Adversarial Robustness Analysis of Cloud-Assisted Autonomous Driving Systems

TL;DR

This paper evaluates vulnerabilities in cloud-assisted autonomous vehicles by testing perception and control under adversarial attacks and network impairments, revealing significant safety risks.

Contribution

It introduces a hardware-in-the-loop testbed to analyze cross-layer vulnerabilities in cloud-based autonomous driving systems under adversarial and network disruptions.

Findings

Adversarial attacks significantly reduce perception accuracy, with PGD lowering detection metrics from 0.73/0.68 to 0.22/0.15.

Network delays of 150-250 ms and packet loss rates of 0.5-5% destabilize control and cause rule violations.

Results emphasize the importance of cross-layer resilience in cloud-assisted autonomous driving.

Abstract

Autonomous vehicles increasingly rely on deep learning-based perception and control, which impose substantial computational demands. Cloud-assisted architectures offload these functions to remote servers, enabling enhanced perception and coordinated decision-making through the Internet of Vehicles (IoV). However, this paradigm introduces cross-layer vulnerabilities, where adversarial manipulation of perception models and network impairments in the vehicle-cloud link can jointly undermine safety-critical autonomy. This paper presents a hardware-in-the-loop IoV testbed that integrates real-time perception, control, and communication to evaluate such vulnerabilities in cloud-assisted autonomous driving. A YOLOv8-based object detector deployed on the cloud is subjected to whitebox adversarial attacks using the Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD), while network adversaries induce delay and packet loss in the vehicle-cloud loop. Results show that adversarial perturbations significantly degrade perception performance, with PGD reducing detection precision and recall from 0.73 and 0.68 in the clean baseline to 0.22 and 0.15 at epsilon= 0.04. Network delays of 150-250 ms, corresponding to transient losses of approximately 3-4 frames, and packet loss rates of 0.5-5 % further destabilize closed-loop control, leading to delayed actuation and rule violations. These findings highlight the need for cross-layer resilience in cloud-assisted autonomous driving systems.