Robust Deep Reinforcement Learning for Security and Safety in Autonomous Vehicle Systems

TL;DR

This paper develops a game-theoretic deep reinforcement learning framework to enhance the robustness of autonomous vehicle control systems against cyber-physical attacks on sensor data, ensuring safer and more reliable autonomous driving in smart cities.

Contribution

It introduces a novel adversarial deep reinforcement learning approach using LSTM to model and defend against cyber-physical attacks in autonomous vehicle systems.

Findings

The proposed RL algorithms effectively reduce sensor data manipulation impact.

Game-theoretic modeling captures attacker-defender interactions accurately.

Enhanced robustness improves safety and traffic flow in autonomous vehicle operations.

Abstract

To operate effectively in tomorrow's smart cities, autonomous vehicles (AVs) must rely on intra-vehicle sensors such as camera and radar as well as inter-vehicle communication. Such dependence on sensors and communication links exposes AVs to cyber-physical (CP) attacks by adversaries that seek to take control of the AVs by manipulating their data. Thus, to ensure safe and optimal AV dynamics control, the data processing functions at AVs must be robust to such CP attacks. To this end, in this paper, the state estimation process for monitoring AV dynamics, in presence of CP attacks, is analyzed and a novel adversarial deep reinforcement learning (RL) algorithm is proposed to maximize the robustness of AV dynamics control to CP attacks. The attacker's action and the AV's reaction to CP attacks are studied in a game-theoretic framework. In the formulated game, the attacker seeks to inject faulty data to AV sensor readings so as to manipulate the inter-vehicle optimal safe spacing and potentially increase the risk of AV accidents or reduce the vehicle flow on the roads. Meanwhile, the AV, acting as a defender, seeks to minimize the deviations of spacing so as to ensure robustness to the attacker's actions. Since the AV has no information about the attacker's action and due to the infinite possibilities for data value manipulations, the outcome of the players' past interactions are fed to long-short term memory (LSTM) blocks. Each player's LSTM block learns the expected spacing deviation resulting from its own action and feeds it to its RL algorithm. Then, the the attacker's RL algorithm chooses the action which maximizes the spacing deviation, while the AV's RL algorithm tries to find the optimal action that minimizes such deviation.