, IEEE Transactions on Neural Networks and Learning Systems.

[233]  Blaine Nelson,et al.  Can machine learning be secure? , 2006, ASIACCS '06.

[234]  Andrew Slavin Ross,et al.  Improving the Adversarial Robustness and Interpretability of Deep Neural Networks by Regularizing their Input Gradients , 2017, AAAI.

[235]  Khattab M. Ali Alheeti,et al.  Intelligent Intrusion Detection of Grey Hole and Rushing Attacks in Self-Driving Vehicular Networks , 2016, Comput..

[236]  Antonio Iera,et al.  LTE for vehicular networking: a survey , 2013, IEEE Communications Magazine.