Skip to main content
SpringerLink
Log in

Potential cyber threats of adversarial attacks on autonomous driving models

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

A Correction to this article was published on 10 August 2023

This article has been updated

Abstract

Autonomous Vehicles (CAVs) are currently seen as a viable alternative to traditional vehicles. However, CAVs will face serious cyber threats because many components of the driving system are based on machine learning models and are vulnerable to adversary attacks. We have reviewed the scientific literature and highlighted the main types of disruptive attacks on autonomous driving models that pose potential threats to CAVs. In this paper, we have compiled a dataset with traffic sign images obtained from public sources. We made experiments in which we distorted the original images and used them to train deep neural network-based classification models. The experiments demonstrated a possible threat to traffic sign recognition by autonomous vehicles. This work can give researchers and engineers a better understanding of the current state and trends in CAV security for their future use.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Change history

Notes

  1. Roadmap for the development of "end-to-end" digital technology "Neurotechnology and Artificial Intelligence", URL: https://digital.gov.ru/ru/activity/directions/1046/.

  2. Concepts of road safety with unmanned vehicles on public roads, URL: http://www.consultant.ru/document/cons_doc_LAW_348679/.

  3. Cleaned Russian traffic sign images dataset, URL: https://huggingface.co/datasets/eleldar/rtsd_cleaned.

  4. Russian traffic sign images dataset, URL: https://www.kaggle.com/datasets/watchman/rtsd-dataset.

  5. Traffic sign recognition, URL: https://graphics.cs.msu.ru/projects/traffic-sign-recognition.html.

References

  1. Kim, K., Kim, J.S., Jeong, S., Park, J.H., Kim, H.K.: Cybersecurity for autonomous vehicles: review of attacks and defense. Comput. Secur. 103, 102150 (2021). https://doi.org/10.1016/j.cose.2020.102150

    Article  Google Scholar 

  2. Gao, Y., Kim, Y., Doan, B.G., Zhang, Z., Zhang, G., Nepal, S., Ranasinghe, D., Kim, H.: Design and evaluation of a multi-domain trojandetection method on deep neural networks. IEEE Trans. Depend. Secure Comput. (2021). https://doi.org/10.1109/TDSC.2021.3055844

    Article  Google Scholar 

  3. Zhang, X., Gupta, R., Mian, A., Rahnavard, N., Shah, M.: Cassandra: Detecting trojaned networks from adversarial perturbations. IEEE Access (2021). https://doi.org/10.1109/ACCESS.2021.3101289

    Article  Google Scholar 

  4. Manivasakan, H., Kalra, R., O’Hern, S., Fang, Y., Xi, Y., Zheng, N.: Infrastructure requirement for autonomous vehicle integration for future urban and suburban roads - current practice and a case study of melbourne, australia. Transp. Res. Part A: Policy Pract. 152, 36–53 (2021). https://doi.org/10.1016/j.tra.2021.07.012

    Article  Google Scholar 

  5. Lee, D., Hess, D.J.: Regulations for on-road testing of connected and automated vehicles: assessing the potential for global safety harmonization. Transp. Res. Part A Policy Pract. 136, 85–98 (2020). https://doi.org/10.1016/j.tra.2020.03.026

    Article  Google Scholar 

  6. Feng, D., Haase-Schutz, C., Rosenbaum, L., Hertlein, H., Glaser, C., Timm, F., Wiesbeck, W., Dietmayer, K.: Deep multi-modal object detection and semantic segmentation for autonomous driving: Datasets, methods, and challenges. IEEE Trans. Intell. Transp. Syst. (2021). https://doi.org/10.1109/TITS.2020.2972974

    Article  Google Scholar 

  7. Chowdhury, A., Karmakar, G., Kamruzzaman, J., Jolfaei, A., Das, R.: Attacks on self-driving cars and their countermeasures: a survey. IEEE Access 8, 207308–207342 (2020). https://doi.org/10.1109/ACCESS.2020.3037705

    Article  Google Scholar 

  8. Pham, M., Xiong, K.: A survey on security attacks and defense techniques for connected and autonomous vehicles. Comput. Secur. 109, 102269 (2021). https://doi.org/10.1016/j.cose.2021.102269

    Article  Google Scholar 

  9. Wang, Y., Sarkar, E., Li, W., Maniatakos, M., Jabari, S.E.: Stop-and-go: Exploring backdoor attacks on deep reinforcement learning-based traffic congestion control systems. IEEE Trans. Inf. Forens. Secur. (2021). https://doi.org/10.1109/TIFS.2021.3114024

    Article  Google Scholar 

  10. Abdel-Basset, M., Gamal, A., Moustafa, N., Abdel-Monem, A., El-Saber, N.: A security-by-design decision-making model for risk management in autonomous vehicles. IEEE Access (2021). https://doi.org/10.1109/ACCESS.2021.3098675

    Article  Google Scholar 

  11. Deng, Y., Zhang, T., Lou, G., Zheng, X., Jin, J., Han, Q.L.: Deep learning-based autonomous driving systems: A survey of attacks and defenses. IEEE Trans. Ind. Inform. (2021). https://doi.org/10.1109/TII.2021.3071405

    Article  Google Scholar 

  12. Pitropakis, N., Panaousis, E., Giannetsos, T., Anastasiadis, E., Loukas, G.: A taxonomy and survey of attacks against machine learning. Comput. Sci. Rev. 34, 100199 (2019). https://doi.org/10.1016/j.cosrev.2019.100199

    Article  MathSciNet  Google Scholar 

  13. Sharma, O., Sahoo, N.C., Puhan, N.B.: Recent advances in motion and behavior planning techniques for software architecture of autonomous vehicles: a state-of-the-art survey. Eng. Appl. Artif. Intell. 104211, 101 (2021). https://doi.org/10.1016/j.engappai.2021.104211

    Article  Google Scholar 

  14. Torre, G.D.L., Rad, P., Choo, K.K.R.: Driverless vehicle security: challenges and future research opportunities. Future Gener. Comput. Syst. 108, 1092–1111 (2020). https://doi.org/10.1016/j.future.2017.12.041

    Article  Google Scholar 

  15. Cui, J., Liew, L.S., Sabaliauskaite, G., Zhou, F.: A review on safety failures, security attacks, and available countermeasures for autonomous vehicles. Ad Hoc Netw. 90, 101823 (2019). https://doi.org/10.1016/j.adhoc.2018.12.006

    Article  Google Scholar 

  16. Liu, Y., Ma, X., Bailey, J., Lu, F.: Reflection backdoor: A natural backdoor attack on deep neural networks, vol. 12355 LNCS (2020). https://doi.org/10.1007/978-3-030-58607-2_11

  17. Chen, X., Ma, Y.N., Lu, S.W., Yao, Y.: Boundary augment: a data augment method to defend poison attack. IET Image Process. (2021). https://doi.org/10.1049/ipr2.12325

    Article  Google Scholar 

  18. Rehman, H., Ekelhart, A., Mayer, R.: Backdoor attacks in neural networks - a systematic evaluation on multiple traffic sign datasets, vol. 11713 LNCS (2019). https://doi.org/10.1007/978-3-030-29726-8_18

  19. Zhang, Z., Huang, S., Liu, X., Zhang, B., Dong, D.: Adversarial attacks on yolact instance segmentation. Comput. Secur. 116, 102682 (2022). https://doi.org/10.1016/j.cose.2022.102682

    Article  Google Scholar 

  20. Zhang, Q., Zhao, Y., Wang, Y., Baker, T., Zhang, J., Hu, J.: Towards cross-task universal perturbation against black-box object detectors in autonomous driving. Comput. Netw. 180, 107388 (2020). https://doi.org/10.1016/j.comnet.2020.107388

    Article  Google Scholar 

  21. Li, Y., Xu, X., Xiao, J., Li, S., Shen, H.T.: Adaptive square attack: fooling autonomous cars with adversarial traffic signs. IEEE Internet Things J. (2021). https://doi.org/10.1109/JIOT.2020.3016145

    Article  Google Scholar 

  22. Chen, S.T., Cornelius, C., Martin, J., Chau, D.H.P.: Shapeshifter: Robust physical adversarial attack on faster r-cnn object detector, vol. 11051 LNAI (2019). https://doi.org/10.1007/978-3-030-10925-7_4

  23. Xu, X., Zhang, J., Li, Y., Wang, Y., Yang, Y., Shen, H.T.: Adversarial attack against urban scene segmentation for autonomous vehicles. IEEE Trans. Ind. Inform. (2021). https://doi.org/10.1109/TII.2020.3024643

    Article  Google Scholar 

  24. Andriushchenko, M., Croce, F., Flammarion, N., Hein, M.: Square attack: A query-efficient black-box adversarial attack via random search, vol. 12368 LNCS, (2020). https://doi.org/10.1007/978-3-030-58592-1_29

  25. Sheehan, B., Murphy, F., Mullins, M., Ryan, C.: Connected and autonomous vehicles: a cyber-risk classification framework. Transp. Res. Part A: Policy Pract. 124, 523–536 (2019). https://doi.org/10.1016/j.tra.2018.06.033

    Article  Google Scholar 

  26. Cheng, K., Zhou, Y., Chen, B., Wang, R., Bai, Y., Liu, Y.: Guardauto: a decentralized runtime protection system for autonomous driving. IEEE Trans. Comput. (2021). https://doi.org/10.1109/TC.2020.3018329

    Article  MATH  Google Scholar 

  27. Zhang, J., Lou, Y., Wang, J., Wu, K., Lu, K., Jia, X.: Evaluating adversarial attacks on driving safety in vision-based autonomous vehicles. IEEE Internet Things J. 9(5), 3443–3456 (2022). https://doi.org/10.1109/JIOT.2021.3099164

    Article  Google Scholar 

  28. He, Y., Huang, K., Zhang, G., Yu, F.R., Chen, J., Li, J.: Bift: A blockchain-based federated learning system for connected and autonomous vehicles. IEEE Internet Things J. (2021). https://doi.org/10.1109/JIOT.2021.3135342

    Article  Google Scholar 

  29. Wang, X., Cai, M., Sohel, F., Sang, N., Chang, Z.: Adversarial point cloud perturbations against 3d object detection in autonomous driving systems. Neurocomputing (2021). https://doi.org/10.1016/j.neucom.2021.09.027

    Article  Google Scholar 

  30. Chen, C., Huang, T.: Camdar-adv: generating adversarial patches on 3d object. Int. J. Intell. Syst. (2021). https://doi.org/10.1002/int.22349

    Article  Google Scholar 

  31. Boloor, A., Garimella, K., He, X., Gill, C., Vorobeychik, Y., Zhang, X.: Attacking vision-based perception in end-to-end autonomous driving models. J. Syst. Architect. 110, 101766 (2020). https://doi.org/10.1016/j.sysarc.2020.101766

    Article  Google Scholar 

  32. Chy, M.K.A., Masum, A.K.M., Sayeed, K.A.M., Uddin, M.Z.: Delicar: A smart deep learning based self driving product delivery car in perspective of bangladesh. Sensors (2022). https://doi.org/10.3390/s22010126

    Article  Google Scholar 

  33. Kang, Y., Yin, H., Berger, C.: Test your self-driving algorithm: an overview of publicly available driving datasets and virtual testing environments. IEEE Trans. Intell. Veh. (2019). https://doi.org/10.1109/TIV.2018.2886678

    Article  Google Scholar 

  34. Huang, X., Wang, P., Cheng, X., Zhou, D., Geng, Q., Yang, R.: The apolloscape open dataset for autonomous driving and its application. IEEE Transactions on Pattern Analysis and Machine Intelligence, 42(2), (2020), https://doi.org/10.1109/TPAMI.2019.2926463

  35. Singh, G., Akrigg, S., Maio, M.D., Fontana, V., Alitappeh, R.J., Khan, S., Saha, S., Jeddisaravi, K., Yousefi, F., Culley, J., Nicholson, T., Omokeowa, J., Grazioso, S., Bradley, A., Gironimo, G.D., Cuzzolin, F.: Road: The road event awareness dataset for autonomous driving. IEEE Trans. Pattern Anal. Mach. Intell. (2022). https://doi.org/10.1109/TPAMI.2022.3150906

    Article  Google Scholar 

  36. Yerznkyan, B., Gataullin, T., Gataullin, S.: Mathematical aspects of synergy. search.proquest.com. https://doi.org/10.14254/1800-5845/2022.18-3.16

  37. Gataullin, T.M., Gataullin, S.T.: Endpoint functions: mathematical apparatus and economic applications. Math. Notes 112, 656–663 (2022). https://doi.org/10.1134/S0001434622110037

    Article  MathSciNet  MATH  Google Scholar 

  38. Barotov, D., Osipov, A., Korchagin, S., Pleshakova, E., Muzafarov, D., Barotov, R., Serdechnyy, D.: Transformation method for solving system of Boolean algebraic equations. Mathematics (2021). https://doi.org/10.3390/math9243299

  39. Kositzyn, A., Serdechnyy, D., Korchagin, S., Pleshakova, E., Nikitin, P., Kurileva, N.: Mathematical modeling, analysis and evaluation of the complexity of flight paths of groups of unmanned aerial vehicles in aviation and transport systems. Mathematics (2021). https://doi.org/10.3390/math9172171

    Article  Google Scholar 

  40. Andriyanov, N., Khasanshin, I., Utkin, D., Gataullin, T., Ignar, S., Shumaev, V., Soloviev, V.: Intelligent system for estimation of the spatial position of apples based on yolov3 and real sense depth camera d415. Symmetry (2022). https://doi.org/10.3390/sym14010148

    Article  Google Scholar 

  41. Maaz, M., Shaker, A., Cholakkal, H., Khan, S., Zamir, S.W., Anwer, R.M., Khan, F.S.: Edgenext: Efficiently amalgamated cnn-transformer architecture for mobile vision applications (2022)

Download references

Author information

Authors and Affiliations

  1. Department of Data Analysis and Machine Learning, Financial University under the Government of the Russian Federation, 4-th Veshnyakovsky Passage, 4, Moscow, Russia, 109456

    Eldar Boltachev

Authors
  1. Eldar Boltachev
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eldar Boltachev.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

The original online version of this article was revised: In this article Reference 36 and 37 was wrongly given. it has been corrected.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Boltachev, E. Potential cyber threats of adversarial attacks on autonomous driving models. J Comput Virol Hack Tech (2023). https://doi.org/10.1007/s11416-023-00486-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11416-023-00486-x

Keywords

Search

Navigation