This work uncovers a novel security vulnerability in autonomous vehicle sensors—particularly LiDAR—under partial-information attacks: adversaries can stealthily inject network-layer Trojans while respecting sensor integrity constraints. We first identify LiDAR’s critical fragility in multi-sensor fusion pipelines. To address this, we propose a probabilistic data asymmetry monitor and design a trajectory-level 3D LiDAR–monocular camera fusion method (T2T-3DLM) to achieve robust, security-aware perception. Evaluated on AV simulation platforms and real-world datasets, our approach integrates adversarial modeling and integrity constraint analysis. Experiments demonstrate that the proposed solution significantly reduces Trojan attack success rates, confirms LiDAR-based attacks pose greater security risks than camera-based ones, and enhances system robustness substantially—without compromising functional performance.

Safety-critical sensors in autonomous vehicles (AVs) form an essential part of the vehicle's trusted computing base (TCB), yet they are highly susceptible to attacks. Alarmingly, Tier 1 manufacturers have already exposed vulnerabilities to attacks introducing Trojans that can stealthily alter sensor outputs. We analyze the feasible capability and safety-critical outcomes of an attack on sensing at a cyber level. To further address these threats, we design realistic attacks in AV simulators and real-world datasets under two practical constraints: attackers (1) possess only partial information and (2) are constrained by data structures that maintain sensor integrity.Examining the role of camera and LiDAR in multi-sensor AVs, we find that attacks targeting only the camera have minimal safety impact due to the sensor fusion system's strong reliance on 3D data from LiDAR. This reliance makes LiDAR-based attacks especially detrimental to safety. To mitigate the vulnerabilities, we introduce security-aware sensor fusion incorporating (1) a probabilistic data-asymmetry monitor and (2) a scalable track-to-track fusion of 3D LiDAR and monocular detections (T2T-3DLM). We demonstrate that these methods significantly diminish attack success rate.