A Model Checking Based Approach to Detect Safety-Critical Adversarial Examples on Autonomous Driving Systems

Zhen Huang; Bo Li; De Hui Du; Qin Li

doi:10.1007/978-3-031-17715-6_16

A Model Checking Based Approach to Detect Safety-Critical Adversarial Examples on Autonomous Driving Systems

Zhen Huang, Bo Li, De Hui Du, Qin Li

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The safety of autonomous driving systems (ADS) with machine learning (ML) components is threatened by adversarial examples. The mainstream defending technique against such threats concerns the adversarial examples that make the ML model fail. However, such an adversarial example does not necessarily cause safety problems for the entire ADS. Therefore a method for detecting the adversarial examples that will lead the ADS to unsafe states will be helpful to improve the defending technique. This paper proposes an approach to detect such safety-critical adversarial examples in typical autonomous driving scenarios based on the model checking technique. The scenario of autonomous driving and the semantic effect of adversarial attacks on object detection is specified with the Network of Timed Automata model. The safety properties of ADS are specified and verified through the UPPAAL model checker to show whether the adversarial examples lead to safety problems. The result from the model checking can reveal the critical time interval of adversarial attacks that will lead to an unsafe state for a given scenario. The approach is demonstrated on a popular adversarial attack algorithm in a typical autonomous driving scenario. Its effectiveness is shown through a series of simulations on the CARLA platform.

Original language	English (US)
Title of host publication	Theoretical Aspects of Computing – ICTAC 2022 - 19th International Colloquium, Proceedings
Editors	Helmut Seidl, Zhiming Liu, Corina S. Pasareanu
Publisher	Springer
Pages	238-254
Number of pages	17
ISBN (Print)	9783031177149
DOIs	https://doi.org/10.1007/978-3-031-17715-6_16
State	Published - 2022
Externally published	Yes
Event	19th International Colloquium on Theoretical Aspects of Computing, ICTAC 2022 - Tbilisi, Georgia Duration: Sep 27 2022 → Sep 29 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13572 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th International Colloquium on Theoretical Aspects of Computing, ICTAC 2022
Country/Territory	Georgia
City	Tbilisi
Period	9/27/22 → 9/29/22

Keywords

Adversarial examples
Autonomous driving
Model checking

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Online availability

10.1007/978-3-031-17715-6_16

Library availability

Discover UIUC Full Text

Cite this

Huang, Z., Li, B., Du, D. H., & Li, Q. (2022). A Model Checking Based Approach to Detect Safety-Critical Adversarial Examples on Autonomous Driving Systems. In H. Seidl, Z. Liu, & C. S. Pasareanu (Eds.), Theoretical Aspects of Computing – ICTAC 2022 - 19th International Colloquium, Proceedings (pp. 238-254). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13572 LNCS). Springer. https://doi.org/10.1007/978-3-031-17715-6_16

A Model Checking Based Approach to Detect Safety-Critical Adversarial Examples on Autonomous Driving Systems. / Huang, Zhen; Li, Bo; Du, De Hui et al.
Theoretical Aspects of Computing – ICTAC 2022 - 19th International Colloquium, Proceedings. ed. / Helmut Seidl; Zhiming Liu; Corina S. Pasareanu. Springer, 2022. p. 238-254 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13572 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Huang, Z, Li, B, Du, DH & Li, Q 2022, A Model Checking Based Approach to Detect Safety-Critical Adversarial Examples on Autonomous Driving Systems. in H Seidl, Z Liu & CS Pasareanu (eds), Theoretical Aspects of Computing – ICTAC 2022 - 19th International Colloquium, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13572 LNCS, Springer, pp. 238-254, 19th International Colloquium on Theoretical Aspects of Computing, ICTAC 2022, Tbilisi, Georgia, 9/27/22. https://doi.org/10.1007/978-3-031-17715-6_16

Huang Z, Li B, Du DH, Li Q. A Model Checking Based Approach to Detect Safety-Critical Adversarial Examples on Autonomous Driving Systems. In Seidl H, Liu Z, Pasareanu CS, editors, Theoretical Aspects of Computing – ICTAC 2022 - 19th International Colloquium, Proceedings. Springer. 2022. p. 238-254. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-17715-6_16

Huang, Zhen ; Li, Bo ; Du, De Hui et al. / A Model Checking Based Approach to Detect Safety-Critical Adversarial Examples on Autonomous Driving Systems. Theoretical Aspects of Computing – ICTAC 2022 - 19th International Colloquium, Proceedings. editor / Helmut Seidl ; Zhiming Liu ; Corina S. Pasareanu. Springer, 2022. pp. 238-254 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d2a617125e3d4272bf4372c6ee976033,

title = "A Model Checking Based Approach to Detect Safety-Critical Adversarial Examples on Autonomous Driving Systems",

abstract = "The safety of autonomous driving systems (ADS) with machine learning (ML) components is threatened by adversarial examples. The mainstream defending technique against such threats concerns the adversarial examples that make the ML model fail. However, such an adversarial example does not necessarily cause safety problems for the entire ADS. Therefore a method for detecting the adversarial examples that will lead the ADS to unsafe states will be helpful to improve the defending technique. This paper proposes an approach to detect such safety-critical adversarial examples in typical autonomous driving scenarios based on the model checking technique. The scenario of autonomous driving and the semantic effect of adversarial attacks on object detection is specified with the Network of Timed Automata model. The safety properties of ADS are specified and verified through the UPPAAL model checker to show whether the adversarial examples lead to safety problems. The result from the model checking can reveal the critical time interval of adversarial attacks that will lead to an unsafe state for a given scenario. The approach is demonstrated on a popular adversarial attack algorithm in a typical autonomous driving scenario. Its effectiveness is shown through a series of simulations on the CARLA platform.",

keywords = "Adversarial examples, Autonomous driving, Model checking",

author = "Zhen Huang and Bo Li and Du, {De Hui} and Qin Li",

note = "Funding Information: This work is supported by NKRDP (2020AAA0107800) and STCSM (20DZ1100300). Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 19th International Colloquium on Theoretical Aspects of Computing, ICTAC 2022 ; Conference date: 27-09-2022 Through 29-09-2022",

year = "2022",

doi = "10.1007/978-3-031-17715-6_16",

language = "English (US)",

isbn = "9783031177149",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "238--254",

editor = "Helmut Seidl and Zhiming Liu and Pasareanu, {Corina S.}",

booktitle = "Theoretical Aspects of Computing – ICTAC 2022 - 19th International Colloquium, Proceedings",

address = "Germany",

}

TY - GEN

T1 - A Model Checking Based Approach to Detect Safety-Critical Adversarial Examples on Autonomous Driving Systems

AU - Huang, Zhen

AU - Li, Bo

AU - Du, De Hui

AU - Li, Qin

N1 - Funding Information: This work is supported by NKRDP (2020AAA0107800) and STCSM (20DZ1100300). Publisher Copyright: © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

PY - 2022

Y1 - 2022

N2 - The safety of autonomous driving systems (ADS) with machine learning (ML) components is threatened by adversarial examples. The mainstream defending technique against such threats concerns the adversarial examples that make the ML model fail. However, such an adversarial example does not necessarily cause safety problems for the entire ADS. Therefore a method for detecting the adversarial examples that will lead the ADS to unsafe states will be helpful to improve the defending technique. This paper proposes an approach to detect such safety-critical adversarial examples in typical autonomous driving scenarios based on the model checking technique. The scenario of autonomous driving and the semantic effect of adversarial attacks on object detection is specified with the Network of Timed Automata model. The safety properties of ADS are specified and verified through the UPPAAL model checker to show whether the adversarial examples lead to safety problems. The result from the model checking can reveal the critical time interval of adversarial attacks that will lead to an unsafe state for a given scenario. The approach is demonstrated on a popular adversarial attack algorithm in a typical autonomous driving scenario. Its effectiveness is shown through a series of simulations on the CARLA platform.

AB - The safety of autonomous driving systems (ADS) with machine learning (ML) components is threatened by adversarial examples. The mainstream defending technique against such threats concerns the adversarial examples that make the ML model fail. However, such an adversarial example does not necessarily cause safety problems for the entire ADS. Therefore a method for detecting the adversarial examples that will lead the ADS to unsafe states will be helpful to improve the defending technique. This paper proposes an approach to detect such safety-critical adversarial examples in typical autonomous driving scenarios based on the model checking technique. The scenario of autonomous driving and the semantic effect of adversarial attacks on object detection is specified with the Network of Timed Automata model. The safety properties of ADS are specified and verified through the UPPAAL model checker to show whether the adversarial examples lead to safety problems. The result from the model checking can reveal the critical time interval of adversarial attacks that will lead to an unsafe state for a given scenario. The approach is demonstrated on a popular adversarial attack algorithm in a typical autonomous driving scenario. Its effectiveness is shown through a series of simulations on the CARLA platform.

KW - Adversarial examples

KW - Autonomous driving

KW - Model checking

UR - http://www.scopus.com/inward/record.url?scp=85140738931&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85140738931&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-17715-6_16

DO - 10.1007/978-3-031-17715-6_16

M3 - Conference contribution

AN - SCOPUS:85140738931

SN - 9783031177149

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 238

EP - 254

BT - Theoretical Aspects of Computing – ICTAC 2022 - 19th International Colloquium, Proceedings

A2 - Seidl, Helmut

A2 - Liu, Zhiming

A2 - Pasareanu, Corina S.

PB - Springer

T2 - 19th International Colloquium on Theoretical Aspects of Computing, ICTAC 2022

Y2 - 27 September 2022 through 29 September 2022

ER -