TY - GEN
T1 - Avara
T2 - 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024
AU - Ma, Xinyao
AU - Camp, L. Jean
AU - Zhang, Chaoqi
AU - Li, Ming
AU - Zhu, Huadi
AU - Liao, Xiaojing
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s).
PY - 2024/12/9
Y1 - 2024/12/9
N2 - Thanks to recent advances in machine learning (ML) techniques, Autonomous Driving (AD) has seen significant breakthroughs with enhanced capabilities. However, the susceptibility of ML models to adversarial evasion attacks poses a critical threat, undermining the reliability of autonomous driving systems. Despite efforts by researchers to mitigate these attacks within the AD context, unfortunately, a significant gap persists in fully understanding such adversarial maneuvers, particularly from a driver’s perspective. To bridge this gap, we propose Avara, the first unified evaluation platform for assessing human drivers’ perceptibility to adversarial attacks in AD contexts. Leveraging Virtual Reality (VR) and eye-tracking technology, Avara captures multi-modal driver awareness data, enabling detailed assessments of driver perception. Our approach integrates three distinct sources of multi-modal awareness evaluation metrics, addressing gaps inherent in previous evaluation strategies. The effectiveness and usability of Avara were validated through a human subject study, where participants engaged actively with the platform and provided extensive feedback on their perception and response to adversarial evasion attacks. Utilizing Avara, we identify an intriguing discovery that the current imperceptibility metrics for adversarial attacks fail to accurately reflect the autonomous vehicle driver’s perceptibility.
AB - Thanks to recent advances in machine learning (ML) techniques, Autonomous Driving (AD) has seen significant breakthroughs with enhanced capabilities. However, the susceptibility of ML models to adversarial evasion attacks poses a critical threat, undermining the reliability of autonomous driving systems. Despite efforts by researchers to mitigate these attacks within the AD context, unfortunately, a significant gap persists in fully understanding such adversarial maneuvers, particularly from a driver’s perspective. To bridge this gap, we propose Avara, the first unified evaluation platform for assessing human drivers’ perceptibility to adversarial attacks in AD contexts. Leveraging Virtual Reality (VR) and eye-tracking technology, Avara captures multi-modal driver awareness data, enabling detailed assessments of driver perception. Our approach integrates three distinct sources of multi-modal awareness evaluation metrics, addressing gaps inherent in previous evaluation strategies. The effectiveness and usability of Avara were validated through a human subject study, where participants engaged actively with the platform and provided extensive feedback on their perception and response to adversarial evasion attacks. Utilizing Avara, we identify an intriguing discovery that the current imperceptibility metrics for adversarial attacks fail to accurately reflect the autonomous vehicle driver’s perceptibility.
KW - Adversarial Attack
KW - Autonomous Driving
KW - Human Perception
UR - http://www.scopus.com/inward/record.url?scp=85215537850&partnerID=8YFLogxK
U2 - 10.1145/3658644.3670291
DO - 10.1145/3658644.3670291
M3 - Conference contribution
AN - SCOPUS:85215537850
T3 - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security
SP - 4792
EP - 4806
BT - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security
Y2 - 14 October 2024 through 18 October 2024
ER -