To enable safe and reliable decision-making, autonomous vehicles (AVs) feed sensor data to perception algorithms understand the environment. Sensor fusion with multi-frame tracking is becoming increasingly popular for detecting 3D objects. Thus, in this work, we perform an analysis of camera-LiDAR fusion, AV context, under LiDAR spoofing attacks. Recently, LiDAR-only was shown vulnerable attacks; however, demonstrate these attacks are not capable disrupting fusion. We then define a novel, context-aware attack: frustum attack, show that out 8 widely used - across 3 architectures all significantly attack. In addition, attack stealthy existing defenses against as it preserves consistencies between camera semantics. Finally, can be exercised consistently over time form longitudinal sequences, compromising module creating adverse outcomes on end-to-end control.

Load

Load