Pritam Dash, Mehdi Karimibuiki, and Karthik Pattabiraman, To appear in the ACM Journal on Digital Threats: Research and Practice (DTRAP). Acceptance Date: August 2020. [ PDF ]
Expanded version of our ACSAC’19 paper.
Abstract:Robotic vehicles (RV) are increasing in adoption in many industrial sectors. RVs use auto-pilot software for perception and navigation and rely on sensors and actuators for operating autonomously in the physical world. Control algorithms have been used in RVs to minimize the effects of noisy sensors, prevent faulty actuator output, and recently, in detecting attacks against RVs. In this paper, we show the vulnerabilities in control-based intrusion detection techniques and propose three kinds of stealthy attacks that evade detection and disrupt RV missions. We also propose automated algorithms for performing the attacks without requiring the attacker to expend significant effort or know specific details of the RV, making the attacks applicable to a wide range of RVs. We demonstrate the attacks on eight RV systems including three real vehicles in the presence of an Intrusion Detection System (IDS) using control-based techniques to monitor RV’s runtime behavior and detect attacks. We find that the control-based techniques are incapable of detecting our stealthy attacks, and that the attacks can have significant adverse impact on the RV’s mission (e.g., deviate from its target significantly or cause the RV to crash).
- SwarmFuzz: Discovering GPS Spoofing Attacks in Drone Swarms
- AChecker: Statically Detecting Smart Contract Access Control Vulnerabilities
- Jujutsu: A Two-stage Defense against Adversarial Patch Attacks on Deep Neural Networks
- A Large-scale Empirical Study of Low-level Function Use in Ethereum Smart Contracts and Automated Replacement
- Characterizing Variability in Heterogeneous Edge Systems: A Methodology & Case Study
- LLTFI: Framework Agnostic Fault Injection for Machine Learning Applications (Tools and Artifact Track)
- Fault Injection for TensorFlow Applications
- eTainter: Detecting Gas-Related Vulnerabilities in Smart Contracts
- The Fault in Our Data Stars: Studying Mitigation Techniques against Faulty Training Data in ML Applications
- π-Configurator: Enabling Efficient Configuration of Pipelined Applications on the Edge