Raymond Muller

> Improvements in artificial intelligence and machine learning techniques have allowed for the proliferation of autonomous systems, including autonomous driving, automated surveillance, and unmanned aerial vehicles. Because autonomous systems are often utilized in safety-critical domains, where the consequences of an attack can include physical harm and damaged property, research has intensified in adversarial attacks against these systems. In response to this emerging field, my research vision is to examine new ways to attack and defend the perception in autonomous systems, through adversarial attacks and logical principles. My research has two thrusts: perception attacks and defenses. For perception attacks, we created an automated autonomous driving dataset generator for realistic perception data, and demonstrated physically launchable tracking attacks against Object Detection and Tracking (ODT). For perception defenses, we propose a general defense strategy for object detection attacks, ensuring that object movements align with typical class behavior, achieving a 99% detection rate surpassing prior defenses. For object tracking attacks, we leverage neuro-symbolic AI principles to detect attacks against the entire ODT pipeline. Finally, my current in-submission work introduces the first physically launchable availability attack targeting perception. I aim to further explore perception security in autonomous systems, especially those controlled by a unified neural network, and develop new methods for certifiably robust perception throughout the Object Detection and Tracking pipeline.