Security Analysis of Machine-Learning-Based Sensing in CAV Systems
Qi Alfred Chen
Z. Morley Mao
Lead Researcher(s)
Qi Alfred Chen
Z. Morley Mao
Professor of Electrical Engineering and Computer Science, College of Engineering
Project Team
Project Abstract
In connected and autonomous vehicle (CAV) systems, machine learning, especially deep learning, is used extensively to process sensor input into semantically meaningful road information, such as front cars and traffic signs. Previous work has shown that machine-learning models are vulnerable to maliciously manipulated input, but it is still unclear how such input can actually impact the machine-learning-based sensing in CAV systems. To fill this research gap, we propose to perform the first comprehensive security analysis of machine-learning-based sensing in CAV systems to systematically understand the vulnerability status and potential security challenges. We plan to first perform sensor attack analysis and input pre‑processing logic analysis to understand the capabilities and constraints of attacks in practice. Next, we will model the analysis results into mathematical perturbation functions, and use them as input to perform vulnerability analysis of the machine-learning models in CAV systems. For the discovered vulnerabilities, we plan to further conduct end‑to‑end experiments on real CAV systems (e.g., the Baidu Apollo system available in the Mcity Test Facility) to concretely demonstrate the security and safety implications in practice. Based on the insights, we will provide recommendations and guidelines to secure designs and implementations of machine-learning-based sensing in CAV systems.The project will produce novel analysis methodology for, results on, and insights into the cybersecurity of machine-learning-based sensing in CAVs, which can benefit both the system development and the system-testing processes in CAV industry.
Project Outcome
New analysis methodology for, quantitative results on, and defense insights into machine-learning-based sensor attacks in CAV systems; demonstration of newly discovered attacks on simulators and real vehicles.