Protecting Autonomous Systems From Adversarial Attacks
ECE Assistant Professor Xue “Shelley” Lin is the PI of a $500K NSF grant, in collaboration with Alfred Chen from the University of California Irvine, for the “Design of Secured Autonomous Cyber-Physical Systems Against Adversarial Machine Learning Attacks.”
Abstract Source: NSF
Cyber-physical systems such as self-driving cars, drones, and intelligent transportation rely heavily on machine learning techniques for ever-increasing levels of autonomy. In the example of autonomous vehicles, deep learning or deep neural networks can be employed for perception, sensor fusion, prediction, planning, and control tasks. However powerful such machine learning techniques have become, they also expose a new attack surface, which may lead to vulnerability to adversarial attacks and potentially harmful consequences in security- and safety-critical scenarios. This project investigates adversarial machine learning challenges faced by autonomous cyber-physical systems with the aim of formulating defense strategies. The project will collaborate with the Center for STEM (Science, Technology, Engineering and Math) Education at Northeastern University and the Office of Access and Inclusion Center at University of California at Irvine to engage undergraduates, women, and minority students in independent research projects.
This project is composed of two interdependent research thrusts, one for investigating adversarial attacks and one for devising countermeasures, aiming to secure the key deep learning-equipped software components of autonomous cyber-physical systems, such as perception, obstacle prediction, and vehicle planning and control. The main deep learning techniques of interest to autonomous cyber-physical systems include convolutional neural networks for detection, recurrent neural networks for prediction, and deep reinforcement learning for control. The technical innovations of the project include ADMM (Alternating Direction Method of Multipliers) based attack generation, concurrent adversarial training and model compression, and multi-sourced defense schemes incorporating adversarial training and ensemble learning. This project will implement and evaluate the proposed attack and defense approaches on real-world prototypes of autonomous cyber-physical systems for autonomous vehicles and unmanned aerial vehicles in the investigators’ labs. The investigators will release all the developed models, algorithms, and software to GitHub to facilitate community usage.