CPS: Small: Collaborative Research: SecureNN: Design of Secured Autonomous Cyber-Physical Systems Against Adversarial Machine Learning Attacks

CPS：小型：协作研究：SecureNN：针对对抗性机器学习攻击的安全自主网络物理系统的设计

• 批准号: 1932464
• 负责人: Qi Chen
• 金额: $ 25万
• 依托单位: University of California-Irvine
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-11-01 至 2023-10-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1932464&HistoricalAwards=false
• 关键词: CPS; Small; Collaborative; Research; SecureNN

Cyber-physical systems such as self-driving cars, drones, and intelligent transportation rely heavily on machine learning techniques for ever-increasing levels of autonomy. In the example of autonomous vehicles, deep learning or deep neural networks can be employed for perception, sensor fusion, prediction, planning, and control tasks. However powerful such machine learning techniques have become, they also expose a new attack surface, which may lead to vulnerability to adversarial attacks and potentially harmful consequences in security- and safety-critical scenarios. This project investigates adversarial machine learning challenges faced by autonomous cyber-physical systems with the aim of formulating defense strategies. The project will collaborate with the Center for STEM (Science, Technology, Engineering and Math) Education at Northeastern University and the Office of Access and Inclusion Center at University of California at Irvine to engage undergraduates, women, and minority students in independent research projects.This project is composed of two interdependent research thrusts, one for investigating adversarial attacks and one for devising countermeasures, aiming to secure the key deep learning-equipped software components of autonomous cyber-physical systems, such as perception, obstacle prediction, and vehicle planning and control. The main deep learning techniques of interest to autonomous cyber-physical systems include convolutional neural networks for detection, recurrent neural networks for prediction, and deep reinforcement learning for control. The technical innovations of the project include ADMM (Alternating Direction Method of Multipliers) based attack generation, concurrent adversarial training and model compression, and multi-sourced defense schemes incorporating adversarial training and ensemble learning. This project will implement and evaluate the proposed attack and defense approaches on real-world prototypes of autonomous cyber-physical systems for autonomous vehicles and unmanned aerial vehicles in the investigators' labs. The investigators will release all the developed models, algorithms, and software to GitHub to facilitate community usage.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

自动驾驶汽车、无人机和智能交通等网络物理系统严重依赖机器学习技术，以实现不断提高的自主水平。在自动驾驶车辆的示例中，深度学习或深度神经网络可以用于感知、传感器融合、预测、规划和控制任务。无论这些机器学习技术变得多么强大，它们也暴露了一个新的攻击面，这可能导致对抗性攻击的脆弱性，并在安全和安全关键场景中产生潜在的有害后果。该项目研究了自主网络物理系统面临的对抗性机器学习挑战，旨在制定防御策略。该项目将与STEM中心合作（科学、技术、工程和数学）教育和加州大学欧文分校的访问和包容中心办公室，让本科生、妇女和少数民族学生参与独立的研究项目。该项目由两个相互依存的研究主题组成，一个是调查对抗性攻击，另一个是制定对策，旨在保护自主网络物理系统的关键深度学习软件组件，例如感知，障碍物预测以及车辆规划和控制。自主网络物理系统感兴趣的主要深度学习技术包括用于检测的卷积神经网络，用于预测的递归神经网络和用于控制的深度强化学习。该项目的技术创新包括基于ADMM（Alternating Direction Method of Multipliers）的攻击生成、并发对抗训练和模型压缩，以及结合对抗训练和集成学习的多源防御方案。该项目将在研究人员的实验室中实施和评估针对自主车辆和无人机的自主网络物理系统的真实原型的拟议攻击和防御方法。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Towards Driving-Oriented Metric for Lane Detection Models

• DOI: 10.1109/cvpr52688.2022.01664
• 发表时间: 2022-03
• 期刊: 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)
• 作者: Takami Sato;Qi Alfred Chen

Infrastructure-Aided Defense for Autonomous Driving Systems: Opportunities and Challenges

自动驾驶系统的基础设施辅助防御：机遇与挑战

• 发表时间: 2022
• 期刊: NDSS Workshop on Automotive and Autonomous Vehicle Security (AutoSec
• 作者: Luo, Yunpeng;Wang, Ningfei;Yu, Bo;Liu, Shaoshan;Chen, Qi Alfred
• 通讯作者: Chen, Qi Alfred

Does Physical Adversarial Example Really Matter to Autonomous Driving? Towards System-Level Effect of Adversarial Object Evasion Attack

• DOI: 10.1109/iccv51070.2023.00407
• 发表时间: 2023-08
• 期刊: 2023 IEEE/CVF International Conference on Computer Vision (ICCV)
• 作者: Ningfei Wang;Y. Luo;Takami Sato;Kaidi Xu;Qi Alfred Chen

AVMaestro: A Centralized Policy Enforcement Framework for Safe Autonomous-driving Environments

AVMaetro：安全自动驾驶环境的集中式政策执行框架

• 发表时间: 2022
• 期刊: IEEE Intelligent Vehicles Symposium (IV
• 作者: Zhang, Ze;Singapuram, Sanjay;Zhang, Qingzhao;David, Ke Hong;Nguyen, Brandon;Mao, Z. Morley;Mahlke, Scott;Chen, Qi Alfred
• 通讯作者: Chen, Qi Alfred

Fooling Detection Alone is Not Enough: Adversarial Attack against Multiple Object Tracking

• 发表时间: 2020-04
• 作者: Yunhan Jia;Yantao Lu;Junjie Shen;Qi Alfred Chen;Hao Chen;Zhenyu Zhong;Tao Wei