TrustFlip Attack Exploits Collaborative Vehicle Perception Defenses
A new attack named TrustFlip has been discovered by researchers, targeting consistency-based defenses in vehicular collaborative perception (CP) systems. CP enables connected autonomous vehicles to exchange sensor information for collective environmental analysis. Current defenses identify adversarial data through inconsistency checks across vehicles and trust assessments, penalizing those vehicles whose data diverges from the majority. TrustFlip exploits these defenses by introducing physical adversarial objects that are authentic but generate conflicting observations among innocent vehicles. This leads the defense to incorrectly attribute the inconsistencies to a specific benign vehicle, undermining its trust score and possibly barring it from collaboration. Rather than injecting false data, the attack utilizes real objects to compromise trust. The research is published on arXiv with ID 2605.22122.
Key facts
- TrustFlip is a novel attack on collaborative perception systems.
- It exploits cross-vehicle inconsistency detection and trust estimation defenses.
- Physical adversarial objects cause inconsistent observations among benign vehicles.
- The defense misattributes inconsistencies to a targeted benign vehicle.
- Trust score degradation leads to downweighting or exclusion from collaboration.
- No false data injection is required; objects are genuine.
- The attack was presented in arXiv paper 2605.22122.
- Collaborative perception enables connected autonomous vehicles to share sensor data.
Entities
Institutions
- arXiv