TY - GEN
T1 - DeGhost
T2 - 9th IEEE European Symposium on Security and Privacy, Euro S and P 2024
AU - Oyama, Hotaka
AU - Iijima, Ryo
AU - Mori, Tatsuya
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Autonomous systems that rely on object recognition are susceptible to the unique vulnerability of phantom attacks. In these scenarios, adversaries exploit the system by projecting sophisticated deceptive illusions that cause confusion between real objects and their virtual shadows. Despite the growing consensus on the importance of this threat, previous research has lacked comprehensive and quantitative assessments. In an effort to address this research gap, we first methodically investigated the success rates of attacks at various projection distances and angles. Following this baseline assessment, we conducted targeted experiments on two different setups: a black-box approach using the commercial DJI Mavic Air drone with its ActiveTrack feature, and a white-box approach using the open-source Tello drone integrated with YOLOv3 object recognition. These real-world evaluations clearly demonstrated the effectiveness of the phantom attacks. Considering the identified vulnerabilities, we developed DeGhost, a deep learning framework capable of distinguishing real entities from their projected counterparts. To ensure a holistic understanding of its performance, we projected phantoms using different types of projectors onto various surfaces such as concrete, screens, white cloth, white walls, whiteboards, and wooden boards. DeGhost was then evaluated against a range of SoTA object detectors, including the YOLO series, Faster R-CNN, and CenterNet. Our results underscored the ability of DeGhost to detect these phantom attacks with high accuracy, as evidenced by an AUC of 0.998, an FNR of 0.013, and an FPR of 0.018. In addition, the incorporation of an advanced Fourier technique enhanced the robustness of the model. This study not only illuminates the feasibility of the attack but also offers practical security countermeasures for emerging autonomous technologies.
AB - Autonomous systems that rely on object recognition are susceptible to the unique vulnerability of phantom attacks. In these scenarios, adversaries exploit the system by projecting sophisticated deceptive illusions that cause confusion between real objects and their virtual shadows. Despite the growing consensus on the importance of this threat, previous research has lacked comprehensive and quantitative assessments. In an effort to address this research gap, we first methodically investigated the success rates of attacks at various projection distances and angles. Following this baseline assessment, we conducted targeted experiments on two different setups: a black-box approach using the commercial DJI Mavic Air drone with its ActiveTrack feature, and a white-box approach using the open-source Tello drone integrated with YOLOv3 object recognition. These real-world evaluations clearly demonstrated the effectiveness of the phantom attacks. Considering the identified vulnerabilities, we developed DeGhost, a deep learning framework capable of distinguishing real entities from their projected counterparts. To ensure a holistic understanding of its performance, we projected phantoms using different types of projectors onto various surfaces such as concrete, screens, white cloth, white walls, whiteboards, and wooden boards. DeGhost was then evaluated against a range of SoTA object detectors, including the YOLO series, Faster R-CNN, and CenterNet. Our results underscored the ability of DeGhost to detect these phantom attacks with high accuracy, as evidenced by an AUC of 0.998, an FNR of 0.013, and an FPR of 0.018. In addition, the incorporation of an advanced Fourier technique enhanced the robustness of the model. This study not only illuminates the feasibility of the attack but also offers practical security countermeasures for emerging autonomous technologies.
KW - drone
KW - machine learning
KW - phantom attack
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85203692848&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85203692848&partnerID=8YFLogxK
U2 - 10.1109/EuroSP60621.2024.00013
DO - 10.1109/EuroSP60621.2024.00013
M3 - Conference contribution
AN - SCOPUS:85203692848
T3 - Proceedings - 9th IEEE European Symposium on Security and Privacy, Euro S and P 2024
SP - 78
EP - 94
BT - Proceedings - 9th IEEE European Symposium on Security and Privacy, Euro S and P 2024
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 8 July 2024 through 12 July 2024
ER -