Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SpecGuard: Specification Aware Recovery for Robotic Autonomous Vehicles from Physical Attacks

Pritam Dash, Ethan Chan, Karthik Pattabiraman

TL;DR

SpecGuard addresses the challenge of recovering Robotic Autonomous Vehicles (RAVs) from physical sensor attacks while preserving mission specifications. It couples a Deep-RL recovery policy with a state reconstruction mechanism and formal STL-based mission specifications to enforce multi-constraint safety during recovery. The approach undergoes a two-phase training regime (attack-free learning and adversarial training) and supports reactive and proactive recovery variants, achieving 92% recovery success and 5× lower specification violations than prior methods in virtual tests, with substantial real-world validation (RSR > 90%, SVR 5–10%). The findings demonstrate that specification-aware recovery can maintain safety, timeliness, and mission completion under attacks, at modest computational overhead, enabling practical deployment in diverse operating environments.

Abstract

Robotic Autonomous Vehicles (RAVs) rely on their sensors for perception, and follow strict mission specifications (e.g., altitude, speed, and geofence constraints) for safe and timely operations. Physical attacks can corrupt the RAVs' sensors, resulting in mission failures. Recovering RAVs from such attacks demands robust control techniques that maintain compliance with mission specifications even under attacks to ensure the RAV's safety and timely operations. We propose SpecGuard, a technique that complies with mission specifications and performs safe recovery of RAVs. There are two innovations in SpecGuard. First, it introduces an approach to incorporate mission specifications and learn a recovery control policy using Deep Reinforcement Learning (Deep-RL). We design a compliance-based reward structure that reflects the RAV's complex dynamics and enables SpecGuard to satisfy multiple mission specifications simultaneously. Second, SpecGuard incorporates state reconstruction, a technique that minimizes attack induced sensor perturbations. This reconstruction enables effective adversarial training, and optimizing the recovery control policy for robustness under attacks. We evaluate SpecGuard in both virtual and real RAVs, and find that it achieves 92% recovery success rate under attacks on different sensors, without any crashes or stalls. SpecGuard achieves 2X higher recovery success than prior work, and incurs about 15% performance overhead on real RAVs.

SpecGuard: Specification Aware Recovery for Robotic Autonomous Vehicles from Physical Attacks

TL;DR

SpecGuard addresses the challenge of recovering Robotic Autonomous Vehicles (RAVs) from physical sensor attacks while preserving mission specifications. It couples a Deep-RL recovery policy with a state reconstruction mechanism and formal STL-based mission specifications to enforce multi-constraint safety during recovery. The approach undergoes a two-phase training regime (attack-free learning and adversarial training) and supports reactive and proactive recovery variants, achieving 92% recovery success and 5× lower specification violations than prior methods in virtual tests, with substantial real-world validation (RSR > 90%, SVR 5–10%). The findings demonstrate that specification-aware recovery can maintain safety, timeliness, and mission completion under attacks, at modest computational overhead, enabling practical deployment in diverse operating environments.

Abstract

Robotic Autonomous Vehicles (RAVs) rely on their sensors for perception, and follow strict mission specifications (e.g., altitude, speed, and geofence constraints) for safe and timely operations. Physical attacks can corrupt the RAVs' sensors, resulting in mission failures. Recovering RAVs from such attacks demands robust control techniques that maintain compliance with mission specifications even under attacks to ensure the RAV's safety and timely operations. We propose SpecGuard, a technique that complies with mission specifications and performs safe recovery of RAVs. There are two innovations in SpecGuard. First, it introduces an approach to incorporate mission specifications and learn a recovery control policy using Deep Reinforcement Learning (Deep-RL). We design a compliance-based reward structure that reflects the RAV's complex dynamics and enables SpecGuard to satisfy multiple mission specifications simultaneously. Second, SpecGuard incorporates state reconstruction, a technique that minimizes attack induced sensor perturbations. This reconstruction enables effective adversarial training, and optimizing the recovery control policy for robustness under attacks. We evaluate SpecGuard in both virtual and real RAVs, and find that it achieves 92% recovery success rate under attacks on different sensors, without any crashes or stalls. SpecGuard achieves 2X higher recovery success than prior work, and incurs about 15% performance overhead on real RAVs.
Paper Structure (53 sections, 13 equations, 14 figures, 8 tables, 2 algorithms)

This paper contains 53 sections, 13 equations, 14 figures, 8 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background and Threat Model
  3. Feedback Control Loop in RAVs
  4. Physical Attacks
  5. Deep-RL in Control Tasks
  6. Threat Model
  7. Motivation and Approach
  8. Mission Specification and Safety in RAV
  9. Motivating Example
  10. Research Gap and Challenges
  11. SpecGuard Overview
  12. SpecGuard: Design
  13. Mission Specifications as STL
  14. Monitoring Conditions in STL
  15. Compliance-based Reward Structure
  16. ...and 38 more sections

Figures (14)

  • Figure 1: Feedback control loop in RAVs
  • Figure 2: Mission specifications violations resulting in unsafe recovery. The drone violated (a) Operational boundary and geofence specifications. (b) minimum altitude specification.
  • Figure 3: Sigmoid function based reward assignment for $S_1, S_2$.
  • Figure 4: SpecGuard Architecture and steps in recovery.
  • Figure 5: Operating environments (left to right) - suburban, urban city areas, urban high-rise areas, urban green areas.
  • ...and 9 more figures