VisionGuard: Secure and Robust Visual Perception of Autonomous Vehicles in Practice

Modern Autonomous Vehicles (AVs) implement the Visual Perception Module (VPM) to perceive their surroundings. This VPM adopts various Deep Neural Network (DNN) models to process the data collected from cameras and LiDAR. Prior studies have shown that these models are vulnerable to physical adversarial examples (PAEs), which pose a critical safety risk to the autonomous driving task. While a few defense methods have been proposed to safeguard AVs, most of them only target a limited set of attack types and specific scenarios, making them impractical for real-world protection. In this paper, we introduce VisionGuard, a novel and practical methodology to comprehensively detect and mitigate various types of PAEs to the VPM. The key of VisionGuard is to leverage the spatiotemporal inconsistency property of PAEs to detect anomalies. It predicts the motion states from historical ones and compares them with the current driving states to identify any motion inconsistency caused by physical attacks. We evaluate 9 state-of-the-art PAEs against both camera and camera-LiDAR fusion-based object classification & detection models. Experimental results in both simulation and physical world validate the effectiveness and robustness of VisionGuard. Codes, demo videos and appendix can be found on our anonymous website: https: //sites.google.com/view/visionguard . CCS Concepts • Security and privacy → Systems security.