A Trigger Exploration Method for Backdoor Attacks on Deep Learning-Based Traffic Control Systems

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Deep learning methods are in the forefront of techniques used to perform complex controls in autonomous vehicles (AVs). Such methods are vulnerable to nuanced types of adversarial attacks, and can have sever safety implications. Specifically, backdoors are an emerging kind of adversarial attacks on deep neural networks (DNNs), where a secret backdoor is injected into the DNNs by an attacker and activated in the presence of well-designed triggers, which necessitate a systematic exploration to enable the study of effective defenses. In this paper, we learn an adversarial distribution for trigger samples by reinforcement learning with the objective that the difference between the adversarial and genuine distributions are minimized. This bypasses many detection algorithms that are designed based on the difference between the adversarial and genuine input samples. Specifically, the difference between two distributions are evaluated by the Jensen-Shannon (JS)-divergence. The adversarial samples generated by the learned adversarial distribution are used for manipulating benign models in two complex traffic control systems. Our results show that our method renders the backdoor attack stealthy overriding the benign control objectives and potentially causing vehicle collisions.

Original languageEnglish (US)
Title of host publication60th IEEE Conference on Decision and Control, CDC 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages4394-4399
Number of pages6
ISBN (Electronic)9781665436595
DOIs
StatePublished - 2021
Event60th IEEE Conference on Decision and Control, CDC 2021 - Austin, United States
Duration: Dec 13 2021Dec 17 2021

Publication series

NameProceedings of the IEEE Conference on Decision and Control
Volume2021-December
ISSN (Print)0743-1546
ISSN (Electronic)2576-2370

Conference

Conference60th IEEE Conference on Decision and Control, CDC 2021
Country/TerritoryUnited States
CityAustin
Period12/13/2112/17/21

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Modeling and Simulation
  • Control and Optimization

Fingerprint

Dive into the research topics of 'A Trigger Exploration Method for Backdoor Attacks on Deep Learning-Based Traffic Control Systems'. Together they form a unique fingerprint.

Cite this