Review of Internet of Vehicle Security Research: Threats, Countermeasures, and Future Prospects

Kuang Boyu; Li Yuze; Gu Fangming; Su Mang; Fu Anmin

doi:10.7544/issn1000-1239.202330464

Journal of Computer Research and Development > 2023 > 60(10): 2304-2321. > DOI: 10.7544/issn1000-1239.202330464

Kuang Boyu, Li Yuze, Gu Fangming, Su Mang, Fu Anmin. Review of Internet of Vehicle Security Research: Threats, Countermeasures, and Future Prospects[J]. Journal of Computer Research and Development, 2023, 60(10): 2304-2321. DOI: 10.7544/issn1000-1239.202330464

Citation:

PDF (2399 KB)

Review of Internet of Vehicle Security Research: Threats, Countermeasures, and Future Prospects

Kuang Boyu^{1, 2},
Li Yuze¹,
Gu Fangming³,
Su Mang³,
Fu Anmin^{1, 2, 3, ,}

1.
School of Cyber Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094
2.
State Key Laboratory of Integrated Services Networks, (Xidian University), Xi’an 710071
3.
School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094

Funds: This work was supported by the National Natural Science Foundation of China (62072239), the Open Foundation of the State Key Laboratory of Integrated Services Networks (ISN24-15), Qing Lan Project of Jiangsu Province, Future Network Scientific Research Fund Project (FNSRFP-2021-ZD-05), the Fundamental Research Funds for the Central Universities (30921013111), and Jiangsu Funding Program for Excellent Postdoctoral Talent.

More Information

Author Bio:
Kuang Boyu: born in 1994. PhD. His current research interests include IoT security and IoV security

Li Yuze: born in 2000. Master candidate. His research interests include IoV security and privacy preserving

Gu Fangming: born in 1999. Master candidate. Her research interests include IoV security and privacy preserving

Su Mang: born in 1987. PhD, associate professor. Her main research interests include cloud security, access control, and right management

Fu Anmin: born in 1981. PhD, professor, PhD supervisor. Senior member of CCF. His research interests include cryptography and privacy preserving
Received Date: June 04, 2023
Revised Date: August 13, 2023
Available Online: August 20, 2023

Graphical Abstract

Abstract

Abstract

As an integrated network supporting various functions (e.g., traffic management, information services, and vehicle control), Internet of vehicle (IoV) provides information services to different entities such as vehicles, roads, humans, and clouds. IoV brings a significant contribution to road safety and traffic efficiency. However, the large and complex IoV network architecture also exposes a vast number of attack surfaces, which in turn may cause vehicle theft, information leakage, driving failure, and other security incidents. In this paper, based on an in-depth summary of the existing literatures on IoV security, we divide IoV framework into two parts: the intra-vehicle network and the extra-vehicle network. Then, we further granularly divide the intra-vehicle network into three layers: the firmware layer, the intra-vehicle communication layer, and the application decision layer, while dividing the extra-vehicle network into three layers: the device layer, the extra-vehicle communication layer, and the application & data layer. Based on the framework, then we systematically analyse and summarize the existing attack threats at each layer, as well as outlining and comparing the security countermeasures that can be taken at each layer. Next, we introduce the current key technologies applied in IoV security. Finally, we forecast several future research directions for IoV security.
- IoV,
- attack threats,
- security countermeasures,
- intra-vehicle network,
- extra-vehicle network

FullText(HTML)

References (83)

References

[1]	王秀峰,崔刚,王春萌. 城市车联网V2V链路时延动态预测[J]. 计算机研究与发展,2017,54(12):2721−2730 doi: 10.7544/issn1000-1239.2017.20158391 Wang Xiufeng, Cui Gang, Wang Chunmeng. Dynamic prediction of V2V link delay in urban Internet of vehicles[J]. Journal of Computer Research and Development, 2017, 54(12): 2721−2730 (in Chinese) doi: 10.7544/issn1000-1239.2017.20158391
[2]	Zhang Ning, Yang Peng, Ren Ju, et al. Synergy of big data and 5G wireless networks: Opportunities, approaches, and challenges[J]. IEEE Wireless Communications, 2018, 25(1): 12−18 doi: 10.1109/MWC.2018.1700193
[3]	唐晓岚,顼尧,陈文龙. 公交数据驱动的城市车联网转发机制[J]. 计算机研究与发展,2020,57(4):723−735 doi: 10.7544/issn1000-1239.2020.20190876 Tang Xiaolan, Xu Yao, Chen Wenlong. Bus data-driven city Internet of vehicles forwarding mechanism[J]. Journal of Computer Research and Development, 2020, 57(4): 723−735 (in Chinese) doi: 10.7544/issn1000-1239.2020.20190876
[4]	刘媛妮,李奕,陈山枝. 基于区块链的车联网安全综述[J]. 中国科学:信息科学,2023,53(5):841−877 doi: 10.1360/SSI-2022-0019 Liu Yuanni, Li Yi, Chen Shanzhi. Blockchain-based Internet of vehicles security: A review[J]. SCIENTIA SINICA Informationis, 2023, 53(5): 841−877 (in Chinese) doi: 10.1360/SSI-2022-0019
[5]	李兴华,钟成,陈颖,等. 车联网安全综述[J]. 信息安全学报,2019,4(3):17−33 Li Xinghua, Zhong Cheng, Chen Ying, et al. Overview of Internet of vehicles security[J]. Journal of Cyber Security, 2019, 4(3): 17−33 (in Chinese)
[6]	Kuang Boyu, Anmin Fu, Gao Yansong, et al. FeSA: Automatic federated swarm attestation on dynamic large-scale IoT devices[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 20(4): 2954-2969
[7]	安全研究人员曝光多款电动汽车充电器与充电网络存在的隐患 [EB/OL]. （2021-08-04） [2023-05-31]. https: //hackernews.cc/archives/35753
[8]	Vilius petkauskas, Sultan Khan, Hyundai APP bug allows anyone to unlock and start the car remotely [EB/OL]. (2022-12-01) [2023-05-31]. https://cybernews.com/news /hyundai-bug-allows-unlocking-car-remotely/
[9]	Technical advisory–tesla BLE phone-as-a-key passive entry vulnerable to relay attacks [EB/OL]. (2022-05-15) [2023-05-31]. https://research.nccgroup.com/2022/05/15/technical-advisory-tesla-ble-phone-as-a-key-passive-entry-vulnerable-to-relay-attacks/
[10]	Nassi B, Mirsky Y, Nassi D, et al. Phantom of the ADAS: Securing advanced driver-assistance systems from split-second phantom attacks[C] //Proc of the ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2020: 293−308
[11]	Man Yanmao, Muller R, Li Ming, et al. That person moves like a car: Misclassification attack detection for autonomous systems using spatiotemporal consistency[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2023: 6929-6946
[12]	Wang Wei, Yao Yao, Liu Xin, et al. I can see the light: Attacks on autonomous vehicles using invisible lights[C] //Proc of ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2021: 1930−1944
[13]	Zeng kexiong, Liu Shinan, Shu Yuanchao, et al. All your GPS are belong to us: Towards stealthy manipulation of road navigation systems[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2018: 1527−1544
[14]	Shen Junjie, Won J Y, Chen Zeyuan, et al. Drift with devil: Security of multi-sensor fusion based localization in high-level autonomous driving under GPS spoofing[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2020: 931−948
[15]	Sun Jiachen, Cao Yulong, Chen Q A, et al. Towards robust LiDAR-based perception in autonomous driving: General black-box adversarial sensor attack and countermeasures[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2020: 877−894
[16]	Cao Yulong, Bhupathiraju S H, Naghavi P, et al. You can't see me: Physical removal attacks on LiDAR-based autonomous vehicles driving frameworks[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2023: 2993-3010
[17]	Hallyburton R S, Liu Yupei, Cao Yulong, et al. Security analysis of camera-LiDAR fusion against black-box attacks on autonomous vehicles[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2022: 1903−1920
[18]	Zhu Yi, Miao Chenglin, Zheng Tianhang, et al. Can we use arbitrary objects to attack LiDAR perception in autonomous driving?[C] //Proc of ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2021: 1945−1960
[19]	Cao Yulong, Wang Ningfei, Xiao Chaowei, et al. Invisible for both camera and LiDAR: Security of multi-sensor fusion based perception in autonomous driving under physical-world attacks[C] //Proc of IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2021: 176−194
[20]	Kulandaivel S, Jain S, Guajardo J, et al. Cannon: Reliable and stealthy remote shutdown attacks via unaltered automotive microcontrollers[C] //Proc of IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2021: 195−210
[21]	Bhatia R, Kumar V, Serag K, et al. Evading voltage-based intrusion detection on automotive CAN[C] //Proc of Network and Distributed System Security Symp. Reston, VA: Internet Society, 2021 [2023-06-05] .https://dx.doi.org/10.14722/ndss.2021.23013
[22]	Serag K, Bhatia R, Kumar V, et al. Exposing new vulnerabilities of error handling mechanism in CAN[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2021: 4241−4258
[23]	de Faveri Tron A, Longari S, Carminati M, et al. CANflict: Exploiting peripheral conflicts for data-link layer attacks on automotive networks[C] //Proc of ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2022: 711−723
[24]	Groza B, Popa L, Murvay P S, et al. CANARY−A reactive defense mechanism for controller area networks based on active relays[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2021: 4259−4276
[25]	Cao Yulong, Xiao Chaowei, Cyr B, et al. Adversarial sensor attack on LiDAR-based perception in autonomous driving[C] //Proc of ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2019: 2267−2281
[26]	Jing Pengfei, Tang Qiyi, Du Yuefeng, et al. Too good to be safe: Tricking lane detection in autonomous driving with crafted perturbations[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2021: 3237−3254
[27]	Muller R, Man Yanmao, Celik Z B, et al. Physical hijacking attacks against object trackers[C] //Proc of ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2022: 2309−2322
[28]	Wan Ziwen, Shen Junjie, Chuang Jalen, et al. Too afraid to drive: Systematic discovery of semantic DoS vulnerability in autonomous driving planning under physical-world attacks[C] //Proc of Network and Distributed System Security Symp. Reston, VA: Internet Society, 2022.
[29]	Sato T, Shen Junjie, Wang Ningfei, et al. Dirty road can attack: Security of deep learning based automated lane centering under physical-world attack[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2021: 3309−3326
[30]	Wen Haohuang, Chen Q A, Lin Zhiqiang. Plug-N-Pwned: Comprehensive vulnerability analysis of OBD-II dongles as a new over-the-air attack surface in automotive IoT[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2020: 949−965
[31]	Xie Xinyi, Jiang Kun, Dai Rui, et al. Access your tesla without your awareness: compromising keyless entry system of Model 3[C] //Proc of Network and Distributed System Security Symp. Reston, VA: Internet Society, 2023 [2023-06-05]. https://dx.doi.org/10.14722/ndss.2021.23013
[32]	韩牟,杨晨,华蕾,等. 面向移动边缘计算车联网中车辆假名管理方案[J]. 计算机研究与发展,2022,59(4):781−795 doi: 10.7544/issn1000-1239.20200620 Han Mou, Yang Chen, Hua Lei, et al. Vehicle pseudonym management scheme for mobile edge computing in Internet of vehicles[J]. Journal of Computer Research and Development, 2022, 59(4): 781−795 (in Chinese) doi: 10.7544/issn1000-1239.20200620
[33]	辛燕,冯霞,李婷婷. VANET中位置相关的轻量级Sybil攻击检测方法[J]. 通信学报,2017,38(4):110−119 Xin Yan, Feng Xia, Li Tingting. Lightweight Sybil attack detection method based on location in VANET[J]. Journal on Communications, 2017, 38(4): 110−119 (in Chinese)
[34]	Jiang Junjie, Susilo W, Baek J. Security analysis of “SMAKA: Secure many-to-many authentication and key agreement scheme for vehicular networks”[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 3006−3007 doi: 10.1109/TIFS.2022.3198858
[35]	姚海龙,闫巧. 面向车联网增值服务的匿名认证协议的密码分析与设计[J]. 计算机研究与发展,2022,59(2):440−451 doi: 10.7544/issn1000-1239.20200487 Yao Hailong, Yan Qiao. Cryptanalysis and design of an anonymous authentication protocol for value-added services in the Internet of vehicles[J]. Journal of Computer Research and Development, 2022, 59(2): 440−451 (in Chinese) doi: 10.7544/issn1000-1239.20200487
[36]	侯慧莹,廉欢欢,赵运磊. 面向自动驾驶的高效可追踪的车联网匿名通信方案[J]. 计算机研究与发展,2022,59(4):894−906 doi: 10.7544/issn1000-1239.20200915 Hou Huiying, Lian Huanhuan, Zhao Yunlei. Efficient and traceable anonymous communication scheme for the Internet of vehicles targeting autonomous driving[J]. Journal of Computer Research and Development, 2022, 59(4): 894−906 (in Chinese) doi: 10.7544/issn1000-1239.20200915
[37]	侯琬钰,孙钰,李大伟,等. 基于PUF的5G车联网V2V匿名认证与密钥协商协议[J]. 计算机研究与发展,2021,58(10):2265−2277 doi: 10.7544/issn1000-1239.2021.20210486 Hou Wanyu, Sun Yu, Li Dawei, et al. PUF-based anonymous authentication and key agreement protocol for 5G V2V communication in IoV[J]. Journal of Computer Research and Development, 2021, 58(10): 2265−2277 (in Chinese) doi: 10.7544/issn1000-1239.2021.20210486
[38]	Hu Shengtuo, Chen Q A, Sun Jiachen, et al. Automated discovery of denial-of-service vulnerabilities in connected vehicle protocols[C] // Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2021: 3219−3236
[39]	Xu Ziqi, Li Jingcheng, Pan Yanjun, et al. PoF: Proof-of-following for vehicle platoons[C] //Proc of Network and Distributed System Security Symp. Reston, VA: Internet Society, 2022 [2023-06-05].https://dx.doi.org/10.14722/ndss.2022.23077
[40]	Singh M, Roeschlin M, Ranganathan A, et al. V-Range: Enabling secure ranging in 5G wireless networks[C] //Proc of Network and Distributed System Security Symp. Rosten, VA: Internet Society, 2022 [2023-06-05] .https://dx.doi.org/10.14722/ndss.2022.23151
[41]	Köhler S, Baker R, Strohmeier M, et al. Brokenwire: Wireless disruption of CCS electric vehicle charging[C] //Proc of Network and Distributed System Security Symp. Rosten, VA: Internet Society, 2023 [2023-06-05]. https://dx.doi.org/10.14722/ndss.2023.23251
[42]	Chen Q A, Yin Yucheng, Feng Yiheng, et al. Exposing congestion attack on emerging connected vehicle based traffic signal control[C] //Proc of Network and Distributed System Security Symp. Rosten, VA: Internet Society, 2018 [2023-06-05].http://dx.doi.org/10.14722/ndss.2018.23222
[43]	玄世昌,汤浩,杨武. 基于信誉积分的路况信息共享中共谋攻击节点检测方法[J]. 通信学报,2021,42(4):158−168 doi: 10.11959/j.issn.1000-436x.2021051 Xuan Shichang, Tang Hao, Yang Wu. Method for detecting collusion attack node in road condition information sharing based on reputation point[J]. Journal on Communications, 2021, 42(4): 158−168 (in Chinese) doi: 10.11959/j.issn.1000-436x.2021051
[44]	Abidi I, Nangia I, Aditya P, et al. Privacy in urban sensing with instrumented fleets, using air pollution monitoring as a usecase[C] //Proc of Network and Distributed System Security Symp. Rosten, VA: Internet Society, 2022 [2023-06-05].https://dx.doi.org/10.14722/ndss.2022.23127
[45]	Xie Hongcheng, Guo Yu, Jia Xiaohua. A privacy-preserving online ride-hailing system without involving a third trusted server[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 3068−3081 doi: 10.1109/TIFS.2021.3065832
[46]	Yu Haining, Jia Xiaohua, Zhang Hongli, et al. PSRide: Privacy-preserving shared ride matching for online ride hailing systems[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(3): 1425−1440
[47]	Zhou Lu, Du Suguo, Zhu Haojin, et al. Location privacy in usage-based automotive insurance: Attacks and countermeasures[J]. IEEE Transactions on Information Forensics and Security, 2018, 14(1): 196−211
[48]	Poudel B, Munir A. Design and evaluation of a reconfigurable ECU architecture for secure and dependable automotive CPS[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(1): 235−252 doi: 10.1109/TDSC.2018.2883057
[49]	Kneib M, Schell O, Huth C. EASI: Edge-based sender identification on resource-constrained platforms for automotive networks[C] //Proc of Network and Distributed System Security Symp. Rosten, VA: Internet Society, 2020 [2023-06-05].https://dx.doi.org/10.14722/ndss.2020.24025
[50]	Jedh M, Othmane L B, Ahmed N, et al. Detection of message injection attacks onto the can bus using similarities of successive messages-sequence graphs[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 4133−4146 doi: 10.1109/TIFS.2021.3098162
[51]	Xue Lei, Liu Yangyang, Li Tianqi, et al. SAID: State-aware defense against injection attacks on in-vehicle network[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2022: 1921−1938
[52]	Han M L, Kwak B I, Kim H K. Event-triggered interval-based anomaly detection and attack identification methods for an in-vehicle network[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 2941−2956 doi: 10.1109/TIFS.2021.3069171
[53]	Kulandaivel S, Goyal T, Agrawal A K, et al. CANvas: Fast and inexpensive automotive network mapping[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2019: 389−405
[54]	Choi W, Joo K, Jo H J, et al. Voltageids: Low-level communication characteristics for automotive intrusion detection system[J]. IEEE Transactions on Information Forensics and Security, 2018, 13(8): 2114−2129 doi: 10.1109/TIFS.2018.2812149
[55]	Popa L, Groza B, Jichici C, et al. ECUPrint—Physical fingerprinting electronic control units on CAN buses inside cars and SAE J1939 compliant vehicles[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 1185−1200 doi: 10.1109/TIFS.2022.3158055
[56]	Kim S, Liu M, Rhee J J, et al. DriveFuzz: Discovering autonomous driving bugs through driving quality-guided fuzzing[C] //Proc of ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2022: 1753−1767
[57]	Xiao Qifan, Pan Xudong, Lu Yifan, et al. Exorcising ''wraith'': Protecting LiDAR-based object detector in automated driving system from appearing attacks[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2023: 2939−2956
[58]	Feng Xia, Shi Qichen, Xie Qingqing, et al. P2BA: A privacy-preserving protocol with batch authentication against semi-trusted RSUs in vehicular ad hoc networks[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 3888−3899 doi: 10.1109/TIFS.2021.3098971
[59]	吴宣够,王朋飞,郑啸,等. 基于路径上报的车联网轨迹隐私保护[J]. 计算机研究与发展,2017,54(11):2467−2474 doi: 10.7544/issn1000-1239.2017.20170371 Wu Xuangou, Wang Pengfei, Zheng Xiao, et al. Trajectory privacy protection based on road segment report in VANETs[J]. Journal of Computer Research and Development, 2017, 54(11): 2467−2474 (in Chinese) doi: 10.7544/issn1000-1239.2017.20170371
[60]	徐川, 丁颖祎, 罗丽, 等. 车联网中基于位置服务的个性化位置隐私保护. 软件学报, 2022, 33（2）: 699−716 Xu Chuan, Ding Yingyi, Luo Li, et al. Personalized location privacy protection for location-based services in vehicular networks[J]. Journal of Software, 2022, 33(2): 699−716 (in Chinese)
[61]	莫梓嘉,高志鹏,杨杨,等. 面向车联网数据隐私保护的高效分布式模型共享策略[J]. 通信学报,2022,43(4):83−94 doi: 10.11959/j.issn.1000-436x.2022074 Mo Zijia, Gao Zhipeng, Yang Yang, et al. Efficient distributed model sharing strategy for data privacy protection in Internet of vehicles[J]. Journal on Communications, 2022, 43(4): 83−94 (in Chinese) doi: 10.11959/j.issn.1000-436x.2022074
[62]	Nekouei E, Pirani M, Sandberg H, et al. A randomized filtering strategy against inference attacks on active steering control systems[J]. IEEE Transactions on Information Forensics and Security, 2021, 17: 16−27
[63]	Marchetti M, Stabili D. READ: Reverse engineering of automotive data frames[J]. IEEE Transactions on Information Forensics and Security, 2018, 14(4): 1083−1097
[64]	Frassinelli D, Park S, Nürnberger S. I know where you parked last summer: Automated reverse engineering and privacy analysis of modern cars[C] //Proc of IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2020: 1401−1415
[65]	黄涛,付安民,季宇凯,等. 工控协议逆向分析技术研究进展与挑战[J]. 计算机研究与发展,2022,59(5):1015−1034 doi: 10.7544/issn1000-1239.20211149 Huang Tao, Fu Anmin, Ji Yukai, et al. Research and challenges on reverse analysis technology of industrial control protocol[J]. Journal of Computer Research and Development, 2022, 59(5): 1015−1034 (in Chinese) doi: 10.7544/issn1000-1239.20211149
[66]	Pesé M D, Stacer T, Campos C A, et al. LibreCAN: Automated CAN message translator[C] //Proc of ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2019: 2283−2300
[67]	Yu Le, Liu Yangyang, Jing Pengfei, et al. Towards automatically reverse engineering vehicle diagnostic protocols[C] //Proc of USENIX Security Symp. Berkeley, CA: USENIX, 2022: 1939−1956
[68]	Wen Haohuang, Zhao Qingchuan, Chen Q A, et al. Automated cross-platform reverse engineering of CAN bus commands from mobile apps[C] //Proc of Network and Distributed System Security Symp. Rosten, VA: Internet Society, 2020 [2023-05-06]. https://dx.doi.org/10.14722/ndss.2020.24231
[69]	Fabrice B. QEMU: A generic and open source machine emulator and virtualizer. [EB/OL]. [2023-05-31].https://www.qemu.org
[70]	Quynh N A, Dang H V. Unicorn: Next generation CPU emulator framework[C] //BlackHat, 2015
[71]	Van den Herrewegen J, Garcia F D. Beneath the bonnet: A breakdown of diagnostic security[C] //Proc of European Symp on Research in Computer Security, Berlin: Springer, 2018: 305−324
[72]	Chen Zitai, Thomas S L, Garcia F D. MetaEmu: An architecture agnostic rehosting framework for automotive firmware[C] //Proc of ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2022: 515−529
[73]	Jia Wei, Lu Zhaojun, Zhang Haichun, et al. Fooling the eyes of autonomous vehicles: Robust physical adversarial examples against traffic sign recognition Systems[C] //Proc of Network and Distributed System Security Symp. Rosten, VA: Internet Society, 2022 [2023-06-05]. https://dx.doi.org/10.14722/ndss.2022.24130
[74]	Zhao Yue, Zhu Hong, Liang Ruigang, et al. Seeing isn’t believing: Practical adversarial attack against object detectors[C] //Proc of ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2019: 1989–2004
[75]	Xie Cihang, Wu Yuxin, van der Maaten L, et al. Feature denoising for improving adversarial robustness[C] //Proc of IEEE/CVF Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2019: 501–509
[76]	Li Xin, Li Fuxin. Adversarial examples detection in deep networks with convolutional filter statistics[C] //Proc of IEEE Inte Conf on Computer Vision. Piscataway, NJ: IEEE, 2017: 5764–5772
[77]	Papernot N, McDaniel P, Wu Xi, et al. Distillation as a defense to adversarial perturbations against deep neural networks[C] //Proc of IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2016: 582–597
[78]	Chen Zhenzhu, Wang Shang, Fu Anmin, et al. LinkBreaker: Breaking the backdoor-trigger link in DNNs via neurons consistency check[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 2000−2014 doi: 10.1109/TIFS.2022.3175616
[79]	陈大卫,付安民,周纯毅,等. 基于生成式对抗网络的联邦学习后门攻击方案[J]. 计算机研究与发展,2021,58(11):2364−2373 doi: 10.7544/issn1000-1239.2021.20210659 Chen Dawei, Fu Anmin, Zhou Chunyi, et al. Federated learning backdoor attack scheme based on generative adversarial network[J]. Journal of Computer Research and Development, 2021, 58(11): 2364−2373 (in Chinese) doi: 10.7544/issn1000-1239.2021.20210659
[80]	Nasr M, Shokri R, Houmansadr A. Machine learning with membership privacy using adversarial regularization[C] //Proc of ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2018: 634−646
[81]	Melis L, Song Congzheng, Cristofaro E D, et al. Exploiting unintended feature leakage in collaborative learning[C] //Proc of IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2019: 691−706
[82]	Zhou Chunyi, Gao Yansong, Fu Anmin, et al. PPA: Preference profiling attack against federated learning[C] //Proc of Network and Distributed System Security Symp. Rosten, VA: Internet Society, 2023 [2023-05-06]. https://dx.doi.org/10.14722/ndss.2023.23171
[83]	周纯毅,陈大卫,王尚,等. 分布式深度学习隐私与安全攻击研究进展与挑战[J]. 计算机研究与发展,2021,58(5):927−943 doi: 10.7544/issn1000-1239.2021.20200966 Zhou Chunyi, Chen Dawei, Wang Shang, et al. Research and challenge of distributed deep learning privacy and security attack[J]. Journal of Computer Research and Development, 2021, 58(5): 927−943 (in Chinese) doi: 10.7544/issn1000-1239.2021.20200966