2022
DOI: 10.48550/arxiv.2203.05314
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

SoK: On the Semantic AI Security in Autonomous Driving

Abstract: Autonomous Driving (AD) systems rely on AI components to make safety and correct driving decisions. Unfortunately, today's AI algorithms are known to be generally vulnerable to adversarial attacks. However, for such AI component-level vulnerabilities to be semantically impactful at the system level, it needs to address non-trivial semantic gaps both (1) from the system-level attack input spaces to those at AI component level, and (2) from AI component-level attack impacts to those at the system level. In this … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
13
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
4
1

Relationship

0
5

Authors

Journals

citations
Cited by 5 publications
(13 citation statements)
references
References 90 publications
(231 reference statements)
0
13
0
Order By: Relevance
“…Notably, the literature has not thoroughly evaluated the robustness of commercial e-commerce ranking systems or delineated the distinction between real-world and manipulated queries. Commercial ranking systems, such as Google or Amazon, often exhibit greater robustness than standalone ML models [12,44,53]. For example, these systems usually include query rewrite, auto-completion, and search facet to create a smooth search journey, which can potentially avoid the robustness problem from tweaking characters [27] in the input.…”
Section: Methodology 31 Ranking Modelmentioning
confidence: 99%
See 1 more Smart Citation
“…Notably, the literature has not thoroughly evaluated the robustness of commercial e-commerce ranking systems or delineated the distinction between real-world and manipulated queries. Commercial ranking systems, such as Google or Amazon, often exhibit greater robustness than standalone ML models [12,44,53]. For example, these systems usually include query rewrite, auto-completion, and search facet to create a smooth search journey, which can potentially avoid the robustness problem from tweaking characters [27] in the input.…”
Section: Methodology 31 Ranking Modelmentioning
confidence: 99%
“…Thus, recent research has focused on ranking robustness by generating adversarial examples to evaluate the model's response disparities [15,28,30,31]. However, these works have limitations: ignore evaluation in commercialized ranking systems, which is generally more robust than ML models [12,44,53], and fail to substantiate the relevance between realworld and manipulated queries. To overcome the first limitation above, we perform the first systematic investigation into the robustness of a leading commercialized e-commerce ranking system.…”
Section: Introductionmentioning
confidence: 99%
“…However, we found that system-level evaluation is generally lacking in existing works. Specifically, one of our ongoing works analyzes recent AI security and safety works [36] aimed at creating system-level impact on AD systems in recent 5 years published in commonly-recognized top-tier venues [2] in closely-related fields to AD AI (i.e., security, Computer Vision (CV), Machine Learning (ML), AI, and robotics), as well as a few well-known works published in arXiv and other venues based on our best knowledge. Particularly, for the top-tier venues, we exhaustively search over the paper lists from 2017 to 2021 to find the ones that fall into our scope above.…”
Section: Workhop On Automotive and Autonomous Vehicle Security (Autos...mentioning
confidence: 99%
“…For these vehicles, camera-based perception is pivotal, enabling them to detect real-time environmental objects such as pedestrians to ensure safety. Given its significance for safety and security, various prior works (Cao et al 2021;Shen et al 2022;Sato et al 2021a;Wang et al 2023) have studied its security, especially on integrity such as making the object vanished or changing the label of the objects to cause traffic rule violations or safety hazards. We refer to these as system-level effects throughout this paper.…”
Section: Introductionmentioning
confidence: 99%
“…While some existing AD security analysis has studied availability in object detection (Shapira et al 2023;Chen et al 2023), they do not encompass the entire AD perception since usually, object detection is a part of the AD perception (Jia et al 2020). In addition, in the Cyber-Physical System area, it is widely recognized that small component level errors do not necessarily lead to systemlevel effects (Shen et al 2022;Wang et al 2023). Thus, these studies leave a critical research gap: their proposed attack strategies may not be effective enough to conduct systemlevel effects in end-to-end AD systems.…”
Section: Introductionmentioning
confidence: 99%