Preventing Adversarial AI Attacks Against Autonomous Situational Awareness: A Maritime Case Study

TL;DR

This paper introduces the Data Fusion Cyber Resilience (DFCR) method, a novel defense strategy combining multiple data inputs and security metrics to significantly improve the resilience of maritime autonomous systems against adversarial AI attacks.

Contribution

The paper proposes the DFCR approach, integrating data fusion and security metrics to enhance AI system resilience beyond traditional model-level defenses, validated through real-world maritime demonstrations.

Findings

DFCR reduces loss by up to 35% against perturbation attacks

Achieves 100% loss reduction against adversarial patches and spoofing

Enhances decision-making even when traditional defenses are compromised

Abstract

Adversarial artificial intelligence (AI) attacks pose a significant threat to autonomous transportation, such as maritime vessels, that rely on AI components. Malicious actors can exploit these systems to deceive and manipulate AI-driven operations. This paper addresses three critical research challenges associated with adversarial AI: the limited scope of traditional defences, inadequate security metrics, and the need to build resilience beyond model-level defences. To address these challenges, we propose building defences utilising multiple inputs and data fusion to create defensive components and an AI security metric as a novel approach toward developing more secure AI systems. We name this approach the Data Fusion Cyber Resilience (DFCR) method, and we evaluate it through real-world demonstrations and comprehensive quantitative analyses, comparing a system built with the DFCR method against single-input models and models utilising existing state-of-the-art defences. The findings show that the DFCR approach significantly enhances resilience against adversarial machine learning attacks in maritime autonomous system operations, achieving up to a 35\% reduction in loss for successful multi-pronged perturbation attacks, up to a 100\% reduction in loss for successful adversarial patch attacks and up to 100\% reduction in loss for successful spoofing attacks when using these more resilient systems. We demonstrate how DFCR and DFCR confidence scores can reduce adversarial AI contact confidence and improve decision-making by the system, even when typical adversarial defences have been compromised. Ultimately, this work contributes to the development of more secure and resilient AI-driven systems against adversarial attacks.