Journal of Information Security Reserach ›› 2024, Vol. 10 ›› Issue (9): 786-.

    Next Articles

A Review of Adversarial Attack on Autonomous Driving Perception System

Gu Fangming1, Kuang Boyu2, Xu Yaqian3, and Fu Anmin1,2   

  1. 1(School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094)
    2(School of Cyber Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094)
    3(China Center for Information Industry Development, Beijing 100081)
  • Online:2024-09-25 Published:2024-09-29

面向自动驾驶感知系统的对抗样本攻击研究综述

顾芳铭1况博裕2许亚倩3付安民1,2   

  1. 1(南京理工大学计算机科学与工程学院南京210094)
    2(南京理工大学网络空间安全学院南京210094)
    3(中国电子信息产业发展研究院北京100081)
  • 通讯作者: 许亚倩 博士,副研究员.主要研究方向为ICT供应链安全、工业互联网安全. xuyaqian@ccidthinktank.com
  • 作者简介:顾芳铭 硕士研究生.主要研究方向为车联网安全和隐私保护. gfm9906@163.com 况博裕 博士.主要研究方向为物联网安全和车联网安全. kuang@njust.edu.cn 许亚倩 博士,副研究员.主要研究方向为ICT供应链安全、工业互联网安全. xuyaqian@ccidthinktank.com 付安民 博士,教授,博士生导师,CCF高级会员.主要研究方向为密码学以及隐私保护. fuam@njust.edu.cn

Abstract: The autonomous driving perception system collects surrounding environmental information through various sensors and processes this data to detect vehicles, pedestrians and obstacles, providing realtime foundational data for subsequent control and decisionmaking functions. Since sensors are directly connected to the external environment and often lack the ability to discern the credibility of inputs, the perception systems are  potential targets for various attacks. Among these, adversarial example attack is a mainstream attack method characterized by high concealment and harm. Attackers manipulate or forge input data of the perception system to deceive the perception algorithms, leading to incorrect output results by the system. Based on the research of existing relevant literature, this paper systematically summarizes the working methods of the autonomous driving perception system, analyzes the adversarial example attack schemes and defense strategies targeting the perception system. In particular, this paper subdivide the adversarial examples for the autonomous driving perception system into signalbased adversarial example attack scheme and objectbased adversarial example attack scheme. Additionally, the paper comprehensively discusses defense strategy of the adversarial example attack for the perception system, and subdivide it into anomaly detection, model defense, and physical defense. Finally, this paper prospects the future research directions of adversarial example attack targeting autonomous driving perception systems.

Key words: Internet of vehicle, autonomous driving, perception system, adversarial attack, security defenses

摘要: 自动驾驶感知系统通过多种传感器采集周围环境信息并进行数据处理,用于检测车辆、行人和障碍物等,为后续的控制决策功能提供实时的基础数据.由于传感器直接与外部环境相连,且其自身往往缺乏辨别输入可信度的能力,因此感知系统成为众多攻击的潜在目标.对抗样本攻击是一种具有高隐蔽性和危害性的主流攻击方式,攻击者通过篡改或伪造感知系统的输入数据,欺骗感知算法,导致系统产生错误的输出结果,从而严重威胁自动驾驶安全.系统总结分析了自动驾驶感知系统的工作方式和面向感知系统的对抗样本攻击进展.从基于信号的对抗样本攻击和基于实物的对抗样本攻击2方面对比分析了面向自动驾驶感知系统的对抗样本攻击方案.同时,从异常检测、模型防御和物理防御3个方面全面分析了面向感知系统的对抗样本攻击的防御策略.最后,给出了面向自动驾驶感知系统的对抗样本攻击未来研究方向.

关键词: 车联网, 自动驾驶, 感知系统, 对抗样本攻击, 安全防御

CLC Number: