Phantom of the ADAS: Securing Advanced Driver-Assistance Systems from Split-Second Phantom Attacks

Nassi, Ben; Mirsky, Yisroel; Nassi, Dudi; Ben-Netanel, Raz; Drokin, Oleg; Elovici, Yuval

doi:10.1145/3372297.3423359

Cited by 65 publications

(57 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A recent work [32] demonstrates that they can mislead Tesla Model S to the adjacent lane by putting several small stickers on the road without the original lane line. Phantom attack [36] also demonstrates that they can mislead Tesla Model S by projecting fake lane lines from a drone in the nighttime. The drawing-lane-line attack is not as effective as the DRP attack based on our experience, but its vulnerability to this attack is more severe because of its ease of deployability.…”

Section: Physical-world Attacks For Automated Lane Centering Systemmentioning

confidence: 99%

On Robustness of Lane Detection Models to Physical-World Adversarial Attacks in Autonomous Driving

Sato,

Chen

2021

Preprint

View full text Add to dashboard Cite

After the 2017 TuSimple Lane Detection Challenge, its evaluation based on accuracy and F1 score has become the de facto standard to measure the performance of lane detection methods. In this work, we conduct the first large-scale empirical study to evaluate the robustness of state-of-the-art lane detection methods under physical-world adversarial attacks in autonomous driving. We evaluate 4 major types of lane detection approaches with the conventional evaluation and end-to-end evaluation in autonomous driving scenarios, and then discuss the security proprieties of each lane detection model. We demonstrate that the conventional evaluation fails to reflect the robustness in end-to-end autonomous driving scenarios. Our results show that the most robust model on the conventional metrics is the least robust in the end-to-end evaluation. Although the competition dataset and its metrics have played a substantial role in developing performant lane detection methods along with the rapid development of deep neural networks, the conventional evaluation is becoming obsolete and the gap between the metrics and practicality is critical. We hope that our study will help the community make further progress in building a more comprehensive framework to evaluate lane detection models.Preprint. Under review.

show abstract

Section: Physical-world Attacks For Automated Lane Centering Systemmentioning

confidence: 99%

On Robustness of Lane Detection Models to Physical-World Adversarial Attacks in Autonomous Driving

Sato,

Chen

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…As future work, we suggest to test whether camera spoofing can be applied by embedding a traffic sign to an advertisement presented on a digital billboard in an invisible manner (e.g., by flashing the traffic sign for a split second) [11]. We also suggest examining whether the attack can be applied using infrared projection, exploiting the fact that a narrow spectrum of frequencies, the near infrared, is also captured by some CMOS sensors (this fact was exploited to establish an optical covert channel [12] and to break the confidentiality of FPV channel of commercial drones [13], [14]).…”

Section: Future Workmentioning

confidence: 99%

Spoofing Mobileye 630’s Video Camera Using a Projector

Nassi¹,

Nassi²,

Ben-Netanel³

et al. 2021

Proceedings Third International Workshop on Automotive and Autonomous Vehicle Security

Self Cite

View full text Add to dashboard Cite

“…Meanwhile, these defenses are not designed for arbitrarily large perturbations in a 3D environment. Moreover, even though the defense model proposed in [35] can defend against large perturbations in terms of 2D object classification, DoubleStar could evade such defense as it targets at attacking the 3D depth perception. Designing a defense model towards the 3D adversarial attacks will be our future work.…”

Section: Countermeasurementioning

confidence: 99%

“…The recent rise in the popularity of drones and self-driving vehicles helps drive OA's prevalence, while the potential risks of OA algorithms warrants further research. Although the community produced a wealth of security research on autonomous systems over the years [5,29,35,43,44,47,50,64], one sensing modality that is nearly omnipresent in modern OA, the stereo camera [61] (a.k.a., 3D depth camera), has mostly been overlooked. In this work, we expose the security risk of stereo cameras for the first time and propose a new attack, DoubleStar, which targets the depth estimation -one of the core functionalities of stereo cameras.…”

Section: Introductionmentioning

confidence: 99%

DoubleStar: Long-Range Attack Towards Depth Estimation based Obstacle Avoidance in Autonomous Systems

Zhou,

Yan,

Shi

et al. 2021

Preprint

View full text Add to dashboard Cite

Depth estimation-based obstacle avoidance has been widely adopted by autonomous systems (drones and vehicles) for safety purpose. It normally relies on a stereo camera to automatically detect obstacles and make flying/driving decisions, e.g., stopping several meters ahead of the obstacle in the path or moving away from the detected obstacle. In this paper, we explore new security risks associated with the stereo visionbased depth estimation algorithms used for obstacle avoidance. By exploiting the weaknesses of the stereo matching in depth estimation algorithms and the lens flare effect in optical imaging, we propose DoubleStar, a long-range attack that injects fake obstacle depth by projecting pure light from two complementary light sources.

show abstract

Phantom of the ADAS: Securing Advanced Driver-Assistance Systems from Split-Second Phantom Attacks

Cited by 65 publications

References 19 publications

On Robustness of Lane Detection Models to Physical-World Adversarial Attacks in Autonomous Driving

On Robustness of Lane Detection Models to Physical-World Adversarial Attacks in Autonomous Driving

Spoofing Mobileye 630’s Video Camera Using a Projector

DoubleStar: Long-Range Attack Towards Depth Estimation based Obstacle Avoidance in Autonomous Systems

Contact Info

Product

Resources

About