Autonomous Target Tracking (ATT) systems, especially ATT drones, are widely used in applications such as surveillance, border control, and law enforcement, while also being misused in stalking and destructive actions. Thus, the security of ATT is highly critical for real-world applications. Under the scope, we present a new type of attack: distance-pulling attacks (DPA) and a systematic study of it, which exploits vulnerabilities in ATT systems to dangerously reduce tracking distances, leading to drone capturing, increased susceptibility to sensor attacks, or even physical collisions. To achieve these goals, we present FlyTrap, a novel physical-world attack framework that employs an adversarial umbrella as a deployable and domain-specific attack vector. FlyTrap is specifically designed to meet key desired objectives in attacking ATT drones: physical deployability, closed-loop effectiveness, and spatial-temporal consistency. Through novel progressive distance-pulling strategy and controllable spatial-temporal consistency designs, FlyTrap manipulates ATT drones in real-world setups to achieve significant system-level impacts. Our evaluations include new datasets, metrics, and closed-loop experiments on real-world white-box and even commercial ATT drones, including DJI and HoverAir. Results demonstrate FlyTrap's ability to reduce tracking distances within the range to be captured, sensor attacked, or even directly crashed, highlighting urgent security risks and practical implications for the safe deployment of ATT systems.

翻译：自主目标跟踪（ATT）系统，特别是ATT无人机，广泛应用于监视、边境管控和执法等领域，同时也被滥用于跟踪和破坏性行为。因此，ATT的安全性在实际应用中至关重要。在此背景下，我们提出一种新型攻击：距离牵引攻击（DPA），并对其进行了系统性研究。该攻击利用ATT系统中的漏洞，危险地缩短跟踪距离，导致无人机被捕获、增加传感器攻击的易感性，甚至引发物理碰撞。为实现这些目标，我们提出了FlyTrap，一种新颖的物理世界攻击框架，采用对抗性雨伞作为可部署且领域特定的攻击向量。FlyTrap专门设计以满足攻击ATT无人机的关键预期目标：物理可部署性、闭环有效性和时空一致性。通过新颖的渐进式距离牵引策略和可控的时空一致性设计，FlyTrap在真实世界设置中操控ATT无人机，实现显著的系统级影响。我们的评估包括新数据集、度量标准，以及对真实世界白盒乃至商用ATT无人机（包括DJI和HoverAir）的闭环实验。结果表明，FlyTrap能够将跟踪距离缩短至可被捕获、传感器受攻击甚至直接坠毁的范围，凸显了ATT系统安全部署的紧迫安全风险与实际影响。