CAREER: Securing the AI Stack in Autonomous CPS under Physical-Layer Attacks: A Systems Perspective

职业：在物理层攻击下保护自治 CPS 中的 AI 堆栈：系统视角

• 批准号: 2145493
• 负责人: Qi Chen
• 金额: $ 52.34万
• 依托单位: University of California-Irvine
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-07-01 至 2027-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2145493&HistoricalAwards=false
• 关键词: CAREER; Securing; AI; Stack; Autonomous

Recent years have witnessed a massive surge in real-world development and deployment of autonomous cyber-physical systems such as autonomous driving cars and delivery drones/robots. To achieve high-level autonomy in complex environments, the Artificial Intelligence (AI) stack plays a central role, a type of “brain,” which makes them highly security-critical. Prior works have studied adversarial attacks against AI algorithms used in autonomous cyber-physical systems, but mostly focus on the AI algorithm-level security properties in complete or partial isolation of the physical context. As these algorithms are only components of the entire system, however, it is both more practically meaningful and effective to study and address their security problems from a systems perspective, especially when under the more general and fundamental physical-layer attack model. This project aims to create a suite of systematic methodologies, solution frameworks, and platforms that can achieve system-level security analysis and defense designs for the AI component of autonomous cyber-physical systems under physical-layer attacks. With the growing deployment and commercialization of autonomous cyber-physical systems in the real world, success in this should directly benefit the safety of everyday lives.This project consists of two research thrusts to cover both the attack and defense sides of the proposed system-level security research. First, to enable system-level security analysis, this project will develop novel system-to-AI and AI-to-system mapping methodologies, by overcoming various design challenges such as systematically maintaining physical realizability and semantic equivalency in physical-layer attack generation, and effectively accommodating the diversity of real-world system designs and implementations. Second, to develop system-level defense designs, this project will systematically identify and leverage novel design opportunities from both individual system and the operation ecosystem perspectives, including new classes of physical invariants, novel attack-resilient sensor fusion designs leveraging system-level properties, and novel designs that leverage other participants in the operation ecosystem and infrastructure support. This project will also develop a simulation-based evaluation platform with uniform and extensible attack and defense development support, which will be used to facilitate both research and education of autonomous cyber-physical system security.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

近年来，自动驾驶汽车和送货无人机/机器人等自主网络物理系统的实际开发和部署大幅增加。为了在复杂的环境中实现高水平的自主性，人工智能（AI）堆栈扮演着核心角色，这是一种“大脑”，这使得它们具有高度的安全性。先前的工作已经研究了针对自主网络物理系统中使用的AI算法的对抗性攻击，但大多集中在完全或部分隔离物理上下文的AI算法级安全属性上。然而，由于这些算法只是整个系统的组成部分，因此从系统的角度研究和解决其安全问题更有实际意义和有效，特别是在更通用和更基础的物理层攻击模型下。该项目旨在创建一套系统化的方法论、解决方案框架和平台，可以在物理层攻击下为自主网络物理系统的AI组件实现系统级安全分析和防御设计。随着自主网络物理系统在真实的世界中的部署和商业化，这方面的成功应该直接有益于日常生活的安全。本项目包括两个研究方向，涵盖拟议的系统级安全研究的攻击和防御方面。首先，为了实现系统级安全分析，该项目将开发新的系统到AI和AI到系统映射方法，克服各种设计挑战，例如在物理层攻击生成中系统地保持物理可实现性和语义等效性，并有效地适应现实世界系统设计和实现的多样性。其次，为了开发系统级防御设计，该项目将从单个系统和运营生态系统的角度系统地识别和利用新的设计机会，包括新的物理不变量，利用系统级属性的新型攻击弹性传感器融合设计，以及利用运营生态系统和基础设施支持中其他参与者的新型设计。该项目还将开发一个基于模拟的评估平台，提供统一和可扩展的攻击和防御开发支持，用于促进自主网络物理系统安全的研究和教育。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Infrastructure-Aided Defense for Autonomous Driving Systems: Opportunities and Challenges

自动驾驶系统的基础设施辅助防御：机遇与挑战

• 发表时间: 2022
• 期刊: NDSS Workshop on Automotive and Autonomous Vehicle Security (AutoSec
• 作者: Luo, Yunpeng;Wang, Ningfei;Yu, Bo;Liu, Shaoshan;Chen, Qi Alfred
• 通讯作者: Chen, Qi Alfred

Does Physical Adversarial Example Really Matter to Autonomous Driving? Towards System-Level Effect of Adversarial Object Evasion Attack

• DOI: 10.1109/iccv51070.2023.00407
• 发表时间: 2023-08
• 期刊: 2023 IEEE/CVF International Conference on Computer Vision (ICCV)
• 作者: Ningfei Wang;Y. Luo;Takami Sato;Kaidi Xu;Qi Alfred Chen

Detecting Data Spoofing in Connected Vehicle based Intelligent Traffic Signal Control using Infrastructure-Side Sensors and Traffic Invariants

使用基础设施侧传感器和交通不变量检测基于智能交通信号控制的联网车辆中的数据欺骗

• 发表时间: 2023
• 期刊: IEEE Intelligent Vehicles Symposium (IV
• 作者: Shen, Junjie;Wan, Ziwen;Luo, Yunpeng;Feng, Yiheng;Mao, Z.;Chen, Qi Alfred
• 通讯作者: Chen, Qi Alfred

Towards Driving-Oriented Metric for Lane Detection Models

• DOI: 10.1109/cvpr52688.2022.01664
• 发表时间: 2022-03
• 期刊: 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)
• 作者: Takami Sato;Qi Alfred Chen

AVMaestro: A Centralized Policy Enforcement Framework for Safe Autonomous-driving Environments

AVMaetro：安全自动驾驶环境的集中式政策执行框架

• 发表时间: 2022
• 期刊: IEEE Intelligent Vehicles Symposium (IV
• 作者: Zhang, Ze;Singapuram, Sanjay;Zhang, Qingzhao;David, Ke Hong;Nguyen, Brandon;Mao, Z. Morley;Mahlke, Scott;Chen, Qi Alfred
• 通讯作者: Chen, Qi Alfred