Abstract
Cybersecurity refers to methods and practices designed for protection of networks, computers, programs, and data from attack, damage, or unauthorized access (1). Cybersecurity has emerged as threat in every field that relies on communications. Therefore, Transportation operation and management systems also utilize wired and wireless communications for managing roadways and are at significant risk of such cyberattacks. These systems were closed proprietary systems (isolated systems) in the past and had very limited cyber vulnerabilities. Those proprietary systems have now transformed into more open systems with increased accessibility (2) due to the emergence of network computing and reliance on emerging technologies such as internet of things (IoT), and connectivity. The National Transportation Communication for Intelligent Transportation Systems (ITS) Protocol (NTCIP) utilize center-to-center communications that rely on request-based protocols through XML messages (3). These protocols rely on the assumptions that most attacks are from the inside, and that hackers make up only a small portion of total intrusions, thus have no built in security (4). The U.S. DOT has also taken a huge initiative to develop a security credential management system (SCMS) (5)—a message security solution for vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication. However, communication dependency opens up a wide array of access points, which makes these systems vulnerable to cyberattacks and the least understood in terms of cybersecurity.
This proposal is based on the premise that perfect protection from cyberattacks is not realistic. Thus, the proposed research would focus on analyzing the vulnerability of cooperative driving relying on infrastructure-based communication from a real-field experimental data collected at the Aberdeen center in Maryland. Multiple cyberattacks including sensor anomalies, fake BSMs, replay and denial of service would be emulated. Furthermore, the driving conditions from the field experiment would be emulated within a realistic simulation environment to test the consequences of different types of cyberattacks on safety effects of transportation systems and analyze crash types and severity. Long short-term memory with Gaussian mixture (LAGMM) model would be utilized to design efficient and effective anomaly detection method for accounting the temporal relations of trajectories, so that anomalous behavior can be detected in real-time and the severe consequences of cyberattack or sensor anomalies can be avoided. Ultimately, the research would develop a real-time threat-monitoring system to continuously check to see if the system is behaving as expected and degrade the system to a safe state under cyberattacks.
• Description
• Research Approach
Task 1. Cyberattack emulation using real world data from cooperative driving
The cyberattack anomalies would be emulated due to lack of publicly available anomalous CAV sensor data. The sensors to be considered have been shown to have vulnerability to cyberattacks and sensor failures by past research (10–12). A reasonable subset of likely attacks would be subjected to a detailed investigation through a series of case studies using the available sensor data. The cyberattacks would be selected based on a higher probability for an attacker to launch these attacks, the ability to compromise CAV operation and safety, and a requirement that the attack needs a reasonable level of expertise and cost. Some examples of the types of attacks to be considered include.
1. Senor anomalies.
2.Infrastructure elements compromised by attacks at the V2I communication.
2.Communication at the vehicle level compromised by attacks at the network level (V2V).
With regards to sensor anomalies, three types of attacks would be considered. For instance, a fake data injection attack through CAN bus or on-board diagnostic (OBD) can compromise the in-vehicle speed and acceleration sensors and result in several sensors anomalies. Likewise, an adversary with valid credentials can spoof the GPS through jamming or GPS spoofing attack and compromise the sensor values, thus generating anomalies. Further, an acoustic injection attack can compromise the acceleration sensor and generate anomalies.
Furthermore, three types of attacks requiring communication access would be selected for the case studies: fake BSM initiated by spoofing, sybil to access beacons and generate fake messages/BSMs to other surrounding vehicles, replay attack initiated when data packets stored at a previous instance of time are repeated maliciously or replayed, and denial of service attacks which ceases the control inputs and are initiated by sending excessive data packets and flooding the communication channel. The denial-of-service attack results in having no communication of advisories and is similar to jamming attacks.
These anomalies would be injected into CAV sensors. The initiation of sensor anomalies due to attacks or sensor failure would be assumed as independent. A single anomaly would be assumed in one time epoch due to independent nature of attacks or faults in sensors and reliability of sensors. Multiple rates alpha including 1%, 5% and 10% would be used to generate several anomalous datasets. The anomalies would be randomly simulated with random sensors. The simulated anomalies would then be added to the base or normal sensor values of the compromised sensor (within lead vehicle or follower). The anomaly types and durations would be varied for instance, anomaly to be simulated for 5mins, 20 mins etc. Further, mixed anomaly type would also be considered for testing sensitivity, which includes multiple anomalies mixed together.
Task 2. Assessment of Cyberattacks Influence and Anomaly Detection
The stability, safety, and privacy of cooperative driving can be severely compromised by all levels of attacks. The conditions from field experiments at Aberdeen Center would be emulated within simulation environment using the available data. The ACC only scenario include both lead vehicle (LV) and following vehicle (FVs) in ACC mode. The FV speed was set higher than the LV. All vehicles within the group are expected to maintain speed and car following through sensors. The hybrid mode has CACC in LV and ACC mode in FVs. The first LV operates on CACC communication and is a representation of I2V CACC, which receives a reference target speed from the waypoints. Thus, the LV operates using CACC speed and acceleration limits. LV would be controlled automatically to match the set speed, so the LV speed is more stable, which also makes it easier for the FVs to stabilize their speeds. However, the FVs would operate on ACC control and maintain speed and following distance by only considering the information it receives from its sensors. The CACC mode, where all vehicles follow CACC is a representation of V2V CACC and would govern vehicle following within the platoon in the third scenario. The target speed would control LV while the FVs observe time gap mode via dedicated short-range communication (DSRC) commands. The scenarios of field experiment within simulated environment would be used to assess the consequences of the aforementioned cyberattacks on system wide performance. Traffic conflicts as defined by (13) “When movement of two or more vehicles remains unchanged as they approach each other, and there is a risk of collision” would be used to assess the safety impact of cyberattacks. The premise behind the use of surrogate safety assessment is that conflicts are more frequent than crashes and can provide a more proactive approach to safety risk assessment since both events have a comparable mechanism. Real crash data from VDOT would be used to validate the observed crash risk. Furthermore, network wide stability would also be assessed from the emulated cyberattacks. Multiple scenarios would be considered including cyberattack on a single vehicle and cyberattack on platoon of vehicles. The influence of cyberattack on the lead vehicle as well as cyberattacks on the followers would be assessed.
Task 3: Anomaly Detection and resilience
This task would further aim at detecting falsified CAV trajectories from normal CAV trajectories. Considering the aforementioned attack scenarios, falsified trajectories would be generated with four anomalies, the proposed LAGMM consists of two major components: (1) a compression network aiming at generating low-rank approximation for input data by a LSTM autoencoder, which concatenate reduced space features with reconstruction error features, (2) a GMM model to predict likelihood/energy. Given the low rank approximation of the input data, the GMM-based estimation network aims at estimating the density function. The unknown parameters in GMM are mixture component distribution, mixture means µ, and mixture covariance. A multi-layer neural network (MLNN) would be leveraged to predict the mixture membership of each sample data. In the testing process, the sample energy estimated from Gaussian mixture model will be used to predict if the sample data is composed of falsified trajectories or not. Higher energy would indicate a higher probability of anomalies. The LSTMs would be trained to learn normal behaviors. Predictions would be generated at each time step and the prediction errors would indicate the deviations from normal behaviors. Then a clustering approach would be applied to detect anomaly. Once the anomaly is detected, the system architecture would isolate the anomalous data and operate the system based on redundant historical data termed as normal. This redundancy would allow the system to perform resiliently even under cyberattacks.
Description
Timeline
Strategic Description / RD&T
The research aligns with USDOT priorities of cybersecurity with the objective of analyzing cybersecurity risks to connected digital systems. The research focuses on analyzing cyber vulnerabilities and risks and developing methodology to detect cyberattacks and enable resilient operation under cyberattacks through cyber incident response. Likewise, the project aligns with the Safety21 UTC focus on promoting transportation systems safety since understanding cybersecurity risks and preventing cyberattacks would ultimately result in safety improvement.
Deployment Plan
The study results will help guide understanding of the safety impacts of cyberattacks. Both Virginia Department of Transportation and Oak Ridge National Laboratory will serve as project partners and provide technical assistance, data and assist with deployment efforts through VDOT’s program that maintains, and operates states roadway, bridges and tunnels. The research team would work closely with VDOT to assist with real-world implementation of findings from this research in their traffic management and operations program to deploy the monitoring architectures developed in this research at traffic management centers for detecting anomalies within real-world transportation networks and allow resilient operation of the connected systems under sensor anomalies or cyberattacks. We have been actively engaging deployment partners such as American Center for Mobility, Honda and Toyota. We plan to set up quarterly meetings with each of those partners to brief our research results, gauge their interests, receive their feedback and ultimately deploy our research outcomes in their day-to-day operations/policies. We further plan to work with PennDoT to assist with implementing anomaly detection plan on PA networks and assist with policy guidance on incident management under security compromise. Furthermore, the PIs plan to pitch the study findings at Automated Road Transportation Symposium and Intelligent Vehicles Symposium, where different vehicle manufacturers will be in attendance. We will work with vehicle sensing companies such as Waymo, Cruise and OEM manufactures including Honda and Toyota to deploy our anomaly detection methods on their fleet so that the connected fleet can provide alerts to TMC operators about cyberattacks on ITS infrastructure. The implementation success would further enable assistance with other agencies.
We also plan to actively seek both industrial and federal funding based on this initial development. Our framework is of general interest to all agencies dealing with connected intelligent systems- which are at the risk of security compromise. The general nature of this problem would attract the attention from various agencies and OEM manufacturers. The findings from this study would further scale to a follow up study, where real-world conditions would be modeled in a driving simulator and real human driver behavior would be tested under cyberattacks to assess human trust level under cyberattacks and human behavior responses will be utilized to develop architectures for resilient operation of these systems. This project could be funded through National Science Foundation (Humans Disasters and Built Environment) and Federal Highway Administration. Furthermore, Federal Highway Administration and state agencies are interested in cyberattacks on transportation infrastructure. The research could also scale to a future project on utilizing social media data for detection of cyberattacks on transportation infrastructure as opposed to normal incidents and analyzing the network wide impacts of those cyberattacks using system level data. DOE has interest in energy implications of cyberattacks, and the current project would serve as a pilot for future study on energy implications of cyberattacks on cooperative driving.
Expected Outcomes/Impacts
The following outcomes are anticipated:
- Findings would assist state and other agencies with real-world implementation for deployment of the monitoring architectures developed in this research at traffic management centers for detecting anomalies within real-world transportation networks.
- Allow resilient operation of the connected systems under sensor anomalies or cyberattacks.
- Understand the negative impacts of cyberattacks and improve cooperative driving for safer transportation systems.
Expected Outputs
-Methodology for emulating different sensor anomalies and cyberattacks based on driving conditions of real-world experiment to assess safety effects of transportation systems; analyze crash types and severity.
-Monitoring system and anomaly detection based on long short term Gaussian mixture model to detect multiple cyberattacks and revert the cooperative driving to a safe state.
-Large-scale cyberattack data for safety assessment with evolving sensor anomalies
TRID
There are a several limitations of the existing studies. First, most of the existing studies have relied on using CAN bus data (6) from normal human driven vehicles to emulate cyberattacks (7) due to the lack of availability of real CAV data and developed anomaly detection algorithms (8)(9) or utilized simulation to generate CAV data. Thus, there is a lack of literature on cyber risk assessment in real cooperative driving systems and detection of anomalous behavior in realistic CAVs using real datasets. Further, most of the aforementioned studies classified the AV trajectories (normal or falsified) in an offline manner. Given the limitations of the past literature, our project has the following unique aspects.
1. The study would utilize data from a real CAV platooning experiment to emulate anomalies and detect anomalous behavior within lead and following vehicles of the platoon.
2. The study would develop a long short term memory based Gaussian mixture model (LAGMM) to support anomalous CAV trajectories detection in real-time. The model account for the temporal relations of the trajectories, which have been ignored in the existing studies. The model can improve the detection rates comparing to the state-of-the-art methods.
3. The two-step tasks of the LAGMM (decomposition and density estimation) would be optimized simultaneously, which help it avoid less preferred local optima and further reduce reconstruction errors. The model aims a compression network for generating low-rank approximation for input data by (1) a LSTM autoencoder, which concatenate reduced space features with reconstruction error features, and (2) a GMM model to predict likelihood/energy.
4. Investigation of different types of cyberattacks in cooperative systems to assess how traffic stream stability and safety expressed through volatile behavior and surrogate safety is affected by cyberattacks. This would indicate whether safety effects differ based on types of cyberattacks.
Individuals Involved
| Email |
Name |
Affiliation |
Role |
Position |
| hcain@andrew.cmu.edu |
Cain, Heather |
CIT-CEE |
Other |
Staff - Business Manager |
| bethannh@andrew.cmu.edu |
Hockenberry, Beth |
Carnegie Mellon University |
Other |
Staff - Business Manager |
| zkhattak@cmu.edu |
Khattak, Zulqarnain |
Carnegie Mellon University |
PI |
Faculty - Research/Systems |
| seanqian@cmu.edu |
Qian, Sean |
Carnegie Mellon University |
Co-PI |
Faculty - Tenured |
Budget
Amount of UTC Funds Awarded
$40000.00
Total Project Budget (from all funding sources)
$90020.00
Documents
Match Sources
No match sources!
Partners
| Name |
Type |
| Virginia Department of Transportation |
Deployment & Equity Partner Deployment & Equity Partner |
| Oak Ridge National Laboratory (DOE) |
Deployment Partner Deployment Partner |
