Adversary is on the Road: Attacks on Visual SLAM using Unnoticeable Adversarial Patch

Authors: 

Baodong Chen, The Ohio State University; Wei Wang and Pascal Sikorski, Saint Louis University; Ting Zhu, The Ohio State University

Abstract: 

Visual Simultaneous Localization and Mapping (vSLAM) plays a pivotal role in numerous emerging applications, including autonomous driving and robotic navigation. It mainly utilizes consecutive frames captured by image sensors to conduct localization and build high-definition maps. However, existing approaches mainly focus on building reliable and accurate vSLAM systems, while little work has been done to investigate the vulnerability of existing vSLAM systems.

To fill the gap, we introduce an AoR (Adversary is on the Road) attack, which can effectively alter localization and mapping results of widely used vSLAM systems without being detected by the legitimate user. To do this, we conducted in-depth investigations on existing vSLAM systems and found that these systems are very sensitive to environmental texture changes. Building upon this insight, we design a novel adversarial patch generation mechanism that can generate unnoticeable adversarial patches to attack existing vSLAM systems. We extensively evaluate the effectiveness of the AoR attack on industry-level vehicles, robotic platforms, and four well-known open-source datasets. The evaluation results show that the AoR attack can effectively attack existing vSLAM systems and introduce extremely high localization errors (up to 713%). To mitigate this attack, we also designed an innovative defense module to simultaneously detect abnormal environmental texture distributions and support reliable vSLAM. Our defense module is lightweight and has the potential to be applied to existing vSLAM systems.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {299539,
author = {Baodong Chen and Wei Wang and Pascal Sikorski and Ting Zhu},
title = {Adversary is on the Road: Attacks on Visual {SLAM} using Unnoticeable Adversarial Patch},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {6345--6362},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/chen-baodong},
publisher = {USENIX Association},
month = aug
}

Presentation Video