EXCELLENCE in RESEARCH: SECURING MACHINE LEARNING AGAINST ADVERSARIAL ATTACKS FOR CONNECTED AND AUTONOMOUS VEHICLES

卓越的研究：保护联网和自动驾驶车辆的机器学习免受对抗性攻击

• 批准号: 2200457
• 负责人: Esmail Abuhdima
• 金额: $ 49.29万
• 依托单位: Benedict College
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2200457&HistoricalAwards=false
• 关键词: EXCELLENCE; RESEARCH; SECURING; MACHINE; LEARNING

This research is motivated by the need to boost U.S. competitiveness and increase the number of young people with an in-depth understanding of the safety, security, and dependability of intelligent systems by accelerating the adoption of threat identification and attack-resistant control countermeasures. Future cyberattacks on connected and automated vehicles will necessitate the study and development of novel countermeasures to increase market acceptance of these vehicle technologies, which could improve traffic conditions, vehicle and personal safety, and energy efficiency. This award will contribute to the intellectual development of underrepresented undergraduate and graduate students in modeling, Artificial Intelligence, and communication to address cybersecurity issues in connected autonomous vehicles. The prime objective of this research is to create a defense technique that will enable Connected Autonomous Vehicles to be more resistant to adversarial attacks and hence capable of meeting more stringent safety and performance requirements. Another key focus is to involve teams of undergraduate and graduate students in creative inquiry and design projects based on hands-on demo platforms. This research focuses especially on enhancing the resilience of Connected Autonomous Vehicles against the possibility of adversarial attacks aimed at affecting the performance of the perception module, thereby improving vehicle reliability and functional safety beyond currently adopted practices. In addition, the award has larger theoretical implications in the fields of security, Machine Learning, filtering, and optimization, ultimately expediting the deployment of connected autonomous vehicles.Recent advancements in connected and autonomous vehicles reveal that several companies are investing substantially in the development of perception modules based on machine learning algorithms. However, these machine learning algorithms are vulnerable to adversarial attacks designed to mislead the input of the deep neural network to induce a misclassification, which may undermine vehicle decision-making and, therefore, functional safety. Through wireless Ethernet connectivity, attackers may compromise the in-vehicle computer platform and obtain access to the sensor data stored in memory. Before the perception module, adversarial inputs may be introduced to supplant the original normal inputs and destabilize vehicle operations. The overall framework comprises modeling potential adversarial threats impacting the perception and fusion process and designing both reactive and proactive countermeasures for the secure and reliable functioning of the system. This technique is modular and can be deployed to a range of Deep Neural Network applications such as robotics, biometric identification, and speech recognition. Incorporating robustness measures during the training phase will yield a more resilient Deep Neural Network. Moreover, filtering at several stages of the perceptron process can be used to develop a system that can innately tolerate a greater spectrum of attacks. The project tasks aim at conducting fundamental research on a plan that includes adversarial attack modeling for single and fused sensor data, novel data filtering algorithms for detecting various white-box and black-box attacks, revised Deep Neural Network training based on robustness/sensitivity tradeoff in optimization models, evaluation of the impact of sensor fusion, and testing the framework on F1/10 cars and autonomous golf cars.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

这项研究的动机是为了提高美国的竞争力，并通过加速采用威胁识别和抗攻击控制对策，增加对智能系统的安全性、安全性和可靠性有深入了解的年轻人的数量。未来针对联网和自动驾驶汽车的网络攻击将需要研究和开发新的对策，以提高市场对这些汽车技术的接受度，从而改善交通状况、车辆和人身安全以及能源效率。该奖项将有助于未被充分代表的本科生和研究生在建模、人工智能和通信方面的智力发展，以解决联网自动驾驶汽车的网络安全问题。这项研究的主要目标是创建一种防御技术，使联网自动驾驶汽车能够更有效地抵御对抗性攻击，从而能够满足更严格的安全和性能要求。另一个重点是让本科生和研究生团队参与创意探究和设计项目，这些项目基于动手演示平台。本研究特别侧重于增强联网自动驾驶汽车的弹性，以抵御旨在影响感知模块性能的对抗性攻击的可能性，从而提高车辆的可靠性和功能安全性，超越目前采用的做法。此外，该奖项在安全、机器学习、过滤和优化等领域具有更大的理论意义，最终将加速联网自动驾驶汽车的部署。联网和自动驾驶汽车的最新进展表明，几家公司正在大力投资开发基于机器学习算法的感知模块。然而，这些机器学习算法容易受到旨在误导深度神经网络输入的对抗性攻击的影响，从而导致错误分类，这可能会破坏车辆的决策，从而影响功能安全。通过无线以太网连接，攻击者可以入侵车载计算机平台，获取存储在内存中的传感器数据。在感知模块之前，可能会引入对抗性输入来取代原有的正常输入并破坏车辆运行的稳定性。整体框架包括对影响感知和融合过程的潜在对抗性威胁进行建模，并为系统的安全和可靠功能设计被动和主动对策。这种技术是模块化的，可以部署到一系列深度神经网络应用中，如机器人、生物识别和语音识别。在训练阶段结合鲁棒性措施将产生更有弹性的深度神经网络。此外，在感知器过程的几个阶段进行过滤，可以用来开发一个天生能够承受更大范围攻击的系统。项目任务旨在对一个计划进行基础研究，包括针对单个和融合传感器数据的对抗性攻击建模，用于检测各种白盒和黑盒攻击的新型数据过滤算法，基于优化模型的鲁棒性/灵敏度权衡的修订深度神经网络训练，评估传感器融合的影响，以及在F1/10汽车和自动高尔夫车上测试框架。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Propagating Uniform Millimeter Wave in Dust and Sand Storm

• DOI: 10.1109/jrfid.2023.3268559
• 发表时间: 2023
• 期刊: IEEE Journal of Radio Frequency Identification
• 影响因子: 3.1
• 作者: Esmail M. M. Abuhdima-Esmail-M.-M.-Abuhdima-31030309;Chin-Tser Huang;P. Pisu;G. Comert;Jian Liu;Chunheng Zhao;Fred Chambers;Kibonke Niyomugabo;Nabeyou Tadessa;A. Nazeri

Switching Strategy for Connected Vehicles Under Variant Harsh Weather Conditions

• DOI: 10.1109/jrfid.2023.3274602
• 发表时间: 2023
• 期刊: IEEE Journal of Radio Frequency Identification
• 影响因子: 3.1
• 作者: Jian Liu;A. Nazeri;Chunheng Zhao;Esmail M. M. Abuhdima-Esmail-M.-M.-Abuhdima-31030309;G. Comert;Chin-Tser Huang;P. Pisu