Federated Learning (FL) is a decentralized learning paradigm, enabling parties to collaboratively train models while keeping their data confidential. Within autonomous driving, it brings the potential of reducing data storage costs, reducing bandwidth requirements, and to accelerate the learning. FL is, however, susceptible to poisoning attacks. In this paper, we introduce two novel poisoning attacks on FL tailored to regression tasks within autonomous driving: FLStealth and Off-Track Attack (OTA). FLStealth, an untargeted attack, aims at providing model updates that deteriorate the global model performance while appearing benign. OTA, on the other hand, is a targeted attack with the objective to change the global model's behavior when exposed to a certain trigger. We demonstrate the effectiveness of our attacks by conducting comprehensive experiments pertaining to the task of vehicle trajectory prediction. In particular, we show that, among five different untargeted attacks, FLStealth is the most successful at bypassing the considered defenses employed by the server. For OTA, we demonstrate the inability of common defense strategies to mitigate the attack, highlighting the critical need for new defensive mechanisms against targeted attacks within FL for autonomous driving.

翻译：联邦学习是一种去中心化的学习范式，使各方能够在保持数据机密的同时协作训练模型。在自动驾驶领域，它有望降低数据存储成本、减少带宽需求并加速学习进程。然而，联邦学习易受投毒攻击。本文针对自动驾驶中的回归任务，提出了两种新型联邦学习投毒攻击：FLStealth和偏离轨迹攻击。FLStealth作为一种无目标攻击，旨在提供看似良性但会恶化全局模型性能的模型更新。而偏离轨迹攻击则是一种有目标攻击，其目标是在全局模型暴露于特定触发条件时改变其行为。通过针对车辆轨迹预测任务开展综合实验，我们验证了这些攻击的有效性。特别地，我们证明在五种不同的无目标攻击中，FLStealth在规避服务器采用的防御措施方面最为成功。针对偏离轨迹攻击，我们展示了常见防御策略均无法缓解其影响，这凸显了在自动驾驶联邦学习中针对有目标攻击亟需新型防御机制。