Defenses against Evasion Attacks in the Eyes of Automotive Industry: Review from a Practical Perspective
| Title | Defenses against Evasion Attacks in the Eyes of Automotive Industry: Review from a Practical Perspective |
| Publication Type | Journal Article |
| Year of Publication | 2025 |
| Authors | Wainakh, A, Schwalbe, G, Loyal, AElisabeth, Yan, R, Chakraborty, T, Fietta, D, Wang, Y |
| Journal | IEEE Open Journal of Vehicular Technology |
| Pagination | 1–32 |
| ISSN | 2644-1330 |
| Keywords | adversarial attack, Artificial intelligence, Automotive engineering, autonomous driving, Data models, deep neural network, defense methods, Evasion attack, image-based model, Industries, perception system, Perturbation methods, Prevention and mitigation, Security, Surveys, Training, Training data |
| Abstract | Evasion attacks targeting perception systems, particularly image processing, pose a significant threat to the security, safety, and reliability of automated driving (AD). While a variety of defense methods have been proposed from research side, selecting a suitable one for industry use cases remains a challenge: Surveys and evaluations of state-of-the-art methods concentrate mostly on methodological instead of functional differences, and fail to draw a connection to defined industry requirements. The leaps in perception system complexity and automotive security standardization activities have widened this gap alarmingly. This survey aims to bridge concurrent research and novel practical application demands. For this we derive a concrete set of practical requirements from existing industry standards and automotive-specific requirements. This results in a novel, life-cycle inspired taxonomy and evaluation criteria for defense methods tailored to the industry applicability perspective. Lastly, we demonstrate the approach by reviewing and comparing a broad range of 78 state-of-the-art defense methods from literature in light of these requirements. We hope this work fosters research on defense method evaluation, and helps to bridge the gap between research and fast adoption in the automotive domain. |
| DOI | 10.1109/OJVT.2025.3595705 |
@article {1492,
title = {Defenses against Evasion Attacks in the Eyes of Automotive Industry: Review from a Practical Perspective},
journal = {IEEE Open Journal of Vehicular Technology},
year = {2025},
pages = {1{\textendash}32},
abstract = {<p>Evasion attacks targeting perception systems, particularly image processing, pose a significant threat to the security, safety, and reliability of automated driving (AD). While a variety of defense methods have been proposed from research side, selecting a suitable one for industry use cases remains a challenge: Surveys and evaluations of state-of-the-art methods concentrate mostly on methodological instead of functional differences, and fail to draw a connection to defined industry requirements. The leaps in perception system complexity and automotive security standardization activities have widened this gap alarmingly. This survey aims to bridge concurrent research and novel practical application demands. For this we derive a concrete set of practical requirements from existing industry standards and automotive-specific requirements. This results in a novel, life-cycle inspired taxonomy and evaluation criteria for defense methods tailored to the industry applicability perspective. Lastly, we demonstrate the approach by reviewing and comparing a broad range of 78 state-of-the-art defense methods from literature in light of these requirements. We hope this work fosters research on defense method evaluation, and helps to bridge the gap between research and fast adoption in the automotive domain.</p>
},
keywords = {adversarial attack, Artificial intelligence, Automotive engineering, autonomous driving, Data models, deep neural network, defense methods, Evasion attack, image-based model, Industries, perception system, Perturbation methods, Prevention and mitigation, Security, Surveys, Training, Training data},
issn = {2644-1330},
doi = {10.1109/OJVT.2025.3595705},
author = {Wainakh, Aidmar and Schwalbe, Gesina and Loyal, Antje Elisabeth and Yan, Rujiao and Chakraborty, Tanmay and Fietta, Dilara and Wang, Yi}
}- News
- Research
- Teaching
- Staff
- Martin Leucker
- Diedrich Wolter
- Ulrike Schräger-Ahrens
- Mahmoud Abdelrehim
- Aliyu Ali
- Christopher Walther
- Phillip Bende
- Moritz Bayerkuhnlein
- Marc Bätje
- Tobias Braun
- Gerhard Buntrock
- Raik Dankworth
- Anja Grotrian
- Raik Hipler
- Elaheh Hosseinkhani
- Frauke Kerlin
- Karam Kharraz
- Mohammad Khodaygani
- Ludwig Pechmann
- Waqas Rehan
- Martin Sachenbacher
- Andreas Schuldei
- Mahdi Pourghasem
- Manuel Herbst
- Inger Struve
- Annette Stümpel
- Gesina Schwalbe
- Tobias Schwartz
- Daniel Thoma
- Sparsh Tiwari
- Lars Vosteen
- Open Positions
- Contact