Avara: A Uniform Evaluation System for Perceptibility Analysis Against Adversarial Object Evasion Attacks

Thanks to recent advances in machine learning (ML) techniques, Autonomous Driving (AD) has seen significant breakthroughs with enhanced capabilities. However, the susceptibility of ML models to adversarial evasion attacks poses a critical threat, undermining the reliability of autonomous driving systems. Despite efforts by researchers to mitigate these attacks within the AD context, unfortunately, a significant gap persists in fully understanding such adversarial maneuvers, particularly from a driver's perspective. To bridge this gap, we propose Avara, the first unified evaluation platform for assessing human drivers' perceptibility to adversarial attacks in AD contexts. Leveraging Virtual Reality (VR) and eyetracking technology, Avara captures multi-modal driver awareness data, enabling detailed assessments of driver perception. Our approach integrates three distinct sources of multi-modal awareness evaluation metrics, addressing gaps inherent in previous evaluation strategies. The effectiveness and usability of Avara were validated through a human subject study, where participants engaged actively with the platform and provided extensive feedback on their perception and response to adversarial evasion attacks. Utilizing Avara, we identify an intriguing discovery that the current imperceptibility metrics for adversarial attacks fail to accurately reflect the autonomous vehicle driver's perceptibility. CCS Concepts • Security and privacy → Usability in security and privacy; • Human-centered computing → User studies.