LiDAR (Light Detection And Ranging) is an indispensable sensor for precise long- and wide-range 3D sensing, which directly benefited the recent rapid deployment of autonomous driving (AD). Meanwhile, such a safety-critical application strongly motivates its security research. A recent line of research demonstrates that one can manipulate the LiDAR point cloud and fool object detection by firing malicious lasers against LiDAR. However, these efforts face 3 critical research gaps: (1) evaluating only on a specific LiDAR (VLP-16); (2) assuming unvalidated attack capabilities; and (3) evaluating with models trained on limited datasets. To fill these critical research gaps, we conduct the first large-scale measurement study on LiDAR spoofing attack capabilities on object detectors with 9 popular LiDARs in total and 3 major types of object detectors. To perform this measurement, we significantly improved the LiDAR spoofing capability with more careful optics and functional electronics, which allows us to be the first to clearly demonstrate and quantify key attack capabilities assumed in prior works. However, we further find that such key assumptions actually can no longer hold for all the other (8 out of 9) LiDARs that are more recent than VLP-16 due to various recent LiDAR features. To this end, we further identify a new type of LiDAR spoofing attack that can improve on this and be applicable to a much more general and recent set of LiDARs. We find that its attack capability is enough to (1) cause end-to-end safety hazards in simulated AD scenarios, and (2) remove real vehicles in the physical world. We also discuss the defense side.
翻译:激光雷达(LiDAR)是用于长距离和广域三维感测的不可或缺传感器,直接促进了自动驾驶(AD)的快速部署。同时,这种关乎安全的应用强烈促进了其安全研究。最近的一系列研究表明,人们可以通过向激光雷达发射恶意激光来操纵激光雷达点云,并欺骗物体检测。但是,这些努力面临三个关键的研究难题:(1)只在一个特定的激光雷达(VLP-16)上进行评估;(2)假设攻击能力未经验证;以及(3)在限制数据集上进行模型评估。为填补这些关键的研究空白,我们对9种广泛使用的激光雷达和3种主要类型的物体检测器进行了第一次大规模的激光雷达欺骗攻击能力的测量研究。为了进行这种测量,我们通过更加谨慎的光学和功能电子学显著改进了激光雷达欺骗能力,这使我们成为第一个明确展示并量化先前工作中关键攻击能力的研究人员。然而,我们进一步发现,这些关键假设对于VLP-16更近的8种激光雷达来说实际上已经不能再维持,因为这些激光雷达具有各种各样的最新激光雷达特性。因此,我们进一步确定了一种新型的激光雷达欺骗攻击类型,可以对这些更广泛和最新的激光雷达进行改进和应用。我们发现,它的攻击能力足以(1)在模拟的AD场景中引起端到端的安全危害,和(2)删除现实世界中的真实车辆。我们还讨论了防御方面的问题。