The 38th Annual Computer Security Applications Conference | Texas, TX | ACSAC '22

During my presentation


The security of the Autonomous Driving (AD) system has been gaining researchers’ and public’s attention recently. Given that AD companies have invested a huge amount of resources in developing their AD models, e.g., localization models, these models, especially their parameters, are important intellectual property and deserve strong protection.
In this work, we examine whether the confidentiality of production-grade Multi-Sensor Fusion (MSF) models, in particular, Error-State Kalman Filter (ESKF), can be stolen from an outside adversary. We propose a new model extraction attack called TaskMaster that can infer the secret ESKF parameters under black-box assumption. In essence, TaskMaster trains a substitutional ESKF model to recover the parameters, by observing the input and output to the targeted AD system. To precisely recover the parameters, we combine a set of techniques, like gradient-based optimization, search-space reduction and multi-stage optimization. The evaluation result on real-world vehicle sensor dataset shows that TaskMaster is practical. For example, with 25 seconds AD sensor data for training, the substitutional ESKF model reaches centimeter-level accuracy, comparing with the ground-truth model.

Dec 5, 2022
AT&T Hotel and Conference Center
1900 University Ave, Austin, TX 78705
Qifan Zhang
Qifan Zhang
Ph.D. candidate

Qifan Zhang (张起帆) is now a 3rd-year Ph.D. candidate in Department of Electrical Engineering & Computer Science at University of California, Irvine with focus on Computer Security, advised by Prof. Zhou Li. His research interests include Network Security, especially Domain Name System (DNS), and Machine Learning for Security. Before that, he received his B.E. degree in Computer Science and Technology from ShanghaiTech University in 2020.
Pronunciation of his name: Chee-Fan Jang.
His Curriculum Vitae (last updated on May 2, 2023)