Preventing Adversarial AI Attacks Against Autonomous Situational Awareness: A Maritime Case Study
Mathew J. Walter, Aaron Barrett, Kimberly Tam
TL;DR
This work tackles adversarial AI threats in maritime autonomous systems by introducing the Data Fusion Cyber Resilience (DFCR) method, which leverages multi-input data fusion (AIS, radar, optical) and a novel security-oriented confidence metric. The approach strengthens defence-in-depth through defensive components that validate, cross-check, and re-score detections, rather than relying on single-model sanitisation. Real-world sea trials and controlled experiments demonstrate that DFCR substantially reduces loss under a range of attacks, including perturbations, adversarial patches, and spoofing, while maintaining benign detection performance. The results suggest DFCR offers a practical pathway to secure and resilient AI-driven MAS operations with operator-facing risk signaling and scalable applicability beyond maritime domains.
Abstract
Adversarial artificial intelligence (AI) attacks pose a significant threat to autonomous transportation, such as maritime vessels, that rely on AI components. Malicious actors can exploit these systems to deceive and manipulate AI-driven operations. This paper addresses three critical research challenges associated with adversarial AI: the limited scope of traditional defences, inadequate security metrics, and the need to build resilience beyond model-level defences. To address these challenges, we propose building defences utilising multiple inputs and data fusion to create defensive components and an AI security metric as a novel approach toward developing more secure AI systems. We name this approach the Data Fusion Cyber Resilience (DFCR) method, and we evaluate it through real-world demonstrations and comprehensive quantitative analyses, comparing a system built with the DFCR method against single-input models and models utilising existing state-of-the-art defences. The findings show that the DFCR approach significantly enhances resilience against adversarial machine learning attacks in maritime autonomous system operations, achieving up to a 35\% reduction in loss for successful multi-pronged perturbation attacks, up to a 100\% reduction in loss for successful adversarial patch attacks and up to 100\% reduction in loss for successful spoofing attacks when using these more resilient systems. We demonstrate how DFCR and DFCR confidence scores can reduce adversarial AI contact confidence and improve decision-making by the system, even when typical adversarial defences have been compromised. Ultimately, this work contributes to the development of more secure and resilient AI-driven systems against adversarial attacks.