-
Multi-Robot Coordination with Adversarial Perception
Authors:
Rayan Bahrami,
Hamidreza Jafarnejadsani
Abstract:
This paper investigates the resilience of perception-based multi-robot coordination with wireless communication to online adversarial perception. A systematic study of this problem is essential for many safety-critical robotic applications that rely on the measurements from learned perception modules. We consider a (small) team of quadrotor robots that rely only on an Inertial Measurement Unit (IM…
▽ More
This paper investigates the resilience of perception-based multi-robot coordination with wireless communication to online adversarial perception. A systematic study of this problem is essential for many safety-critical robotic applications that rely on the measurements from learned perception modules. We consider a (small) team of quadrotor robots that rely only on an Inertial Measurement Unit (IMU) and the visual data measurements obtained from a learned multi-task perception module (e.g., object detection) for downstream tasks, including relative localization and coordination. We focus on a class of adversarial perception attacks that cause misclassification, mislocalization, and latency. We propose that the effects of adversarial misclassification and mislocalization can be modeled as sporadic (intermittent) and spurious measurement data for the downstream tasks. To address this, we present a framework for resilience analysis of multi-robot coordination with adversarial measurements. The framework integrates data from Visual-Inertial Odometry (VIO) and the learned perception model for robust relative localization and state estimation in the presence of adversarially sporadic and spurious measurements. The framework allows for quantifying the degradation in system observability and stability in relation to the success rate of adversarial perception. Finally, experimental results on a multi-robot platform demonstrate the real-world applicability of our methodology for resource-constrained robotic platforms.
△ Less
Submitted 11 April, 2025;
originally announced April 2025.
-
Distributed Detection of Adversarial Attacks for Resilient Cooperation of Multi-Robot Systems with Intermittent Communication
Authors:
Rayan Bahrami,
Hamidreza Jafarnejadsani
Abstract:
This paper concerns the consensus and formation of a network of mobile autonomous agents in adversarial settings where a group of malicious (compromised) agents are subject to deception attacks. In addition, the communication network is arbitrarily time-varying and subject to intermittent connections, possibly imposed by denial-of-service (DoS) attacks. We provide explicit bounds for network conne…
▽ More
This paper concerns the consensus and formation of a network of mobile autonomous agents in adversarial settings where a group of malicious (compromised) agents are subject to deception attacks. In addition, the communication network is arbitrarily time-varying and subject to intermittent connections, possibly imposed by denial-of-service (DoS) attacks. We provide explicit bounds for network connectivity in an integral sense, enabling the characterization of the system's resilience to specific classes of adversarial attacks. We also show that under the condition of connectivity in an integral sense uniformly in time, the system is finite-gain $\mathcal{L}_{p}$ stable and uniformly exponentially fast consensus and formation are achievable, provided malicious agents are detected and isolated from the network. We present a distributed and reconfigurable framework with theoretical guarantees for detecting malicious agents, allowing for the resilient cooperation of the remaining cooperative agents. Simulation studies are provided to illustrate the theoretical findings.
△ Less
Submitted 6 October, 2024;
originally announced October 2024.
-
Learning When to Use Adaptive Adversarial Image Perturbations against Autonomous Vehicles
Authors:
Hyung-Jin Yoon,
Hamidreza Jafarnejadsani,
Petros Voulgaris
Abstract:
The deep neural network (DNN) models for object detection using camera images are widely adopted in autonomous vehicles. However, DNN models are shown to be susceptible to adversarial image perturbations. In the existing methods of generating the adversarial image perturbations, optimizations take each incoming image frame as the decision variable to generate an image perturbation. Therefore, give…
▽ More
The deep neural network (DNN) models for object detection using camera images are widely adopted in autonomous vehicles. However, DNN models are shown to be susceptible to adversarial image perturbations. In the existing methods of generating the adversarial image perturbations, optimizations take each incoming image frame as the decision variable to generate an image perturbation. Therefore, given a new image, the typically computationally-expensive optimization needs to start over as there is no learning between the independent optimizations. Very few approaches have been developed for attacking online image streams while considering the underlying physical dynamics of autonomous vehicles, their mission, and the environment. We propose a multi-level stochastic optimization framework that monitors an attacker's capability of generating the adversarial perturbations. Based on this capability level, a binary decision attack/not attack is introduced to enhance the effectiveness of the attacker. We evaluate our proposed multi-level image attack framework using simulations for vision-guided autonomous vehicles and actual tests with a small indoor drone in an office environment. The results show our method's capability to generate the image attack in real-time while monitoring when the attacker is proficient given state estimates.
△ Less
Submitted 15 March, 2023; v1 submitted 27 December, 2022;
originally announced December 2022.
-
Multi-level Adaptation for Automatic Landing with Engine Failure under Turbulent Weather
Authors:
Haotian Gu,
Hamidreza Jafarnejadsani
Abstract:
This paper addresses efficient feasibility evaluation of possible emergency landing sites, online navigation, and path following for automatic landing under engine-out failure subject to turbulent weather. The proposed Multi-level Adaptive Safety Control framework enables unmanned aerial vehicles (UAVs) under large uncertainties to perform safety maneuvers traditionally reserved for human pilots w…
▽ More
This paper addresses efficient feasibility evaluation of possible emergency landing sites, online navigation, and path following for automatic landing under engine-out failure subject to turbulent weather. The proposed Multi-level Adaptive Safety Control framework enables unmanned aerial vehicles (UAVs) under large uncertainties to perform safety maneuvers traditionally reserved for human pilots with sufficient experience. In this framework, a simplified flight model is first used for time-efficient feasibility evaluation of a set of landing sites and trajectory generation. Then, an online path following controller is employed to track the selected landing trajectory. We used a high-fidelity simulation environment for a fixed-wing aircraft to test and validate the proposed approach under various weather uncertainties. For the case of emergency landing due to engine failure under severe weather conditions, the simulation results show that the proposed automatic landing framework is robust to uncertainties and adaptable at different landing stages while being computationally inexpensive for planning and tracking tasks.
△ Less
Submitted 9 September, 2022;
originally announced September 2022.
-
A Modular Continuum Manipulator for Aerial Manipulation and Perching
Authors:
Qianwen Zhao,
Guoqing Zhang,
Hamidreza Jafarnejadsani,
Long Wang
Abstract:
Most aerial manipulators use serial rigid-link designs, which results in large forces when initiating contacts during manipulation and could cause flight stability difficulty. This limitation could potentially be improved by the compliance of continuum manipulators. To achieve this goal, we present the novel design of a compact, lightweight, and modular cable-driven continuum manipulator for aeria…
▽ More
Most aerial manipulators use serial rigid-link designs, which results in large forces when initiating contacts during manipulation and could cause flight stability difficulty. This limitation could potentially be improved by the compliance of continuum manipulators. To achieve this goal, we present the novel design of a compact, lightweight, and modular cable-driven continuum manipulator for aerial drones. We then derive a complete modeling framework for its kinematics, statics, and stiffness (compliance). The framework is essential for integrating the manipulator to aerial drones. Finally, we report preliminary experimental validations of the hardware prototype, providing insights on its manipulation feasibility. Future work includes the integration and test of the proposed continuum manipulator with aerial drones.
△ Less
Submitted 13 June, 2022;
originally announced June 2022.
-
Detection of Stealthy Adversaries for Networked Unmanned Aerial Vehicles*
Authors:
Rayan Bahrami,
Hamidreza Jafarnejadsani
Abstract:
A network of unmanned aerial vehicles (UAVs) provides distributed coverage, reconfigurability, and maneuverability in performing complex cooperative tasks. However, it relies on wireless communications that can be susceptible to cyber adversaries and intrusions, disrupting the entire network's operation. This paper develops model-based centralized and decentralized observer techniques for detect…
▽ More
A network of unmanned aerial vehicles (UAVs) provides distributed coverage, reconfigurability, and maneuverability in performing complex cooperative tasks. However, it relies on wireless communications that can be susceptible to cyber adversaries and intrusions, disrupting the entire network's operation. This paper develops model-based centralized and decentralized observer techniques for detecting a class of stealthy intrusions, namely zero-dynamics and covert attacks, on networked UAVs in formation control settings. The centralized observer that runs in a control center leverages switching in the UAVs' communication topology for attack detection, and the decentralized observers, implemented onboard each UAV in the network, use the model of networked UAVs and locally available measurements. Experimental results are provided to show the effectiveness of the proposed detection schemes in different case studies.
△ Less
Submitted 22 May, 2022; v1 submitted 19 February, 2022;
originally announced February 2022.
-
Privacy-Preserving Stealthy Attack Detection in Multi-Agent Control Systems
Authors:
Rayan Bahrami,
Hamidreza Jafarnejadsani
Abstract:
This paper develops a glocal (global-local) attack detection framework to detect stealthy cyber-physical attacks, namely covert attack and zero-dynamics attack, against a class of multi-agent control systems seeking average consensus. The detection structure consists of a global (central) observer and local observers for the multi-agent system partitioned into clusters. The proposed structure ad…
▽ More
This paper develops a glocal (global-local) attack detection framework to detect stealthy cyber-physical attacks, namely covert attack and zero-dynamics attack, against a class of multi-agent control systems seeking average consensus. The detection structure consists of a global (central) observer and local observers for the multi-agent system partitioned into clusters. The proposed structure addresses the scalability of the approach and the privacy preservation of the multi-agent system's state information. The former is addressed by using decentralized local observers, and the latter is achieved by imposing unobservability conditions at the global level. Also, the communication graph model is subject to topology switching, triggered by local observers, allowing for the detection of stealthy attacks by the global observer. Theoretical conditions are derived for detectability of the stealthy attacks using the proposed detection framework. Finally, a numerical simulation is provided to validate the theoretical findings.
△ Less
Submitted 28 September, 2021;
originally announced September 2021.
-
Learning Image Attacks toward Vision Guided Autonomous Vehicles
Authors:
Hyung-Jin Yoon,
Hamidreza Jafarnejadsani,
Petros Voulgaris
Abstract:
While adversarial neural networks have been shown successful for static image attacks, very few approaches have been developed for attacking online image streams while taking into account the underlying physical dynamics of autonomous vehicles, their mission, and environment. This paper presents an online adversarial machine learning framework that can effectively misguide autonomous vehicles' mis…
▽ More
While adversarial neural networks have been shown successful for static image attacks, very few approaches have been developed for attacking online image streams while taking into account the underlying physical dynamics of autonomous vehicles, their mission, and environment. This paper presents an online adversarial machine learning framework that can effectively misguide autonomous vehicles' missions. In the existing image attack methods devised toward autonomous vehicles, optimization steps are repeated for every image frame. This framework removes the need for fully converged optimization at every frame to realize image attacks in real-time. Using reinforcement learning, a generative neural network is trained over a set of image frames to obtain an attack policy that is more robust to dynamic and uncertain environments. A state estimator is introduced for processing image streams to reduce the attack policy's sensitivity to physical variables such as unknown position and velocity. A simulation study is provided to validate the results.
△ Less
Submitted 17 May, 2021; v1 submitted 9 May, 2021;
originally announced May 2021.
-
Detectability of Intermittent Zero-Dynamics Attack in Networked Control Systems
Authors:
Yanbing Mao,
Hamidreza Jafarnejadsani,
Pan Zhao,
Emrah Akyol,
Naira Hovakimyan
Abstract:
This paper analyzes stealthy attacks, particularly the zero-dynamics attack (ZDA) in networked control systems. ZDA hides the attack signal in the null-space of the state-space representation of the control system and hence it cannot be detected via conventional detection methods. A natural defense strategy builds on changing the null-space via switching through a set of topologies. In this paper,…
▽ More
This paper analyzes stealthy attacks, particularly the zero-dynamics attack (ZDA) in networked control systems. ZDA hides the attack signal in the null-space of the state-space representation of the control system and hence it cannot be detected via conventional detection methods. A natural defense strategy builds on changing the null-space via switching through a set of topologies. In this paper, we propose a realistic ZDA variation where the attacker is aware of this topology-switching strategy, and hence employs the policy to avoid detection: "pause (update and resume) attack" before (after) topology switching to evade detection. We first systematically study the proposed ZDA variation, and then develop defense strategies under the realistic assumptions. Particularly, we characterize conditions for detectability of the proposed ZDA variation, in terms of the network topologies to be maintained, the set of agents to be monitored, and the measurements of the monitored agents that should be extracted. We provide numerical results that demonstrate our theoretical findings.
△ Less
Submitted 15 September, 2019;
originally announced September 2019.
-
Novel Stealthy Attack and Defense Strategies for Networked Control Systems
Authors:
Yanbing Mao,
Hamidreza Jafarnejadsani,
Pan Zhao,
Emrah Akyol,
Naira Hovakimyan
Abstract:
This paper studies novel attack and defense strategies, based on a class of stealthy attacks, namely the zero-dynamics attack (ZDA), for multi-agent control systems. ZDA poses a formidable security challenge since its attack signal is hidden in the null-space of the state-space representation of the control system and hence it can evade conventional detection methods. An intuitive defense strategy…
▽ More
This paper studies novel attack and defense strategies, based on a class of stealthy attacks, namely the zero-dynamics attack (ZDA), for multi-agent control systems. ZDA poses a formidable security challenge since its attack signal is hidden in the null-space of the state-space representation of the control system and hence it can evade conventional detection methods. An intuitive defense strategy builds on changing the aforementioned representation via switching through a set of carefully crafted topologies. In this paper, we propose realistic ZDA variations where the attacker is aware of this topology-switching strategy, and hence employs the following policies to avoid detection: (i) pause, update and resume ZDA according to the knowledge of switching topologies; (ii) cooperate with a concurrent stealthy topology attack that alters network topology at switching times, such that the original ZDA is feasible under the corrupted topology. We first systematically study the proposed ZDA variations, and then develop defense strategies against them under the realistic assumption that the defender has no knowledge of attack starting, pausing, and resuming times and the number of misbehaving agents. Particularly, we characterize conditions for detectability of the proposed ZDA variations, in terms of the network topologies to be maintained, the set of agents to be monitored, and the measurements of the monitored agents that should be extracted, while simultaneously preserving the privacy of the states of the non-monitored agents. We then propose an attack detection algorithm based on the Luenberger observer, using the characterized detectability conditions. We provide numerical simulation results to demonstrate our theoretical findings.
△ Less
Submitted 25 April, 2020; v1 submitted 26 August, 2019;
originally announced August 2019.
