针对自动驾驶智能模型的攻击与防御  被引量：1

作　　者：马晨[1,2] 沈超 蔺琛皓[1,2] 李前[1,2] 王骞 李琦 管晓宏[1,2] MA Chen;SHEN Chao;LIN Chen-Hao;LI Qian;WANG Qian;LI Qi;GUAN Xiao-Hong(School of Cyber Science and Engineering,Faculty of Electronic and Information Engineering,Xi'an Jiaotong University,Xi'an 710049;Ministry of Education Key Lab for Intelligent Networks and Netvwork Security(Xi'an Jiaotong University),Xi'an 710049;School of Cyber Science and Engineering,Wuhan University,Wuhan 430072;Institute for Netrvork Sciences and Cyberspace,Tsinghua University,Beijing 100084)

机构地区：[1]西安交通大学电子与信息学部网络空间安全学院,西安710049 [2]智能网络与网络安全教育部重点实验室(西安交通大学),西安710049 [3]武汉大学国家网络安全学院,武汉430072 [4]清华大学网络科学与网络空间研究院,北京100084

出　　处：《计算机学报》2024年第6期1431-1452,共22页Chinese Journal of Computers

基　　金：科技创新2030-“新一代人工智能”重大项目(2020AAA0107702);国家自然科学基金(U21B2018,62161160337,6213201162376210,62006181,U20B2049,U20A20177,62206217);陕西省重点研发计划项目(2021ZDLGY01-02,2023-ZDLGY-38)资助.

摘　　要：近年来,以深度学习算法为代表的人工智能技术为人类生产生活的方方面面带来了巨大的革新,尤其是在自动驾驶领域,部署着自动驾驶系统的智能汽车已经走进入们的生活,成为了重要的生产力工具.然而,自动驾驶系统中的人工智能模型面临着潜在的安全隐患和风险,这给人民群众生命财产安全带来了严重威胁.本文通过回顾自动驾驶智能模型攻击和防御的相关研究工作,揭示自动驾驶系统在物理世界下面临的安全风险并归纳总结了相应的防御对策.具体来说,本文首先介绍了包含攻击面、攻击能力和攻击目标的自动驾驶系统安全风险模型.其次,面向自动驾驶系统的三个关键功能层——传感器层、感知层和决策层,本文依据受攻击的智能模型和攻击手段归纳、分析了对应的攻击方法以及防御对策,并探讨了现有方法的局限性.最后,本文讨论和展望了自动驾驶智能模型攻击与防御技术面临的难题与挑战,并指出了未来潜在的研究方向和发展趋势.In recent years,artificial intelligence(AI)technologies,notably deep learning algorithms,have ushered in significant innovations across various facets of human existence.One prominent domain benefiting from these advancements is autonomous driving.Intelligent vehicles equipped with autonomous driving systems have gradually integrated into people's daily lives,emerging as pivotal tools that enhance productivity and redefine transportation paradigms.However,the surge in traffic safety incidents in recent years has served as a stark warning,signaling that artificial intelligence models within autonomous driving systems are susceptible to potential safety hazards and risks.This reality poses a significant threat to the safety of people's lives and properties.This paper reviews previous research works related to intelligent attack and corresponding defense works to reveal the security risks of autonomous driving systems in the physical world,and summarizes the corresponding defense strategies.Specifically,we first introduce in this paper the security risk model for autonomous driving systems that includes attack surfaces,attack capa-bilities,and attack goals.The main workflow of the autonomous driving system can be grouped into three layers.The autonomous driving system first takes the information about the nearby environment gathered by the sensor layer as input,and then processes the data through the perception layer equipped with intelligent models to extract key information such as obstacles,traffic signs,traffic lights and lane lines.Subsequently,the decision layer predicts the movement trajectories of the surrounding obstacles and plans the travel path of the autonomous vehicle based on the extracted information.In this process,the attacker could use different physical attacks to execute attacks against the intelligent model,thus posing a huge security risk.Building upon the known attack intelligence of the attacker,we categorize attacks into three types:white-box,gray-box,and black-box attacks.Furthermore,consi

关 键 词：自动驾驶安全 人工智能安全 信息物理系统安全 物理对抗攻击 防御策略 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]