[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

How Many Cameras Do You Need? Adversarial Attacks and Countermeasures for Robust Perception in Autonomous Vehicles

  • Conference paper
  • First Online:
Security, Privacy, and Applied Cryptography Engineering (SPACE 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13783))

Abstract

Deep neural networks have been established by researchers to perform significantly better than prior algorithms in multiple domains, notably in computer vision. Naturally, this resulted in its deployment as a perception module in modern Autonomous Vehicle (AV) and in general for Advanced Driver Assistance Systems (ADAS). ADAS relies heavily on perception module, which harnesses various sensors such as camera, LiDAR, radar, ultrasonic sensor to make navigational decisions. By drawing from the adversarial attacks, which undermine a lot of machine learning applications, recent research shows that the AV perception modules are also vulnerable to adversarial attacks. Suggested countermeasures for these attacks include increasing the number of sensors, which incurs cost overhead and does not present any formal guarantee of protection. Hence, in this paper, we study the robustness and practicality of such a countermeasure. We demonstrate that it is still possible to spoof multiple cameras through adversarial object though, the attack success considerably reduces. Furthermore, the possibility of alternative countermeasures like dimensionality reduction and feature squeezing are investigated. Our study shows that these techniques, when applied together, significantly enhances the robustness of the AV perception system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 51.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 64.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Abdelfattah, M., Yuan, K., Wang, Z.J., Ward, R.: Adversarial attacks on camera-lidar models for 3D car detection (2021). https://doi.org/10.48550/ARXIV.2103.09448, https://arxiv.org/abs/2103.09448

  2. Athalye, A., Engstrom, L., Ilyas, A., Kwok, K.: Synthesizing robust adversarial examples. In: International Conference on Machine Learning, pp. 284–293. PMLR (2018)

    Google Scholar 

  3. Baidu: Apollo: open source autonomous driving. https://github.com/ApolloAuto/apollo

  4. Brown, T.B., Mané, D., Roy, A., Abadi, M., Gilmer, J.: Adversarial patch (2017). https://doi.org/10.48550/ARXIV.1712.09665, https://arxiv.org/abs/1712.09665

  5. Caesar, H., et al.: nuScenes: a multimodal dataset for autonomous driving. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (June 2020)

    Google Scholar 

  6. Cao, Y., et al.: Invisible for both camera and LiDAR: security of multi-sensor fusion based perception in autonomous driving under physical-world attacks. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 176–194 (2021). https://doi.org/10.1109/SP40001.2021.00076

  7. Chattopadhyay, N., Chatterjee, S., Chattopadhyay, A.: Robustness against adversarial attacks using dimensionality. In: Batina, L., Picek, S., Mondal, M. (eds.) SPACE 2021. LNCS, vol. 13162, pp. 226–241. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-95085-9_12

    Chapter  Google Scholar 

  8. Community, B.O.: Blender - a 3D modelling and rendering package. Blender Foundation, Stichting Blender Foundation, Amsterdam (2018). http://www.blender.org

  9. De, K., Pedersen, M.: Impact of colour on robustness of deep neural networks. In: 2021 IEEE/CVF International Conference on Computer Vision Workshops (ICCVW), pp. 21–30 (2021). https://doi.org/10.1109/ICCVW54120.2021.00009

  10. Eykholt, K., et al.: Robust physical-world attacks on deep learning models (2017). https://doi.org/10.48550/ARXIV.1707.08945, https://arxiv.org/abs/1707.08945

  11. Geiger, A., Lenz, P., Stiller, C., Urtasun, R.: Vision meets Robotics: the KITTI dataset. Int. J. Robot. Res. (IJRR) 32(11), 1231–1237 (2013)

    Google Scholar 

  12. Girshick, R.: Fast R-CNN. In: 2015 IEEE International Conference on Computer Vision (ICCV), pp. 1440–1448 (2015). https://doi.org/10.1109/ICCV.2015.169

  13. Girshick, R., Donahue, J., Darrell, T., Malik, J.: Rich feature hierarchies for accurate object detection and semantic segmentation. In: 2014 IEEE Conference on Computer Vision and Pattern Recognition, pp. 580–587 (2014). https://doi.org/10.1109/CVPR.2014.81

  14. Hallyburton, R.S., Liu, Y., Cao, Y., Mao, Z.M., Pajic, M.: Security analysis of camera-lidar fusion against black-box attacks on autonomous vehicles. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 1903–1920. USENIX Association, Boston, MA (2022). https://www.usenix.org/conference/usenixsecurity22/presentation/hallyburton

  15. Ingle, S., Phute, M.: Tesla autopilot: semi autonomous driving, an uptick for future autonomy. Int. Res. J. Eng. Technol. 3(9), 369–372 (2016)

    Google Scholar 

  16. Kato, S., et al.: Autoware on board: enabling autonomous vehicles with embedded systems. In: Proceedings of the 9th ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2018, pp. 287–296. IEEE Press (2018). https://doi.org/10.1109/ICCPS.2018.00035, https://doi.org.remotexs.ntu.edu.sg/10.1109/ICCPS.2018.00035,

  17. Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: Proceedings of the 25th International Conference on Neural Information Processing Systems - Volume 1, pp. 1097–1105. NIPS 2012, Curran Associates Inc., Red Hook, NY, USA (2012)

    Google Scholar 

  18. Lin, T.Y., et al.: Microsoft COCO: common objects in context (2014). https://doi.org/10.48550/ARXIV.1405.0312, https://arxiv.org/abs/1405.0312

  19. Liu, J., Yan, C., Xu, W.: Can you trust autonomous vehicles: contactless attacks against sensors of self-driving vehicles. DEF CON (2016). https://doi.org/10.5446/36252 Accessed 22 Mar 2022

  20. Lu, J., Sibai, H., Fabry, E., Forsyth, D.A.: No need to worry about adversarial examples in object detection in autonomous vehicles. CoRR abs/1707.03501 (2017). http://arxiv.org/abs/1707.03501

  21. Petit, J., Stottelaar, B., Feiri, M., Kargl, F.: Remote attacks on automated vehicles sensors: experiments on camera and lidar. In: Black Hat Europe (2015). https://www.blackhat.com/docs/eu-15/materials/eu-15-Petit-Self-Driving-And-Connected-Cars-Fooling-Sensors-And-Tracking-Drivers-wp1.pdf

  22. Redmon, J., Farhadi, A.: YOLOv3: an incremental improvement. CoRR abs/1804.02767 (2018). http://arxiv.org/abs/1804.02767

  23. Ren, S., He, K., Girshick, R., Sun, J.: Faster R-CNN: towards real-time object detection with region proposal networks. In: Proceedings of the 28th International Conference on Neural Information Processing Systems - Volume 1, pp. 91–99. NIPS 2015, MIT Press, Cambridge, MA, USA (2015)

    Google Scholar 

  24. Rong, G., et al.: LGSVL simulator: a high fidelity simulator for autonomous driving. CoRR abs/2005.03778 (2020). https://arxiv.org/abs/2005.03778

  25. Sun, J., Cao, Y., Chen, Q.A., Mao, Z.M.: Towards robust lidar-based perception in autonomous driving: general black-box adversarial sensor attack and countermeasures. In: 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, pp. 877–894 (2020). https://www.usenix.org/conference/usenixsecurity20/presentation/sun

  26. Sun, P., et al.: Scalability in perception for autonomous driving: WAYMO open dataset. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (2020)

    Google Scholar 

  27. Szegedy, C., et al.: Intriguing properties of neural networks (2013). https://doi.org/10.48550/ARXIV.1312.6199, https://arxiv.org/abs/1312.6199

  28. Wilson, B., et al.: Argoverse 2: next generation datasets for self-driving perception and forecasting. In: Proceedings of the Neural Information Processing Systems Track on Datasets and Benchmarks (NeurIPS Datasets and Benchmarks 2021) (2021)

    Google Scholar 

  29. Xu, W., Evans, D., Qi, Y.: Feature squeezing: detecting adversarial examples in deep neural networks. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, pp. 18–21. The Internet Society (2018). http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_03A-4_Xu_paper.pdf

Download references

Acknowledgements

This research was supported by Desay SV Automotive Singapore, as part of NTU-Desay Collaboration project.

Author information

Authors and Affiliations

  1. Nanyang Technological University, 50 Nanyang Avenue, Singapore, 639798, Singapore

    Tu Anh Ngo, Reuben Jon Chia, Jonathan Chan, Nandish Chattopadhyay & Anupam Chattopadhyay

Authors
  1. Tu Anh Ngo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Reuben Jon Chia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jonathan Chan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nandish Chattopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Anupam Chattopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tu Anh Ngo .

Editor information

Editors and Affiliations

  1. Radboud University, Nijmegen, The Netherlands

    Lejla Batina

  2. Radboud University, Nijmegen, The Netherlands

    Stjepan Picek

  3. Indian Institute of Technology Kharagpur, Kharagpur, India

    Mainack Mondal

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ngo, T.A., Chia, R.J., Chan, J., Chattopadhyay, N., Chattopadhyay, A. (2022). How Many Cameras Do You Need? Adversarial Attacks and Countermeasures for Robust Perception in Autonomous Vehicles. In: Batina, L., Picek, S., Mondal, M. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2022. Lecture Notes in Computer Science, vol 13783. Springer, Cham. https://doi.org/10.1007/978-3-031-22829-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22829-2_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22828-5

  • Online ISBN: 978-3-031-22829-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation