SpecGuard: Specification Aware Recovery for Robotic Autonomous Vehicles from Physical Attacks

Pritam Dash, Ethan Chan and Karthik Pattabiraman, To appear in the ACM International Conference on Computer and Communications Security (CCS), 2024. (Acceptance Rate: TBD) [ PDF | Talk ] (Code, arXIV version)

Abstract: Robotic Autonomous Vehicles (RAVs) rely on their sensors for perception, and follow strict mission specifications (e.g., altitude, speed, and geofence constraints) for safe and timely operations. Physical attacks can corrupt the RAVs’ sensors, resulting in a crash or mission failure. Recovering RAVs from such attacks demands robust control techniques that maintain compliance with mission specifications even under attacks to ensure the RAV’s safety and timely operations. We propose SpecGuard, a technique that complies with mission specifications and performs safe recovery of RAVs. There are two innovations in SpecGuard. First, it introduces an approach to incorporate mission specifications and learn a recovery control policy using Deep Reinforcement Learning (Deep-RL). We design a compliance-based reward structure that reflects the RAV’s complex dynamics and enables SpecGuard to satisfy multiple mission specifications simultaneously. Second, SpecGuard incorporates state reconstruction, a technique that minimizes attack induced sensor perturbations. This reconstruction enables effective adversarial training, and optimizing the recovery control policy for robustness under attacks. We evaluate SpecGuard in virtual and real RAVs, and find that it achieves 92% recovery success rate under attacks on different sensors. SpecGuard achieves 2X higher recovery success compared to prior work, while incurring a performance overhead of about 15%.

Comments are closed.