Holistic Moving Target Defence for Autonomous Driving Perception

This project will develop a Moving Target Defence (MTD) approach that creates and deploys AI mechanisms that are diverse and rapidly changing to limit the exposure of vulnerabilities and opportunities for attacks, increase the complexity and cost for attackers.

Lead PI: TAN Rui, NTU

Co-PIs:
1.WEN Yonggang, NTU
2.LUO Jun, NTU
3.HE Ying, NTU
4.LOU Xin, SIT
5.ZHANG Wei, SIT
6.Indriyati ATMOSUKARTO, SIT

Collaborators:
1. WANG Jian Ping, City University of Hong Kong
2. QIAO Chun Ming, University at Buffalo
3. Zbigniew KALBARCZYK, University of Illinois UrbanaChampaign
4. TAO Dacheng, The University of Sydney
5. LUO Yong, Wuhan University
6. SONG Qun, Delft University of Technology

With the recent rapid growth in autonomous vehicles (AVs), researchers are also paying more attention to the security risks involved. As systematic approaches have been proposed for crafting adversarial attacks against the artificial intelligence (AI) perception systems that power AVs, it is imperative to develop effective defences. Most current countermeasures assume that the attackers are ignorant of the defence mechanisms, but this allows attackers to easily overcome the defence once they obtain information on the defence. In a broader sense, the conventional paradigm of designing defences based on pre-defined attack characteristics cannot address adaptive attackers who advance their attacks.

To address the challenge, our project centers its research around a different defence paradigm called the moving target defence (MTD)* approach. The proposed MTD approach changes the defence’s deep neural networks more rapidly than the attacker’s process of understanding the defence. By doing so, attacks that were designed for a particular defence become obsolete and less effective, the exposure of vulnerabilities and opportunities for attacks become limited, and the complexity and cost for attackers are increased, making it more difficult for attacks to compromise the AI perception systems.

*Recognised by the U.S. Federal Networking and Information Technology Research and Development (NITRD) Program as a “cybersecurity game-change R&D recommendation.”

 

The research outcomes will have a significant impact on enhancing the design of robust AI perception systems for AVs. The adoption of the proposed defence will increase confidence in the reliability and safety of AI-based autonomous systems, especially in safety- and security-critical applications. Moreover, such defence mechanisms can enhance road safety and foster the adoption of autonomous driving, leading to increased transport system efficiency and hence positive socioeconomic impact.