VCIDS: Collaborative Intrusion Detection of Sensor and Actuator Attacks on Connected Vehicles

Abstract

Modern urban vehicles adopt sensing, communication and computing modules into almost every functioning aspect to assist humans in driving. However, the advanced technologies are inherently vulnerable to attacks, exposing vehicles to severe security risks. In this work, we focus on the detection of sensor and actuator attacks that are capable of actively altering vehicle behavior and directly causing damages to human beings and vehicles. We develop a collaborative intrusion detection system where each vehicle leverages sensing data from its onboard sensors and neighboring vehicles to detect sensor and actuator attacks without a centralized authority. The detection utilizes the unique feature that clean data and contaminated data are correlated through the physical dynamics of the vehicle. We demonstrate the effectiveness of the detection system in a scaled autonomous vehicle testbed by launching attacks through various attack channels.

Appendices

Appendix A Data Processing with Measurement Models

IPS. The IPS sensor directly measures and returns the states of a vehicle.

Wheel encoder. The raw data measured by the wheel encoders are the distances traveled by each wheel \((l_L, l_R)\). In data processing phase, we convert them into vehicle states using previous states \(\mathbf x _{k-1}\): \(x_{k} = x_{k-1} + (l_L+l_R)\cos \theta _{k}/2\), \(y_{k} = y_{k-1} + (l_L+l_R)\sin \theta _{k}/2\), \(\theta _{k} = \theta _{k-1} + (l_R-l_L)/R\), where R is the distance between the left and the right wheel.

IMU. The IMU sensor generates a quaternion \([q_0,q_1,q_2,q_3]^T\), a 3-D acceleration \(\mathbf a _{k,M}^{local}\), and a 3-D rotational speed \(\mathbf w _{k,M}^{local}\) on body-fixed coordinate. We first obtain coordinate transformation matrix from body-fixed coordinate to global coordinate [16]:

$$\begin{aligned}&C(q)=&\left[ \begin{array}{ccc} q_0^2+q_1^2-q_2^2-q_3^2&{}2(q_1q_2-q_0q_3)&{}2(q_1q_3+q_0q_2)\\ 2(q_1q_2+q_0q_3)&{}q_0^2-q_1^2+q_2^2-q_3^2&{}2(q_2q_3-q_0q_1)\\ 2(q_1q_3-q_0q_2)&{}2(q_2q_3+q_0q_1)&{}q_0^2-q_1^2-q_2^2+q_3^2\\ \end{array} \right] . \end{aligned}$$

Acceleration vector and rotation speed on the global coordinate system can be obtained as \(C(q)\mathbf a _{k,M}^{local}\) and \(C(q)\mathbf w _{k,M}^{local}\), respectively. Vehicle velocity vector can be updated by: \(\mathbf v _k=[v_{k,M}^x,v_{k,M}^y,v_{k,M}^z]^T = \mathbf v _{k-1}+\mathbf a _k^{global}T\). Then the state vector can be calculated by integration as follows: \(x_k=x_{k-1}\,+\,v_{k,M}^xT\,+\,\frac{1}{2}a_{k,M}^x T^2\), \(y_k=y_{k-1}+v_{k,M}^yT+\frac{1}{2}a_{k,M}^y T^2\), \(\theta _k = \theta _{k-1}+w_{k,M}^z T\).

After the data processing phase for each sensor, sensor readings transmitted to the controller are in the form of vehicle states. For navigation sensors, we have: \(\mathbf z _{k, i} = \mathbf x _{k}+\mathbf d _{k, i}^s+\xi _{k, i}, i = I,W,M\), where \(\mathbf d _{k, i}^s=[d_{k,i}^{s, x},d_{k,i}^{s, y},d_{k,i}^{s, \theta }]^T\), \(\xi _{k, i}=[\xi _{k, i}^x, \xi _{k, i}^y, \xi _{k, i}^\theta ]^T\) refer to attack vectors and measurement noises for each navigation sensor, respectively.

Appendix B Algorithms

Algorithms 2 and 3³ are proposed in the Appendix of [12]. We include them here to be self-contained.