Towards robust sensing for Autonomous Vehicles: An adversarial perspective

TL;DR

This paper surveys the vulnerabilities of autonomous vehicle sensors to adversarial perturbations, discusses existing attack methods and countermeasures, and highlights future research directions for enhancing sensing robustness.

Contribution

It provides a comprehensive review of adversarial attacks on AV sensors, evaluates current defenses, and outlines future challenges in building robust sensing systems.

Findings

Adversarial perturbations can significantly compromise sensor data integrity.

Current countermeasures include detection and robustness enhancement techniques.

Future research needs to address adaptive attacks and real-world applicability.

Abstract

Autonomous Vehicles rely on accurate and robust sensor observations for safety critical decision-making in a variety of conditions. Fundamental building blocks of such systems are sensors and classifiers that process ultrasound, RADAR, GPS, LiDAR and camera signals~\cite{Khan2018}. It is of primary importance that the resulting decisions are robust to perturbations, which can take the form of different types of nuisances and data transformations, and can even be adversarial perturbations (APs). Adversarial perturbations are purposefully crafted alterations of the environment or of the sensory measurements, with the objective of attacking and defeating the autonomous systems. A careful evaluation of the vulnerabilities of their sensing system(s) is necessary in order to build and deploy safer systems in the fast-evolving domain of AVs. To this end, we survey the emerging field of sensing in adversarial settings: after reviewing adversarial attacks on sensing modalities for autonomous systems, we discuss countermeasures and present future research directions.