Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

All Vehicles Can Lie: Efficient Adversarial Defense in Fully Untrusted-Vehicle Collaborative Perception via Pseudo-Random Bayesian Inference

Yi Yu, Libing Wu, Zhuangzhuang Zhang, Jing Qiu, Lijuan Huo, Jiaqi Feng

TL;DR

A novel Pseudo-Random Bayesian Inference (PRBI) framework is proposed, a first efficient defense method tailored for fully untrusted-vehicle CP, that employs a pseudo-random grouping strategy that requires only two verifications per frame, while applying Bayesian inference to estimate both the number and identities of malicious vehicles.

Abstract

Collaborative perception (CP) enables multiple vehicles to augment their individual perception capacities through the exchange of feature-level sensory data. However, this fusion mechanism is inherently vulnerable to adversarial attacks, especially in fully untrusted-vehicle environments. Existing defense approaches often assume a trusted ego vehicle as a reference or incorporate additional binary classifiers. These assumptions limit their practicality in real-world deployments due to the questionable trustworthiness of ego vehicles, the requirement for real-time detection, and the need for generalizability across diverse scenarios. To address these challenges, we propose a novel Pseudo-Random Bayesian Inference (PRBI) framework, a first efficient defense method tailored for fully untrusted-vehicle CP. PRBI detects adversarial behavior by leveraging temporal perceptual discrepancies, using the reliable perception from the preceding frame as a dynamic reference. Additionally, it employs a pseudo-random grouping strategy that requires only two verifications per frame, while applying Bayesian inference to estimate both the number and identities of malicious vehicles. Theoretical analysis has proven the convergence and stability of the proposed PRBI framework. Extensive experiments show that PRBI requires only 2.5 verifications per frame on average, outperforming existing methods significantly, and restores detection precision to between 79.4% and 86.9% of pre-attack levels.

All Vehicles Can Lie: Efficient Adversarial Defense in Fully Untrusted-Vehicle Collaborative Perception via Pseudo-Random Bayesian Inference

TL;DR

A novel Pseudo-Random Bayesian Inference (PRBI) framework is proposed, a first efficient defense method tailored for fully untrusted-vehicle CP, that employs a pseudo-random grouping strategy that requires only two verifications per frame, while applying Bayesian inference to estimate both the number and identities of malicious vehicles.

Abstract

Collaborative perception (CP) enables multiple vehicles to augment their individual perception capacities through the exchange of feature-level sensory data. However, this fusion mechanism is inherently vulnerable to adversarial attacks, especially in fully untrusted-vehicle environments. Existing defense approaches often assume a trusted ego vehicle as a reference or incorporate additional binary classifiers. These assumptions limit their practicality in real-world deployments due to the questionable trustworthiness of ego vehicles, the requirement for real-time detection, and the need for generalizability across diverse scenarios. To address these challenges, we propose a novel Pseudo-Random Bayesian Inference (PRBI) framework, a first efficient defense method tailored for fully untrusted-vehicle CP. PRBI detects adversarial behavior by leveraging temporal perceptual discrepancies, using the reliable perception from the preceding frame as a dynamic reference. Additionally, it employs a pseudo-random grouping strategy that requires only two verifications per frame, while applying Bayesian inference to estimate both the number and identities of malicious vehicles. Theoretical analysis has proven the convergence and stability of the proposed PRBI framework. Extensive experiments show that PRBI requires only 2.5 verifications per frame on average, outperforming existing methods significantly, and restores detection precision to between 79.4% and 86.9% of pre-attack levels.
Paper Structure (26 sections, 2 theorems, 23 equations, 7 figures, 7 tables, 1 algorithm)

This paper contains 26 sections, 2 theorems, 23 equations, 7 figures, 7 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Attack Formulation
  4. Attack Model
  5. Problem Formulation
  6. PRBI Defense Method
  7. Defense Challenges and Key Findings
  8. PRBI Overview
  9. PRBI Framework Design
  10. Theoretical Results
  11. Experiments
  12. Experimental Setups
  13. Defense Effectiveness
  14. Algorithm Convergence
  15. Probability Trend of Vehicles
  16. ...and 11 more sections

Key Result

Theorem 1

Under the pseudo-random grouping strategy, the estimated number of attackers $m$ will monotonically converge to the true number of attackers $k$.

Figures (7)

  • Figure 1: The Pseudo-Random Bayesian Inference (PRBI) framework methodology overview.
  • Figure 2: Visualization of defense performance with green boxes for ground truth and red boxes for predictions.
  • Figure 3: Convergence behavior of $m$ with total 6 vehicles under different rounding strategies. The blue solid line denotes the value of $m$ calculated using \ref{['eq:m_compute']}, the green dashed line marks the true number of attackers $k$, and the red dashed line represents the theoretically derived convergence value in \ref{['thm:rounding']}.
  • Figure 4: The convergence characteristics of PRBI's frame-by-frame estimation of the calculated malicious vehicles number $m$.
  • Figure 5: The probability of malicious behavior for all vehicles under varying numbers of attackers.
  • ...and 2 more figures

Theorems & Definitions (2)

  • Theorem 1: Convergence of $m$ to $k$
  • Theorem 2: Effect of Rounding Strategy