SoK: How Sensor Attacks Disrupt Autonomous Vehicles: An End-to-end Analysis, Challenges, and Missed Threats
Qingzhao Zhang, Shaocheng Luo, Z. Morley Mao, Miroslav Pajic, Michael K. Reiter
TL;DR
This SoK surveys end-to-end sensor-attacks in autonomous vehicles by introducing the System Error Propagation Graph (SEPG), which maps how sensor perturbations propagate through perception, localization, tracking, prediction, planning, and control to yield physical impacts. It covers cross-platform, multi-modal sensors, and attacks across SDCs, UGVs, and UAVs, identifying 8 feasibility insights and 12 underexplored attack vectors, some validated via proof-of-concept experiments. The methodology combines manual SEPG construction guided by rules and expert review, plus qualitative defenses categorized by their effect on error propagation. The work highlights practical constraints, dependencies on scenario and fusion, and the need for robust, scenario-aware defenses to mitigate end-to-end risk in real-world autonomous systems.
Abstract
Autonomous vehicles, including self driving cars, ground robots, and drones, rely on multi-modal sensor pipelines for safe operation, yet remain vulnerable to adversarial sensor attacks. A critical gap is the lack of a systematic end-to-end view of how sensor induced errors traverse interconnected modules to affect the physical world. To bridge the gap, we provide a comprehensive survey across platforms, sensing modalities, attack methods, and countermeasures. At its core is \Model (\modelAbbr), a graph-based illustrative framework that maps how attacks inject errors, the conditions for their propagation through modules from perception and localization to planning and control, and when they reach physical impact. From the systematic analysis, our study distills 8 key findings that highlight the feasibility challenges of sensor attacks and uncovers 12 previously overlooked attack vectors exploiting inter-module interactions, several of which we validate through proof-of-concept experiments.