STOP! Camera Spoofing via the in-Vehicle IP Network

• URL: http://arxiv.org/abs/2410.05417v1
• Date: Mon, 7 Oct 2024 18:30:22 GMT
• Title: STOP! Camera Spoofing via the in-Vehicle IP Network
• Authors: Dror Peri, Avishai Wool,
• Abstract summary: We create an attack tool that exploits the GigE Vision protocol. We then analyze two classes of passive anomaly detectors to identify such attacks. We propose a novel class of active defense mechanisms that randomly adjust camera parameters during the video transmission.
• Score: 4.14360329494344
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Autonomous driving and advanced driver assistance systems (ADAS) rely on cameras to control the driving. In many prior approaches an attacker aiming to stop the vehicle had to send messages on the specialized and better-defended CAN bus. We suggest an easier alternative: manipulate the IP-based network communication between the camera and the ADAS logic, inject fake images of stop signs or red lights into the video stream, and let the ADAS stop the car safely. We created an attack tool that successfully exploits the GigE Vision protocol. Then we analyze two classes of passive anomaly detectors to identify such attacks: protocol-based detectors and video-based detectors. We implemented multiple detectors of both classes and evaluated them on data collected from our test vehicle and also on data from the public BDD corpus. Our results show that such detectors are effective against naive adversaries, but sophisticated adversaries can evade detection. Finally, we propose a novel class of active defense mechanisms that randomly adjust camera parameters during the video transmission, and verify that the received images obey the requested adjustments. Within this class we focus on a specific implementation, the width-varying defense, which randomly modifies the width of every frame. Beyond its function as an anomaly detector, this defense is also a protective measure against certain attacks: by distorting injected image patches it prevents their recognition by the ADAS logic. We demonstrate the effectiveness of the width-varying defense through theoretical analysis and by an extensive evaluation of several types of attack in a wide range of realistic road driving conditions. The best the attack was able to achieve against this defense was injecting a stop sign for a duration of 0.2 seconds, with a success probability of 0.2%, whereas stopping a vehicle requires about 2.5 seconds.

Related papers

• Invisible Optical Adversarial Stripes on Traffic Sign against Autonomous Vehicles [10.17957244747775]
  This paper presents an attack that uses light-emitting diodes and exploits the camera's rolling shutter effect to mislead traffic sign recognition. The attack is stealthy because the stripes on the traffic sign are invisible to human. We discuss the countermeasures at the levels of camera sensor, perception model, and autonomous driving system.
  arXiv  Detail & Related papers  (2024-07-10T09:55:31Z)
• AntibotV: A Multilevel Behaviour-based Framework for Botnets Detection in Vehicular Networks [1.3701366534590498]
  We propose AntibotV, a multilevel behaviour-based framework for vehicular botnets detection in vehicular networks. The proposed framework combines two main modules for attack detection, the first one monitors the vehicle's activity at the network level, whereas the second one monitors the in-vehicle activity. The experimental results showed that the proposed framework outperforms existing solutions, it achieves a detection rate higher than 97% and a false positive rate lower than 0.14%.
  arXiv  Detail & Related papers  (2024-07-03T21:07:49Z)
• TPatch: A Triggered Physical Adversarial Patch [19.768494127237393]
  We propose TPatch, a physical adversarial patch triggered by acoustic signals. To avoid the suspicion of human drivers, we propose a content-based camouflage method and an attack enhancement method to strengthen it.
  arXiv  Detail & Related papers  (2023-12-30T06:06:01Z)
• Threat Detection In Self-Driving Vehicles Using Computer Vision [0.0]
  We propose a threat detection mechanism for autonomous self-driving cars using dashcam videos. There are four major components, namely, YOLO to identify the objects, advanced lane detection algorithm, multi regression model to measure the distance of the object from the camera. The final accuracy of our proposed Threat Detection Model (TDM) is 82.65%.
  arXiv  Detail & Related papers  (2022-09-06T12:01:07Z)
• Illusory Attacks: Information-Theoretic Detectability Matters in Adversarial Attacks [76.35478518372692]
  We introduce epsilon-illusory, a novel form of adversarial attack on sequential decision-makers. Compared to existing attacks, we empirically find epsilon-illusory to be significantly harder to detect with automated methods. Our findings suggest the need for better anomaly detectors, as well as effective hardware- and system-level defenses.
  arXiv  Detail & Related papers  (2022-07-20T19:49:09Z)
• Exploiting Playbacks in Unsupervised Domain Adaptation for 3D Object Detection [55.12894776039135]
  State-of-the-art 3D object detectors, based on deep learning, have shown promising accuracy but are prone to over-fit to domain idiosyncrasies. We propose a novel learning approach that drastically reduces this gap by fine-tuning the detector on pseudo-labels in the target domain. We show, on five autonomous driving datasets, that fine-tuning the detector on these pseudo-labels substantially reduces the domain gap to new driving environments.
  arXiv  Detail & Related papers  (2021-03-26T01:18:11Z)
• Exploring Adversarial Robustness of Multi-Sensor Perception Systems in Self Driving [87.3492357041748]
  In this paper, we showcase practical susceptibilities of multi-sensor detection by placing an adversarial object on top of a host vehicle. Our experiments demonstrate that successful attacks are primarily caused by easily corrupted image features. Towards more robust multi-modal perception systems, we show that adversarial training with feature denoising can boost robustness to such attacks significantly.
  arXiv  Detail & Related papers  (2021-01-17T21:15:34Z)
• Dynamic Adversarial Patch for Evading Object Detection Models [47.32228513808444]
  We present an innovative attack method against object detectors applied in a real-world setup. Our method uses dynamic adversarial patches which are placed at multiple predetermined locations on a target object. We improved the attack by generating patches that consider the semantic distance between the target object and its classification.
  arXiv  Detail & Related papers  (2020-10-25T08:55:40Z)
• DPAttack: Diffused Patch Attacks against Universal Object Detection [66.026630370248]
  Adversarial attacks against object detection can be divided into two categories, whole-pixel attacks and patch attacks. We propose a diffused patch attack (textbfDPAttack) to fool object detectors by diffused patches of asteroid-shaped or grid-shape. Experiments show that our DPAttack can successfully fool most object detectors with diffused patches.
  arXiv  Detail & Related papers  (2020-10-16T04:48:24Z)
• Physically Realizable Adversarial Examples for LiDAR Object Detection [72.0017682322147]
  We present a method to generate universal 3D adversarial objects to fool LiDAR detectors. In particular, we demonstrate that placing an adversarial object on the rooftop of any target vehicle to hide the vehicle entirely from LiDAR detectors with a success rate of 80%. This is one step closer towards safer self-driving under unseen conditions from limited training data.
  arXiv  Detail & Related papers  (2020-04-01T16:11:04Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.