A Taxonomy of System-Level Attacks on Deep Learning Models in Autonomous Vehicles

TL;DR

This paper introduces the first comprehensive taxonomy categorizing system-level attacks on autonomous vehicles' deep learning systems, analyzing attack features, affected components, threat models, and failure chains.

Contribution

It systematically classifies existing attacks on autonomous vehicle systems, providing a structured framework for understanding and analyzing such threats.

Findings

Identified key attack features and targeted components.

Mapped attack types to specific system failures.

Provided insights for practitioners and future research directions.

Abstract

The advent of deep learning and its astonishing performance has enabled its usage in complex systems, including autonomous vehicles. On the other hand, deep learning models are susceptible to mispredictions when small, adversarial changes are introduced into their input. Such mis-predictions can be triggered in the real world and can result in a failure of the entire system. In recent years, a growing number of research works have investigated ways to mount attacks against autonomous vehicles that exploit deep learning components. Such attacks are directed toward elements of the environment where these systems operate and their effectiveness is assessed in terms of system-level failures triggered by them. There has been however no systematic attempt to analyze and categorize such attacks. In this paper, we present the first taxonomy of system-level attacks against autonomous vehicles. We constructed our taxonomy by selecting 21 highly relevant papers, then we tagged them with 12 top-level taxonomy categories and several sub-categories. The taxonomy allowed us to investigate the attack features, the most attacked components and systems, the underlying threat models, and the failure chains from input perturbation to system-level failure. We distilled several lessons for practitioners and identified possible directions for future work for researchers.