To address the safety risks posed by adversarial attacks that compromise decision-making in deep reinforcement learning (DRL) for autonomous driving, this paper systematically analyzes key threats—including policy poisoning, observation perturbations, and reward tampering—and evaluates the applicability of defense strategies such as robust training, anomaly detection, and formal verification. Methodologically, it introduces a novel security threat-defense mapping framework grounded in the layered architecture of autonomous driving systems (perception-decision-control stack), overcoming the limitations of prior surveys that focus narrowly on algorithmic aspects and lack deployment-oriented guidance. Based on this framework, the paper establishes the first DRL security assessment framework tailored to the autonomous driving stack, precisely identifying vulnerability points across layers and delineating boundaries for defense applicability. The resulting methodology provides actionable, scenario-aware guidance for secure industrial-grade DRL system design.

Reinforcement learning allows machines to learn from their own experience. Nowadays, it is used in safety-critical applications, such as autonomous driving, despite being vulnerable to attacks carefully crafted to either prevent that the reinforcement learning algorithm learns an effective and reliable policy, or to induce the trained agent to make a wrong decision. The literature about the security of reinforcement learning is rapidly growing, and some surveys have been proposed to shed light on this field. However, their categorizations are insufficient for choosing an appropriate defense given the kind of system at hand. In our survey, we do not only overcome this limitation by considering a different perspective, but we also discuss the applicability of state-of-the-art attacks and defenses when reinforcement learning algorithms are used in the context of autonomous driving.