On the Vulnerability of Deep Reinforcement Learning to Backdoor Attacks in Autonomous Vehicles

Yue Wang, Esha Sarkar, Saif Eddin Jabari, Michail Maniatakos

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Recent work has shown that the introduction of autonomous vehicles can help solve critical transportation issues, such as reducing traffic jams. Deep learning has shown advanced capabilities in complex tasks and has been applied to autonomous vehicles, e.g., deep neural networks for detection and classification of pedestrians and vehicles, deep reinforcement learning for steering and acceleration control, etc. However, security of autonomous vehicles is critical, especially in the context of human-related tasks. Backdoor attacks in neural networks are an emerging attack vector, aiming to deliberately compromise a model by inserting a backdoor and produce the malicious attacker-chosen outputs when certain triggers are encountered. In this chapter, we first introduce related work on deep learning in autonomous vehicles and discuss respective applications. Afterward, we present the backdoor attack literature, focusing on autonomous vehicle controllers employing deep reinforcement learning models. Finally, we introduce backdoor defenses and analyze their effectiveness.

Original languageEnglish (US)
Title of host publicationEmbedded Machine Learning for Cyber-Physical, IoT, and Edge Computing
Subtitle of host publicationUse Cases and Emerging Challenges
PublisherSpringer Nature
Pages315-341
Number of pages27
ISBN (Electronic)9783031406775
ISBN (Print)9783031406768
DOIs
StatePublished - Jan 1 2023

Keywords

  • Autonomous vehicle
  • Backdoor
  • Controller
  • Deep reinforcement learning
  • Machine learning security

ASJC Scopus subject areas

  • General Computer Science
  • General Engineering
  • General Social Sciences

Fingerprint

Dive into the research topics of 'On the Vulnerability of Deep Reinforcement Learning to Backdoor Attacks in Autonomous Vehicles'. Together they form a unique fingerprint.

Cite this