A Spatiotemporal Backdoor Attack Against Behavior-Oriented Decision Makers in Metaverse: From Perspective of Autonomous Driving

Behavior-oriented decision-makers are critical components in generating intelligent decisions for user virtual interactions in metaverse. In this work, we study the efficiency and security of behavior-oriented decision-makers in metaverse from perspective of autonomous driving (AD), where modeling human uncertain driving behaviors is the key factor of their performance. We first explore the ability of different deep-neural-network-based decision-makers used in deep reinforcement learning for efficient autonomous vehicle control, and then we propose a novel neural backdoor attack against them using spatiotemporal driving behaviors, rather than an immediate state. With our attack, the adversary acts as a normal driver and can trigger attacks by driving his vehicle following specific spatiotemporal behaviors. Extensive experiments show that our proposed backdoor attack can achieve high stealthiness and effectiveness (less than 1% clean performance variance rate and more than 98% attack success rate) on behavior-oriented decision-makers, and is sustainable against existing advanced defenses.