Novel Vulnerability Discoveries, Measurements, and Attack Designs for Safety-Critical Autonomous Systems from Practicality Perspectives
Abstract
Autonomous systems, such as autonomous driving (AD), rely heavily on real-time perception systems to detect and interpret their surroundings, such as traffic cones, pedestrians, traffic signs, vehicles, etc. These perception systems predominantly employ Deep Neural Networks (DNNs) for tasks such as real-time object detection due to their superior performance. However, DNNs are inherently vulnerable to adversarial attacks—maliciously crafted inputs designed to cause the DNNs to malfunction. Given the safety- and mission-critical nature of autonomous systems, it is crucial to systematically investigate the potential security vulnerabilities of these systems in real-world settings.
So far, one of the most general yet crucial limitations for prior research works in this area is their limited practicality in real-world autonomous system setups, either due to their sole focus on the AI component alone, which makes it non-trivial to transfer their component-only attack effects to the system level, or due to their research scopes limited to academic prototypes instead of real-world systems. For example, almost all prior adversarial attacks on Traffic Sign Recognition (TSR) systems have only assessed the effects on academic TSR models, leaving the impacts on real-world commercial TSR systems largely unexplored. While a few recent works have attempted to evaluate the impact on commercial TSR systems, these efforts are typically confined to a single vehicle model, sometimes even an unidentified one, raising questions about both the generalizability and representativeness of their findings.
In this dissertation, I present a suite of research efforts toward novel vulnerability discoveries, measurements, and attack designs for safety-critical autonomous systems from practicality perspectives. By systematically discovering and understanding the security vulnerabilities at both the DNN model level and autonomous system level, these research efforts aim to provide new and useful insights that can inspire further exploration of this largely under-explored aspect in this research area.