Singapore Institute of Technology
3576841.3589615.pdf (3.04 MB)

Effects of Learning-Based Action-Space Attacks on Autonomous Driving Agents

Download (3.04 MB)
conference contribution
posted on 2023-11-07, 04:03 authored by Yuting Wu, Xin LouXin Lou, Pengfei Zhou, Rui Tan, Zbigniew Kalbarczyk, Ravishankar Iyer

Vehicle cybernation with increasing use of information and communication technologies faces cybersecurity threats. This extended abstract studies action-space attacks on autonomous driving agents that make decisions using either a traditional modular processing pipeline or the recently proposed end-to-end model obtained via deep reinforcement learning (DRL). The action-space attacks alter the actuation signal and pose direct risks to the vehicle’s behavior. We formulate the attack construction as a DRL problem based on the input from either an extra camera or inertial measurement unit deployed. Attacks are designed to lurk until a safety-critical moment arises (e.g. lane changing or overtaking), with the goal of causing a side collision upon activation. Our results demonstrate that the modular processing pipeline is more resilient than the DRL-based agent, due to the former’s main focus of trajectory following. We further investigate two enhancement methods: adversarial training through fine-tuning and progressive neural networks, gaining an essential understanding of their pros and cons


Journal/Conference/Book title

Proceedings of the ACM/IEEE 14th International Conference on Cyber-Physical Systems (with CPS-IoT Week 2023)

Publication date


Usage metrics


    No categories selected