1. [Publications](/publications) 2. ML-driven Malware that Targets AV Safety # ML-driven Malware that Targets AV Safety ![Publication image](/sites/default/files/styles/wide/public/default_images/default.jpeg?itok=qUFsuJCP "Publication image") Ensuring the safety of autonomous vehicles (AVs) is critical for their mass deployment and public adoption. However, security attacks that violate safety constraints and cause accidents are a significant deterrent to achieving public trust in AVs, and that hinders a vendor’s ability to deploy AVs. Creating a security hazard that results in a severe safety compromise (for example, an accident) is compelling from an attacker’s perspective. In this paper, we introduce an attack model, a method to deploy the attack in the form of smart malware, and an experimental evaluation of its impact on production-grade autonomous driving software. We find that determining the time interval during which to launch the attack is critically important for causing safety hazards (such as collisions) with a high degree of success. For example, the smart malware caused 33×more forced emergency braking than random attacks did, and accidents in 52.6% of the driving simulations. ## Authors Saurabh Jha (UIUC) Shengkun Cui (UIUC) Subho S. Banerjee (UIUC) James Cyriac (UIUC) Timothy Tsai (NVIDIA) Zbigniew T. Kalbarczyk (UIUC) Ravishankar K. Iyer (UIUC) ## Publication Date Monday, June 29, 2020 ## Published in [International Conference on Dependable Systems and Networks (DSN)](https://ieeexplore.ieee.org/document/9153375) ## Research Area [Artificial Intelligence and Machine Learning ](/research-area/machine-learning-artificial-intelligence) [Autonomous Vehicles](/research-area/autonomous-vehicles) [Resilience and Safety](/research-area/resilience) ## External Links [IEEE Digital Library](https://ieeexplore.ieee.org/document/9153375) ## Uploaded Files [Published Manuscript](https://d1qx31qr3h6wln.cloudfront.net/publications/DSN_2020_ML_Malware.pdf "Open file in new window")1.53 MB ## Copyright This material is posted here with permission of the IEEE. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to .