{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T07:48:22Z","timestamp":1776844102954,"version":"3.51.2"},"reference-count":48,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T00:00:00Z","timestamp":1776729600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001381","name":"National Research Foundation, Singapore","doi-asserted-by":"crossref","award":["AISG4-GC-2023-006-1B"],"award-info":[{"award-number":["AISG4-GC-2023-006-1B"]}],"id":[{"id":"10.13039\/501100001381","id-type":"DOI","asserted-by":"crossref"}]},{"name":"National Satellite of Excellence in Trustworthy Software Systems (NSOE-TSS) office","award":["NSOE-TSS2020-01"],"award-info":[{"award-number":["NSOE-TSS2020-01"]}]},{"DOI":"10.13039\/100000001","name":"U.S. National Science Foundation","doi-asserted-by":"crossref","award":["#2029049"],"award-info":[{"award-number":["#2029049"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"crossref"}]},{"name":"IBM-Illinois Discovery Accelerator Institute","award":["#113909 and #114073"],"award-info":[{"award-number":["#113909 and #114073"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Cyber-Phys. Syst."],"published-print":{"date-parts":[[2026,4,30]]},"abstract":"<jats:p>Modern autonomous vehicles face growing cybersecurity risks, especially from action space attacks that directly target vehicle actuators. This article systematically evaluates the resilience of three representative Autonomous Driving (AD) architectures, including modular, end-to-end, and feature-fused agents, against few-shot action space attacks crafted via deep reinforcement learning under a black-box setting. The adversary perturbs the vehicle\u2019s lateral control only during safety-critical moments, using either a camera or an inertial measurement unit. Our results reveal distinct vulnerabilities and behavioral patterns across AD architectures, which underscore the necessity for adaptive and robust defense strategies. However, existing adversarial training defense methods show limitations of overfitting and reliance on attack knowledge. To address these limitations, we propose a learning-based Path Correction System (PCS) that integrates traditional feedback control with an adversarially trained correction loop. The correction loop is selectively activated by a kinematic model-based attack detector to counteract abnormal control deviations. Evaluation experiments show that PCS reduces path-tracking deviation by 78% when the system is under attack.<\/jats:p>","DOI":"10.1145\/3777460","type":"journal-article","created":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T14:46:28Z","timestamp":1763736388000},"page":"1-29","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Resilient Path Tracking of Autonomous Driving under Few-shot Action Space Attacks"],"prefix":"10.1145","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-1510-6464","authenticated-orcid":false,"given":"Yuting","family":"Wu","sequence":"first","affiliation":[{"name":"College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8910-5666","authenticated-orcid":false,"given":"Xin","family":"Lou","sequence":"additional","affiliation":[{"name":"Infocomm Technology Cluster, Singapore Institute of Technology, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1836-1122","authenticated-orcid":false,"given":"Pengfei","family":"Zhou","sequence":"additional","affiliation":[{"name":"School of Computing and Information, University of Pittsburgh, Pittsburgh, Pennsylvania, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8441-9973","authenticated-orcid":false,"given":"Rui","family":"Tan","sequence":"additional","affiliation":[{"name":"College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-6040-6865","authenticated-orcid":false,"given":"Zbigniew","family":"T. Kalbarczyk","sequence":"additional","affiliation":[{"name":"Coordinated Science Laboratory, University of Illinois at Urbana-Champaign, Urbana, Illinois, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2245-3038","authenticated-orcid":false,"given":"Ravishankar","family":"K. Iyer","sequence":"additional","affiliation":[{"name":"Coordinated Science Laboratory, University of Illinois at Urbana-Champaign, Urbana, Illinois, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,4,21]]},"reference":[{"key":"e_1_3_1_2_2","doi-asserted-by":"publisher","DOI":"10.1109\/ITSC.2019.8917192"},{"key":"e_1_3_1_3_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2020.101766"},{"key":"e_1_3_1_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICESS.2019.8782514"},{"key":"e_1_3_1_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/ITSC45102.2020.9294338"},{"key":"e_1_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/LRA.2020.2967299"},{"key":"e_1_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3339815"},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/2746266.2746267"},{"key":"e_1_3_1_9_2","first-page":"66","volume-title":"Proceedings of the 3rd Annual Conference on Robot Learning (CoRL \u201919)","author":"Chen Dian","year":"2019","unstructured":"Dian Chen, Brady Zhou, Vladlen Koltun, and Philipp Kr\u00e4henb\u00fchl. 2019. Learning by cheating. In Proceedings of the 3rd Annual Conference on Robot Learning (CoRL \u201919). PMLR, 66\u201375. Retrieved from http:\/\/proceedings.mlr.press\/v100\/chen20a.html"},{"key":"e_1_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.1109\/ITSC.2019.8917306"},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2024.3435937"},{"key":"e_1_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243752"},{"key":"e_1_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2019.00942"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/SPW50608.2020.00032"},{"key":"e_1_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.apergo.2022.103881"},{"key":"e_1_3_1_16_2","first-page":"1","volume-title":"Proceedings of Machine Learning Research (CoRL)","author":"Dosovitskiy Alexey","year":"2017","unstructured":"Alexey Dosovitskiy, Germ\u00e1n Ros, Felipe Codevilla, Antonio M. L\u00f3pez, and Vladlen Koltun. 2017. CARLA: An open urban driving simulator. In Proceedings of Machine Learning Research (CoRL). PMLR, 1\u201316."},{"key":"e_1_3_1_17_2","first-page":"3088","volume-title":"International Conference on Machine Learning Research (ICML)","author":"Fan Linxi","year":"2021","unstructured":"Linxi Fan, Guanzhi Wang, De-An Huang, Zhiding Yu, Li Fei-Fei, Yuke Zhu, and Animashree Anandkumar. 2021. SECANT: Self-expert cloning for zero-shot generalization of visual policies. In International Conference on Machine Learning Research (ICML). PMLR, 3088\u20133099."},{"key":"e_1_3_1_18_2","doi-asserted-by":"publisher","DOI":"10.1145\/3203245"},{"key":"e_1_3_1_19_2","volume-title":"8th International Conference on Learning Representations (ICLR \u201920)","author":"Gleave Adam","year":"2020","unstructured":"Adam Gleave, Michael Dennis, Cody Wild, Neel Kant, Sergey Levine, and Stuart Russell. 2020. Adversarial policies: Attacking deep reinforcement learning. In 8th International Conference on Learning Representations (ICLR \u201920). OpenReview.net. Retrieved from https:\/\/openreview.net\/forum?id=HJgEMpVFwB"},{"key":"e_1_3_1_20_2","first-page":"377","volume-title":"13th International Conference on Security and Privacy in Communication Networks (SecureComm \u201917)","author":"Guo Pinyao","year":"2017","unstructured":"Pinyao Guo, Hunmin Kim, Le Guan, Minghui Zhu, and Peng Liu. 2017. VCIDS: Collaborative intrusion detection of sensor and actuator attacks on connected vehicles. In 13th International Conference on Security and Privacy in Communication Networks (SecureComm \u201917). Springer, 377\u2013396."},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.3390\/s22218373"},{"key":"e_1_3_1_22_2","first-page":"1856","volume-title":"35th International Conference on Machine Learning (ICML \u201918)","author":"Haarnoja Tuomas","year":"2018","unstructured":"Tuomas Haarnoja, Aurick Zhou, Pieter Abbeel, and Sergey Levine. 2018. Soft actor-critic: Off-policy maximum entropy deep reinforcement learning with a stochastic actor. In 35th International Conference on Machine Learning (ICML \u201918). PMLR, 1856\u20131865. Retrieved from http:\/\/proceedings.mlr.press\/v80\/haarnoja18b.html"},{"key":"e_1_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/CCA.2012.6402735"},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICRA.2018.8461233"},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2019.00025"},{"key":"e_1_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.01426"},{"key":"e_1_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1145\/3450267.3450537"},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2017\/525"},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.3043716"},{"key":"e_1_3_1_30_2","article-title":"ElegantRL-Podracer: Scalable and elastic library for cloud-native deep reinforcement learning","author":"Liu Xiao-Yang","year":"2021","unstructured":"Xiao-Yang Liu, Zechu Li, Zhuoran Yang, Jiahao Zheng, Zhaoran Wang, Anwar Walid, Jian Guo, and Michael I. Jordan. 2021. ElegantRL-Podracer: Scalable and elastic library for cloud-native deep reinforcement learning. In 35th Conference on Neural Information Processing Systems (NeurIPS\u201821) Workshop on Deep Reinforcement Learning.","journal-title":"35th Conference on Neural Information Processing Systems (NeurIPS\u201821) Workshop on Deep Reinforcement Learning"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1186\/s13638-019-1484-3"},{"key":"e_1_3_1_32_2","doi-asserted-by":"publisher","DOI":"10.1109\/CDC.2015.7402409"},{"key":"e_1_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIV.2016.2578706"},{"key":"e_1_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.1177\/0278364919880273"},{"key":"e_1_3_1_35_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-021-11437-3"},{"key":"e_1_3_1_36_2","first-page":"895","volume-title":"USENIX Security Symposium","author":"Quinonez Raul","year":"2020","unstructured":"Raul Quinonez, Jairo Giraldo, Luis E. Salazar, Erick Bauman, Alvaro A. C\u00e1rdenas, and Zhiqiang Lin. 2020. SAVIOR: Securing autonomous vehicles with robust physical invariants. In USENIX Security Symposium. USENIX Association, 895\u2013912."},{"key":"e_1_3_1_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICMA49215.2020.9233522"},{"key":"e_1_3_1_38_2","unstructured":"Andrei A. Rusu Neil C. Rabinowitz Guillaume Desjardins Hubert Soyer James Kirkpatrick Koray Kavukcuoglu Razvan Pascanu and Raia Hadsell. 2016. Progressive neural networks. arXiv:1606.04671. Retrieved from https:\/\/arxiv.org\/abs\/1606.04671"},{"key":"e_1_3_1_39_2","first-page":"3309","volume-title":"USENIX Security Symposium","author":"Sato Takami","year":"2021","unstructured":"Takami Sato, Junjie Shen, Ningfei Wang, Yunhan Jia, Xue Lin, and Qi Alfred Chen. 2021. Dirty road can attack: Security of deep learning based automated lane centering under physical-world attack. In USENIX Security Symposium. USENIX Association, 3309\u20133326."},{"key":"e_1_3_1_40_2","doi-asserted-by":"publisher","DOI":"10.31274\/etd-180810-6090"},{"key":"e_1_3_1_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2001.936213"},{"key":"e_1_3_1_42_2","first-page":"3959","volume-title":"2020 American Control Conference (ACC \u201920)","author":"Liang Tan Kai","year":"2020","unstructured":"Kai Liang Tan, Yasaman Esfandiari, Xian Yeow Lee, Aakan Ksha, and Soumik Sarkar. 2020. Robustifying reinforcement learning agents via action space adversarial training. In 2020 American Control Conference (ACC \u201920). IEEE, 3959\u20133964."},{"key":"e_1_3_1_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIV.2022.3225340"},{"key":"e_1_3_1_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2011.5995347"},{"key":"e_1_3_1_45_2","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v30i1.10295"},{"key":"e_1_3_1_46_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN-W58399.2023.00034"},{"key":"e_1_3_1_47_2","doi-asserted-by":"publisher","DOI":"10.1109\/TITS.2020.3013234"},{"key":"e_1_3_1_48_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN53405.2022.00020"},{"issue":"3","key":"e_1_3_1_49_2","first-page":"24","article-title":"Research on drivers\u2019 reaction TIME in different conditions","volume":"2","author":"Zhuk Mykola","year":"2017","unstructured":"Mykola Zhuk, Volodymyr Kovalyshyn, Yurii Royko, and Khrystyna Barvinska. 2017. Research on drivers\u2019 reaction TIME in different conditions. East. Eur. J. Enterp. Technol. 2, 3 (2017), 24\u201331.","journal-title":"East. Eur. J. Enterp. Technol"}],"container-title":["ACM Transactions on Cyber-Physical Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3777460","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3777460","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T06:35:13Z","timestamp":1776839713000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3777460"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,21]]},"references-count":48,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2026,4,30]]}},"alternative-id":["10.1145\/3777460"],"URL":"https:\/\/doi.org\/10.1145\/3777460","relation":{},"ISSN":["2378-962X","2378-9638"],"issn-type":[{"value":"2378-962X","type":"print"},{"value":"2378-9638","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,4,21]]},"assertion":[{"value":"2024-11-12","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-10-28","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-04-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}