Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CP-uniGuard: A Unified, Probability-Agnostic, and Adaptive Framework for Malicious Agent Detection and Defense in Multi-Agent Embodied Perception Systems

Senkang Hu, Yihang Tao, Guowen Xu, Xinyuan Qian, Yiqin Deng, Xianhao Chen, Sam Tak Wu Kwong, Yuguang Fang

TL;DR

A unified, probability-agnostic, and adaptive framework for CP, namely, CP-uniGuard, which is a tailored defense mechanism for CP deployed by each agent to accurately detect and eliminate malicious agents in its collaboration network.

Abstract

Collaborative Perception (CP) has been shown to be a promising technique for multi-agent autonomous driving and multi-agent robotic systems, where multiple agents share their perception information to enhance the overall perception performance and expand the perception range. However, in CP, an ego agent needs to receive messages from its collaborators, which makes it vulnerable to attacks from malicious agents. To address this critical issue, we propose a unified, probability-agnostic, and adaptive framework, namely, CP-uniGuard, which is a tailored defense mechanism for CP deployed by each agent to accurately detect and eliminate malicious agents in its collaboration network. Our key idea is to enable CP to reach a consensus rather than a conflict against an ego agent's perception results. Based on this idea, we first develop a probability-agnostic sample consensus (PASAC) method to effectively sample a subset of the collaborators and verify the consensus without prior probabilities of malicious agents. Furthermore, we define collaborative consistency loss (CCLoss) for object detection task and bird's eye view (BEV) segmentation task to capture the discrepancy between an ego agent and its collaborators, which is used as a verification criterion for consensus. In addition, we propose online adaptive threshold via dual sliding windows to dynamically adjust the threshold for consensus verification and ensure the reliability of the systems in dynamic environments. Finally, we conduct extensive experiments and demonstrate the effectiveness of our framework. Code is available at https://github.com/CP-Security/CP-uniGuard.

CP-uniGuard: A Unified, Probability-Agnostic, and Adaptive Framework for Malicious Agent Detection and Defense in Multi-Agent Embodied Perception Systems

TL;DR

A unified, probability-agnostic, and adaptive framework for CP, namely, CP-uniGuard, which is a tailored defense mechanism for CP deployed by each agent to accurately detect and eliminate malicious agents in its collaboration network.

Abstract

Collaborative Perception (CP) has been shown to be a promising technique for multi-agent autonomous driving and multi-agent robotic systems, where multiple agents share their perception information to enhance the overall perception performance and expand the perception range. However, in CP, an ego agent needs to receive messages from its collaborators, which makes it vulnerable to attacks from malicious agents. To address this critical issue, we propose a unified, probability-agnostic, and adaptive framework, namely, CP-uniGuard, which is a tailored defense mechanism for CP deployed by each agent to accurately detect and eliminate malicious agents in its collaboration network. Our key idea is to enable CP to reach a consensus rather than a conflict against an ego agent's perception results. Based on this idea, we first develop a probability-agnostic sample consensus (PASAC) method to effectively sample a subset of the collaborators and verify the consensus without prior probabilities of malicious agents. Furthermore, we define collaborative consistency loss (CCLoss) for object detection task and bird's eye view (BEV) segmentation task to capture the discrepancy between an ego agent and its collaborators, which is used as a verification criterion for consensus. In addition, we propose online adaptive threshold via dual sliding windows to dynamically adjust the threshold for consensus verification and ensure the reliability of the systems in dynamic environments. Finally, we conduct extensive experiments and demonstrate the effectiveness of our framework. Code is available at https://github.com/CP-Security/CP-uniGuard.

Paper Structure

This paper contains 31 sections, 3 theorems, 22 equations, 6 figures, 8 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Collaborative Perception
  4. Adversarial Perception
  5. Defensive Perception
  6. Problem Setup
  7. Collaborative Perception
  8. Adversarial Threat Model in Collaborative Perception
  9. CP-uniGuard Framework
  10. PASAC: Probability-Agnostic Sample Consensus
  11. Our Method
  12. Theoretical Analysis
  13. Success Probability
  14. Query-Complexity Bounds
  15. Collaborative Consistency Loss Verification
  16. ...and 16 more sections

Key Result

Theorem 1

Let $T\bigl(n,m\bigr)$ be the (random) number of oracle queries incurred by Algorithm alg:pasac with $S=[n]$ and $k=N_{\max}\ge n-m$. Under an $(\alpha,\beta)$-reliable oracle, PASAC mis-classifies at most one agent with probability

Figures (6)

  • Figure 1: Illustration of the threats of malicious agent in collaborative perception and our defense framework, CP-uniGuard. When there is no defense, malicious agents could easily send intricately crafted adversarial messages to an ego agent, consequently misleading the CP system to yield false perception outputs. To counter this vulnerability, we propose CP-uniGuard, a tailored defense mechanism for CP to effectively detect and neutralize malicious agents, thereby ensuring robust perception outcomes.
  • Figure 2: Quantitative results of PASAC: Number of Overall Agents vs Verification Count.
  • Figure 3: Quantitative results of PASAC: Number of Malicious Agents vs Verification Count.
  • Figure 4: Comparison results of PASAC, ROBOSAC and Linear Sampling. The y-axis represents the verification count, which is in logarithmic scale.
  • Figure 5: Ablation study of the adaptive threshold adjustment dynamics for different initial threshold values and window sizes.
  • ...and 1 more figures

Theorems & Definitions (7)

  • Definition 1: $(\alpha,\beta)$-reliability
  • Theorem 1: Success probability of PASAC
  • proof
  • Theorem 2: Upper bound
  • proof
  • Theorem 3: Reliability guarantee
  • proof