Table of Contents
Fetching ...

Impact Analysis of Inference Time Attack of Perception Sensors on Autonomous Vehicles

Hanlin Chen, Simin Chen, Wenyu Li, Wei Yang, Yiheng Feng

TL;DR

The paper investigates inference-time attacks on autonomous-vehicle perception, showing that adversarial delays can disrupt safety-critical decision-making. It formulates a latency-maximization attack on Pixel2Seq-like perception models and evaluates end-to-end impact in a CARLA-SUMO-ROS pipeline, revealing significant safety degradations such as collisions and traffic-rule violations. The key contributions include identifying that optimal attacks require careful selection of attack intensity and launch timing, demonstrating end-to-end vulnerability beyond perception accuracy, and discussing defense avenues like traffic-informed prediction and resilience to latency. This work highlights a practical safety risk in AV cyber-physical systems and motivates the development of latency-aware defenses and robust perception pipelines for real-world deployment.

Abstract

As a safety-critical cyber-physical system, cybersecurity and related safety issues for Autonomous Vehicles (AVs) have been important research topics for a while. Among all the modules on AVs, perception is one of the most accessible attack surfaces, as drivers and AVs have no control over the outside environment. Most current work targeting perception security for AVs focuses on perception correctness. In this work, we propose an impact analysis based on inference time attacks for autonomous vehicles. We demonstrate in a simulation system that such inference time attacks can also threaten the safety of both the ego vehicle and other traffic participants.

Impact Analysis of Inference Time Attack of Perception Sensors on Autonomous Vehicles

TL;DR

The paper investigates inference-time attacks on autonomous-vehicle perception, showing that adversarial delays can disrupt safety-critical decision-making. It formulates a latency-maximization attack on Pixel2Seq-like perception models and evaluates end-to-end impact in a CARLA-SUMO-ROS pipeline, revealing significant safety degradations such as collisions and traffic-rule violations. The key contributions include identifying that optimal attacks require careful selection of attack intensity and launch timing, demonstrating end-to-end vulnerability beyond perception accuracy, and discussing defense avenues like traffic-informed prediction and resilience to latency. This work highlights a practical safety risk in AV cyber-physical systems and motivates the development of latency-aware defenses and robust perception pipelines for real-world deployment.

Abstract

As a safety-critical cyber-physical system, cybersecurity and related safety issues for Autonomous Vehicles (AVs) have been important research topics for a while. Among all the modules on AVs, perception is one of the most accessible attack surfaces, as drivers and AVs have no control over the outside environment. Most current work targeting perception security for AVs focuses on perception correctness. In this work, we propose an impact analysis based on inference time attacks for autonomous vehicles. We demonstrate in a simulation system that such inference time attacks can also threaten the safety of both the ego vehicle and other traffic participants.
Paper Structure (21 sections, 3 equations, 9 figures)

This paper contains 21 sections, 3 equations, 9 figures.

Figures (9)

  • Figure 1: Problem definition of Object detection and the working mechanism of Pixel2Seq
  • Figure 2: System architecture for end-to-end evaluation
  • Figure 3: Snapshot of evaluation scenarios used for both perception evaluation and end to end evaluation
  • Figure 4: Information update and command generation for the victim autonomous vehicle when under or not under attack
  • Figure 5: Histogram between baseline and pixel2seq under attack
  • ...and 4 more figures