Profile picture
Ariel Herbert-Voss
@adversariel
, 12 tweets, 4 min read Read on Twitter
Very cool work showing feasibility of an adversarial-example-based attack on self-driving cars 😈 I’ve been working on a similar hobby project and love how thorough this write-up is, and I have some comments on the real-world feasibility of these attacks:
They attack autowipers and lane-following through both digital and physical attacks. For digital they show you can inject adversarial examples onto GPU by hooking t_cuda_std_tmrc::compute. This is obviously much harder to accomplish IRL but absolutely worth considering
They expertly demonstrate why you should never put a browser on the same network as CAN Bus :P You need physical access once and then can run the attack remote - also note that you can do the injection without root!
Supposing every Tesla shows up on a tool like Shodan a network vuln means somebody can inject a noisy image impacting 400,000+ cars. If the noisy image fools even 0.01% of the cars the potential impact is still massive because every Tesla except the Roadster has autopilot...
They target the autowipers with a Worley noise image on an electronic display. However they DON'T say how effectiveness changes with screen size/relative orientation -> big difference between feasibility of billboard ad attack vs display which must be right in front of windshield
They target lane following by adding small white dots to an intersection to cause the car to go into the wrong lane. They acknowledge this attack is human-detectable in clear road conditions but I guarantee it can be obfuscated in icy conditions with carefully-placed sand/salt :P
The downside is that bad weather makes the road messier and harder to orchestrate specific behavior without a lot of planning and intervention, increasing adversary operational risk. To me weather robustness is the bigger safety issue here
Bad weather might inadvertently cause the system to perceive an adversarial-example-like attack, leading to similarly harmful outcomes. This needs to be explored more fully by autonomous car manufacturers as a point of general robustness rather than purely for security
Keen Lab’s writeup offers a concrete example of security risks in AI/ML systems - ML researchers please take note that the threat model focuses more on system architecture than on adversarial examples themselves!
This also fits nicely with the excellent paper by @jmgilmer @ryan_p_adams @goodfellow_ian et al about practical adversarial example threat models: arxiv.org/pdf/1807.06732…
Also check out the excellent blog post by @catherineols from earlier this week about conflating unsolved research problems with real-world threat models: medium.com/@catherio/unso…
This thread keeps on giving - just remembered relevant work presented at NeurIPS SecML 2018 by @jhasomesh et al about needing to consider system specifications and semantics when developing robust ML for self-driving cars and other cyber-physical systems
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Ariel Herbert-Voss
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related threads

Profile picture
Dad of Twins
@_Wardy_
.@prayingmedic @denise_artist @martingeddes
1] Dear World,
Tonight my heart has broken. As I look through the Twitterverse, I can smell the hated, see the seething self righteousnessof people who no longer have any compassion, dignity, moral compass or love for any human being.
2] The political turmoil in every country around the world is at a fever pitch. Left Vs Right, every shred of common sense, decency and respect afforded to us has been thrown out the widow.
To take a break from the insane world I was viewing, I took a step away & went inside...
3] I went to check on my sleeping boys to ensure they were okay....then it hit me...& it hit me like a sucker punch to the gut. What sort of world were my boys going to inherit, how could they possibly survive the onslaught of everyone telling them what they should be....
Read 15 tweets
Profile picture
Graviscera
@gravislizard
in this article about self-driving cars which ignores the humans inside of them, the passive voice is used at deafening volume to imply that the man mentioned *in this sentence* was not responsible for trying to *run cars off the road*. his (non-self-driving) jeep did it.
the self driving car thing is interesting for me. i'm absolutely, positively, firmly against them. i'm also against cars, but not the way a lot of anti-car people are because we can't change the fact that the US has handcuffed millions of poor people to their cars
you cannot replace a car with a bike for a person with severe arthritis who drives 15 miles to the only walmart that will employ them. you can't add a bus line that will get them to work without requiring them to leave at 4 AM.
Read 11 tweets
Profile picture
DHH
@dhh
"Self-driving cars just have to beat human drivers before they're good to go" is the kind of hyper-rational myopia that ignores basic human sensibilities. 40K/year die on US roads. Think we'll cheer for robot cars if they can just get that down to 38K? No. Need 10-100x better.
"Your son is dead because we shipped a bug in the AI code. We're really sorry about that! Here's a coupon for 2 years of free driving". No. Humans are not going to accept getting killed en masse by algorithms, even if strictly fewer die than by the hands of humans.
I can't imagine a worse job than working on self-driving AI algorithms. If you do the very best, you're simply fulfilling the expected prophesy of technology. If you make the slightest mistake, you've killed people.
Read 4 tweets
Profile picture
François Chollet
@fchollet
Self-driving cars a great example, because in this case there are two competing approaches -- the symbolic one, mostly consisting of handcrafted software encoding human abstractions, and the deep learning one, learned end-to-end. One will get to L4--even L5, the other never will.
It's not that deep learning is intrinsically incapable of driving -- it's that the situation space is extremely high-dimensional (due to edge cases), and that a deep learning system requires to be trained on a *dense sampling* of the same space that the system will operate in.
Because such a representative, dense sampling is impossible to obtain, even when heavily leveraging simulated environments, the symbolic approach will prevail (specifically, an approach that is mostly symbolic but blends human abstractions with learned perceptual primitives)
Read 3 tweets
Profile picture
laser is the sauce
@sarahjeong
In court for day 3 of Waymo v. Uber. So far there's been high drama and very little lawsuit. Yesterday's dispatch is here: theverge.com/2018/2/6/16982…
Still in motions practice but we're looking at a spreadsheet of deleted texts on Kalanick's phone, this is the war of the damning spreadsheets
WE'RE BACK TO THE GREED IS GOOD CLIP
Read 251 tweets
Profile picture
laser is the sauce
@sarahjeong
#UberWaymo has begun. Here's what's at stake: theverge.com/2018/2/5/16955…
Most journalists have been relegated to the overflow and Judge Alsup is mad
ALSUP: This is unconscionable that the law firms take up this much space. The reason the public is not in here is that you've failed me once again.
Read 169 tweets

Trending hashtags

#Compassion #dontwanttoforgetaboutthemuffins #StealthElf #extraordinarylife #happy #poundofflesh #ExploreTheWorld #French #FollowYourDream #TryNewThings #mRNATranslation #sparkle #Lawyer #childhood #dontHesitate #challenge #NeverStopTrying #Values #Impeach #AmazingResearch #learn #Colombia #knowledge #English #StrongFamily
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!