Detecting Adversarial Examples in Learning-Enabled Cyber-Physical Systems using Variational Autoencoder for Regression

TL;DR

This paper presents a novel method using variational autoencoders and conformal prediction to efficiently detect adversarial examples in regression tasks within cyber-physical systems, enhancing safety and robustness.

Contribution

It introduces a new approach combining variational autoencoders and conformal prediction for detecting adversarial inputs in regression-based cyber-physical systems.

Findings

Effective detection of adversarial examples in simulated self-driving car scenarios.

Short detection delay achieved in identifying out-of-distribution inputs.

Method improves robustness of learning-enabled components in CPS.

Abstract

Learning-enabled components (LECs) are widely used in cyber-physical systems (CPS) since they can handle the uncertainty and variability of the environment and increase the level of autonomy. However, it has been shown that LECs such as deep neural networks (DNN) are not robust and adversarial examples can cause the model to make a false prediction. The paper considers the problem of efficiently detecting adversarial examples in LECs used for regression in CPS. The proposed approach is based on inductive conformal prediction and uses a regression model based on variational autoencoder. The architecture allows to take into consideration both the input and the neural network prediction for detecting adversarial, and more generally, out-of-distribution examples. We demonstrate the method using an advanced emergency braking system implemented in an open source simulator for self-driving cars where a DNN is used to estimate the distance to an obstacle. The simulation results show that the method can effectively detect adversarial examples with a short detection delay.