Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CP-Guard: Malicious Agent Detection and Defense in Collaborative Bird's Eye View Perception

Senkang Hu, Yihang Tao, Guowen Xu, Yiqin Deng, Xianhao Chen, Yuguang Fang, Sam Kwong

TL;DR

This work tackles the vulnerability of collaborative perception (CP) to malicious agents by introducing CP-Guard, a defense framework that enforces consensus rather than conflict with ego perception. It combines Probability-Agnostic Sample Consensus (PASAC) for efficient, prior-free subset sampling with Collaborative Consistency Loss (CCLoss) to verify consensus between the ego and collaborators, enabling autonomous detection and removal of malicious CAVs. Extensive experiments on collaborative BEV segmentation using the V2X-Sim dataset show that CP-Guard restores performance under FGSM, C&W, and PGD attacks (e.g., achieving $mIoU$ near the upper bound of 40.45 and around 39.3–39.34 for FGSM and PGD with $\varepsilon=0.08$) and outperforms prior methods like ROBOSAC in verification efficiency and robustness. The approach offers practical defense for real-world CP deployments by avoiding prior malicious-rate priors and providing a scalable mechanism to maintain robust CP in autonomous driving systems.

Abstract

Collaborative Perception (CP) has shown a promising technique for autonomous driving, where multiple connected and autonomous vehicles (CAVs) share their perception information to enhance the overall perception performance and expand the perception range. However, in CP, ego CAV needs to receive messages from its collaborators, which makes it easy to be attacked by malicious agents. For example, a malicious agent can send harmful information to the ego CAV to mislead it. To address this critical issue, we propose a novel method, CP-Guard, a tailored defense mechanism for CP that can be deployed by each agent to accurately detect and eliminate malicious agents in its collaboration network. Our key idea is to enable CP to reach a consensus rather than a conflict against the ego CAV's perception results. Based on this idea, we first develop a probability-agnostic sample consensus (PASAC) method to effectively sample a subset of the collaborators and verify the consensus without prior probabilities of malicious agents. Furthermore, we define a collaborative consistency loss (CCLoss) to capture the discrepancy between the ego CAV and its collaborators, which is used as a verification criterion for consensus. Finally, we conduct extensive experiments in collaborative bird's eye view (BEV) tasks and our results demonstrate the effectiveness of our CP-Guard. Code is available at https://github.com/CP-Security/CP-Guard

CP-Guard: Malicious Agent Detection and Defense in Collaborative Bird's Eye View Perception

TL;DR

This work tackles the vulnerability of collaborative perception (CP) to malicious agents by introducing CP-Guard, a defense framework that enforces consensus rather than conflict with ego perception. It combines Probability-Agnostic Sample Consensus (PASAC) for efficient, prior-free subset sampling with Collaborative Consistency Loss (CCLoss) to verify consensus between the ego and collaborators, enabling autonomous detection and removal of malicious CAVs. Extensive experiments on collaborative BEV segmentation using the V2X-Sim dataset show that CP-Guard restores performance under FGSM, C&W, and PGD attacks (e.g., achieving near the upper bound of 40.45 and around 39.3–39.34 for FGSM and PGD with ) and outperforms prior methods like ROBOSAC in verification efficiency and robustness. The approach offers practical defense for real-world CP deployments by avoiding prior malicious-rate priors and providing a scalable mechanism to maintain robust CP in autonomous driving systems.

Abstract

Collaborative Perception (CP) has shown a promising technique for autonomous driving, where multiple connected and autonomous vehicles (CAVs) share their perception information to enhance the overall perception performance and expand the perception range. However, in CP, ego CAV needs to receive messages from its collaborators, which makes it easy to be attacked by malicious agents. For example, a malicious agent can send harmful information to the ego CAV to mislead it. To address this critical issue, we propose a novel method, CP-Guard, a tailored defense mechanism for CP that can be deployed by each agent to accurately detect and eliminate malicious agents in its collaboration network. Our key idea is to enable CP to reach a consensus rather than a conflict against the ego CAV's perception results. Based on this idea, we first develop a probability-agnostic sample consensus (PASAC) method to effectively sample a subset of the collaborators and verify the consensus without prior probabilities of malicious agents. Furthermore, we define a collaborative consistency loss (CCLoss) to capture the discrepancy between the ego CAV and its collaborators, which is used as a verification criterion for consensus. Finally, we conduct extensive experiments in collaborative bird's eye view (BEV) tasks and our results demonstrate the effectiveness of our CP-Guard. Code is available at https://github.com/CP-Security/CP-Guard

Paper Structure

This paper contains 23 sections, 5 equations, 3 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Collaborative Perception
  4. Adversarial Perception
  5. Defensive Perception
  6. Problem Setup
  7. Collaborative BEV Segmentation
  8. Adversarial Threat Model in CP
  9. Method
  10. Probability-Agnostic Sample Consensus
  11. Collaborative Consistency Loss Verification
  12. Experiments
  13. Experimental Setup
  14. Datasets and Evaluation Metrics.
  15. Implementation Details.
  16. ...and 8 more sections

Figures (3)

  • Figure 1: Illustration of the threats of malicious agent in collaborative perception and our defense framework, CP-Guard. When there is no defense, malicious CAVs could easily send intricately crafted adversarial messages to the ego CAV, consequently misleading the CP system and resulting in false perception outputs. To counter this vulnerability, we propose CP-Guard, a tailored defense mechanism for CP that can effectively detect and neutralize malicious agents, thereby ensuring robust perception outcomes.
  • Figure 2: Quantitative results of PASAC: Number of Agents vs Verification Count.
  • Figure 3: Visualization of no defense and defensive CP-Guard results on V2X-Sim datasets.