July 26, 2021


Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

Dirty Road Can Attack: Security of Deep Learning based Automated Lane Centering under Physical-World Attack. (arXiv:2009.06701v2 [cs.CR] UPDATED)

Automated Lane Centering (ALC) systems are convenient and widely deployed
today, but also highly security and safety critical. In this work, we are the
first to systematically study the security of state-of-the-art deep learning
based ALC systems in their designed operational domains under physical-world
adversarial attacks. We formulate the problem with a safety-critical attack
goal, and a novel and domain-specific attack vector: dirty road patches. To
systematically generate the attack, we adopt an optimization-based approach and
overcome domain-specific design challenges such as camera frame
inter-dependencies due to attack-influenced vehicle control, and the lack of
objective function design for lane detection models.

We evaluate our attack on a production ALC using 80 scenarios from real-world
driving traces. The results show that our attack is highly effective with over
97.5% success rates and less than 0.903 sec average success time, which is
substantially lower than the average driver reaction time. This attack is also
found (1) robust to various real-world factors such as lighting conditions and
view angles, (2) general to different model designs, and (3) stealthy from the
driver’s view. To understand the safety impacts, we conduct experiments using
software-in-the-loop simulation and attack trace injection in a real vehicle.
The results show that our attack can cause a 100% collision rate in different
scenarios, including when tested with common safety features such as automatic
emergency braking. We also evaluate and discuss defenses.