A taxonomy of system-level attacks on deep learning models in autonomous vehicles
Additional information
Authors
Tehrani M. J.,
Kim J.,
Foulefack R. Z. L.,
Marchetto A.,
Tonella P.
Type
Journal Article
Year
2025
Language
English
Abstract
The advent of deep learning and its astonishing performance has enabled its usage in complex systems, including autonomous vehicles. On the other hand, deep learning models are susceptible to mis-predictions when small, adversarial changes are introduced into their input. Such mis-predictions can be triggered in the real world and can result in a failure of the entire system. In recent years, a growing number of research works have investigated ways to mount attacks against autonomous vehicles that exploit deep learning components. Such attacks are directed toward elements of the environment where these systems operate and their effectiveness is assessed in terms of system-level failures triggered by them. There has been however no systematic attempt to analyze and categorize such attacks. In this paper, we present the first taxonomy of system-level attacks against autonomous vehicles. We constructed our taxonomy by selecting 21 highly relevant papers, then we tagged them with 12 top-level taxonomy categories and several sub-categories. The taxonomy allowed us to investigate the attack features, the most attacked components and systems, the underlying threat models, and the failure chains from input perturbation to system-level failure. We distilled several lessons for practitioners and identified possible directions for future work for researchers.
Keywords
Security and privacy, Software and application security, Software security engineering
Journal
ACM Transactions on Software Engineering and Methodology
Pages (or article number)
3769009
ISSN
1049-331X, 1557-7392
DOI
Diffusion
License
CC BY
Visibility
Public
Status open access
Hybrid
