Embedded Files
Perception Vulnerability
Perception Vulnerability
Frustum Attack Spoofing
Frustum Attack Spoofing
The frustum attack was conceived as a black-box method of retaining consistency of LiDAR spoofing attacks between camera and LiDAR sensor data.
Compromises LiDAR-Based Perception
Compromises LiDAR-Based Perception
The frustum attack has demonstrated ability to compromise both LiDAR-only and camera-LiDAR fusion across 6 different perception architectures, including point-based, voxel-based, and bird's-eye-view LiDAR-only architectures and cascaded semantic, integrated semantic, and feature-level camera-LiDAR fusion architectures.
Stealthy Against Specialized Defenses
Stealthy Against Specialized Defenses
The frustum attack has currently been shown stealthy against CARLO, SVF, and ShadowCatcher defenses. It also suggests to be stealthy to LIFE, as reported in the original work.
Preliminaries: Camera-LiDAR Fusion Architectures
Preliminaries: Camera-LiDAR Fusion Architectures
Cascaded Semantic Fusion
Integrated Semantic Fusion (e.g. Tracking)
Feature-Level Fusion
Attack Feasibility
Attack Feasibility
- Experimental evidence demonstrates feasibility of frustum attack
- Stably spoofing hundreds of fake LiDAR points
- Spoofing successful in presence of dynamic environment and moving vehicles
- Attacker has control over range of placement of spoof point cluster
- Experimental evidence demonstrates feasibility of frustum attack
LiDAR-spoofing-video-2-no-motion.mp4LiDAR-spoofing-video-1-with-motion.mp4TOP: Attacker spoofs LiDAR points in frustum when victim and target have no relative velocity. Attacker has full control over range of placement
BOTTOM: Attacker executes spoof during relative motion between victim and target vehicles. Attacker is able to maintain a consistent placement of spoof points relative to target vehicle.
End-to-End Impact at Driving-Decision Level
End-to-End Impact at Driving-Decision Level
Frustum Attack Baidu .mp4AV control compromised: frustum attack causes emergency braking
Frustum attack causes false positive detections for Apollo
Find early access to our full work here:
Hallyburton, R. S., Liu, Y., Cao, Y., Mao, Z. M., & Pajic, M. (2021). Security Analysis of Camera-LiDAR Fusion Against Black-Box Attacks on Autonomous Vehicles. arXiv preprint arXiv:2106.07098.
Page updated
Google Sites
Report abuse