Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Runtime Stealthy Perception Attacks against DNN-based Adaptive Cruise Control Systems

Xugui Zhou, Anqi Chen, Maxfield Kouzel, Haotian Ren, Morgan McCarty, Cristina Nita-Rotaru, Homa Alemzadeh

TL;DR

This work investigates runtime, context-aware perception attacks against DNN-based Adaptive Cruise Control (ACC) systems. It introduces a novel framework that combines hazard-informed context activation with an optimization-driven adversarial patch generator to perturb camera inputs at run time, aiming to induce hazardous ACC behavior while remaining stealthy. Evaluations on a production-like OpenPilot stack integrated with CARLA show that the attack substantially outperforms baselines in hazard generation, even under safety interventions and driver monitoring, and demonstrate plausible transfer to real-world settings. The study highlights the critical role of human drivers and baseline safety mechanisms in preventing attacks, and it provides actionable insights for designing more robust ADAS against runtime perception attacks.

Abstract

Adaptive Cruise Control (ACC) is a widely used driver assistance technology for maintaining the desired speed and safe distance to the leading vehicle. This paper evaluates the security of the deep neural network (DNN) based ACC systems under runtime stealthy perception attacks that strategically inject perturbations into camera data to cause forward collisions. We present a context-aware strategy for the selection of the most critical times for triggering the attacks and a novel optimization-based method for the adaptive generation of image perturbations at runtime. We evaluate the effectiveness of the proposed attack using an actual vehicle, a publicly available driving dataset, and a realistic simulation platform with the control software from a production ACC system, a physical-world driving simulator, and interventions by the human driver and safety features such as Advanced Emergency Braking System (AEBS). Experimental results show that the proposed attack achieves 142.9 times higher success rate in causing hazards and 82.6% higher evasion rate than baselines, while being stealthy and robust to real-world factors and dynamic changes in the environment. This study highlights the role of human drivers and basic safety mechanisms in preventing attacks.

Runtime Stealthy Perception Attacks against DNN-based Adaptive Cruise Control Systems

TL;DR

This work investigates runtime, context-aware perception attacks against DNN-based Adaptive Cruise Control (ACC) systems. It introduces a novel framework that combines hazard-informed context activation with an optimization-driven adversarial patch generator to perturb camera inputs at run time, aiming to induce hazardous ACC behavior while remaining stealthy. Evaluations on a production-like OpenPilot stack integrated with CARLA show that the attack substantially outperforms baselines in hazard generation, even under safety interventions and driver monitoring, and demonstrate plausible transfer to real-world settings. The study highlights the critical role of human drivers and baseline safety mechanisms in preventing attacks, and it provides actionable insights for designing more robust ADAS against runtime perception attacks.

Abstract

Adaptive Cruise Control (ACC) is a widely used driver assistance technology for maintaining the desired speed and safe distance to the leading vehicle. This paper evaluates the security of the deep neural network (DNN) based ACC systems under runtime stealthy perception attacks that strategically inject perturbations into camera data to cause forward collisions. We present a context-aware strategy for the selection of the most critical times for triggering the attacks and a novel optimization-based method for the adaptive generation of image perturbations at runtime. We evaluate the effectiveness of the proposed attack using an actual vehicle, a publicly available driving dataset, and a realistic simulation platform with the control software from a production ACC system, a physical-world driving simulator, and interventions by the human driver and safety features such as Advanced Emergency Braking System (AEBS). Experimental results show that the proposed attack achieves 142.9 times higher success rate in causing hazards and 82.6% higher evasion rate than baselines, while being stealthy and robust to real-world factors and dynamic changes in the environment. This study highlights the role of human drivers and basic safety mechanisms in preventing attacks.
Paper Structure (33 sections, 3 equations, 23 figures, 11 tables)

This paper contains 33 sections, 3 equations, 23 figures, 11 tables.

Table of Contents

  1. Introduction
  2. ADAS Overview
  3. Adaptive Cruise Control (ACC)
  4. ADAS Safety Mechanisms
  5. OpenPilot
  6. Runtime Context-Aware Perception Attack
  7. Attack Model
  8. Attack Challenges
  9. Attack Design
  10. Context-Aware Attack Activation
  11. Adaptive Adversarial Patch Generation
  12. Safety Intervention Simulation
  13. Evaluation in Simulated Environment
  14. Methodology
  15. Attack Success Rate in Causing Hazards
  16. ...and 18 more sections

Figures (23)

  • Figure 1: ADAS architecture with ACC, AEBS, and ALC.
  • Figure 2: Attack design: Offline preparation, Runtime execution.
  • Figure 3: Optimization-based adversarial patch generation.
  • Figure 4: Examples of the shift and adjustment process in the patch generation. Inset figures are the zoomed-in views of the front vehicle with an adversarial patch added around the license plate area.
  • Figure 5: ACC under attack.
  • ...and 18 more figures