NDSS 2025 – On The Realism Of LiDAR Spoofing Attacks Against Autonomous Driving Vehicle
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。首先,我得仔细阅读用户提供的文章内容,找出关键信息。
文章标题是“Revisiting Physical-World Adversarial Attack On Traffic Sign Recognition: A Commercial Systems Perspective”,作者来自加州大学欧文分校等机构。内容主要讨论了交通标志识别系统(TSR)在现实世界中的对抗攻击情况。
文章指出,之前的研究主要集中在学术模型上,而忽略了商用系统的漏洞。研究发现,现有的攻击方法对某些商用系统有100%的成功率,但整体成功率较低。这可能是因为商用系统采用了空间记忆设计,影响了攻击效果。因此,作者提出了新的评估指标,并发现了七个新观察点。
接下来,我需要将这些信息浓缩到100字以内。要确保涵盖研究对象、发现的问题、结果以及影响因素。同时,避免使用复杂的术语,让总结简洁明了。
最后,检查字数是否符合要求,并确保内容准确传达文章的核心观点。
</think>
研究探讨了物理世界中针对交通标志识别系统的对抗攻击对商用系统的影响。发现现有攻击方法对某些商用系统具有高成功率(100%),但整体成功率较低。商用系统的空间记忆设计可能是影响因素之一,并提出了新的评估指标以重新审视现有攻击方法。
2026-3-4 20:0:0
Author: securityboulevard.com(查看原文)
阅读量:17
收藏
Session 14D: Autonomous Vehicles
Authors, Creators & Presenters: Ningfei Wang (University of California, Irvine), Shaoyuan Xie (University of California, Irvine), Takami Sato (University of California, Irvine), Yunpeng Luo (University of California, Irvine), Kaidi Xu (Drexel University), Qi Alfred Chen (University of California, Irvine)
PAPER
Revisiting Physical-World Adversarial Attack On Traffic Sign Recognition: A Commercial Systems Perspective
Traffic Sign Recognition (TSR) is crucial for safe and correct driving automation. Recent works revealed a general vulnerability of TSR models to physical-world adversarial attacks, which can be low-cost, highly deployable, and capable of causing severe attack effects such as hiding a critical traffic sign or spoofing a fake one. However, so far existing works generally only considered evaluating the attack effects on academic TSR models, leaving the impacts of such attacks on real-world commercial TSR systems largely unclear. In this paper, we conduct the first large-scale measurement of physical-world adversarial attacks against commercial TSR systems. Our testing results reveal that it is possible for existing attack works from academia to have highly reliable (100%) attack success against certain commercial TSR system functionality, but such attack capabilities are not generalizable, leading to much lower-than-expected attack success rates overall. We find that one potential major factor is a spatial memorization design that commonly exists in today’s commercial TSR systems. We design new attack success metrics that can mathematically model the impacts of such design on the TSR system-level attack success, and use them to revisit existing attacks. Through these efforts, we uncover 7 novel observations, some of which directly challenge the observations or claims in prior works due to the introduction of the new metrics.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
