Compromised ACC vehicles can degrade current mixed-autonomy traffic performance while remaining stealthy against detection

We demonstrate that a supply-chain level compromise of the adaptive cruise control (ACC) capability on equipped vehicles can be used to significantly degrade system level performance of current day mixed-autonomy freeway networks. Via a simple threat model which causes random deceleration attacks (RDAs), compromised vehicles create congestion waves in the traffic that decrease average speed and network throughput. We use a detailed and realistic traffic simulation environment to quantify the impacts of the attack on a model of a real high-volume freeway in the United States. We find that the effect of the attack depends both on the level of underlying traffic congestion, and what percentage of ACC vehicles can be compromised. In moderate congestion regimes the attack can degrade mean commuter speed by over 7%. In high density regimes overall network throughput can be reduced by up to 3%. And, in moderate to high congestion regimes, it can cost commuters on the network over 300 USD kmhr . All of these results motivate that the proposed attack is able to significantly degrade performance of the traffic network. We also develop an anomaly detection technique that uses GPS traces on vehicles to identify malicious/compromised vehicles. We employ this technique on data from the simulation experiments and find that it is unable to identify compromised ACCs compared to benign/normal drivers. That is, these attacks are stealthy to detection. Stronger attacks can be accurately labeled as malicious, motivating that there is a limit to how impactful attacks can be before they are no longer stealthy. Finally, we experimentally execute the attack on a real and commercially available ACC vehicle, demonstrating the possible real world feasibility of an RDA. In particular, we test two wellknown CAN bus detection techniques on the ensuing data and find that they fail to identify the malicious messages, suggesting that the attacks may be stealthy to detection at the vehicular level as well. These results suggest that current-day mixed-autonomy traffic may be vulnerable to cyber-attacks that can degrade system-level performance, all while remaining stealthy against detection.

[1]  Jonathan Sprinkle,et al.  From CAN to ROS: A Monitoring and Data Recording Bridge , 2021 .

[2]  Rajnikant Sharma,et al.  Learning-Based Adversarial Agent Detection and Identification in Cyber Physical Systems Applied to Autonomous Vehicular Platoon , 2019, 2019 IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS).

[3]  Jugal K. Kalita,et al.  An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection , 2015, Pattern Recognit. Lett..

[4]  Mirco Marchetti,et al.  Anomaly detection of CAN bus messages through analysis of ID sequences , 2017, 2017 IEEE Intelligent Vehicles Symposium (IV).

[5]  Maria Laura Delle Monache,et al.  Are Commercially Implemented Adaptive Cruise Control Systems String Stable? , 2019, IEEE Transactions on Intelligent Transportation Systems.

[6]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[7]  Jonathan Sprinkle,et al.  Libpanda: A High Performance Library for Vehicle Data Collection , 2021 .

[8]  Jae-Gil Lee,et al.  Temporal Outlier Detection in Vehicle Traffic Data , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[9]  Alexandre M. Bayen,et al.  Evaluation of traffic data obtained via GPS-enabled mobile phones: The Mobile Century field experiment , 2009 .

[10]  Alexandre M. Bayen,et al.  Flow: Architecture and Benchmarking for Reinforcement Learning in Traffic Control , 2017, ArXiv.

[11]  Maria Laura Delle Monache,et al.  Dissipation of stop-and-go waves via control of autonomous vehicles: Field experiments , 2017, ArXiv.

[12]  Nelson H. C. Yung,et al.  Outlier Detection in Traffic Data Based on the Dirichlet Process Mixture Model , 2015 .

[13]  Jianting Zhang Smarter outlier detection and deeper understanding of large-scale taxi trip records: a case study of NYC , 2012, UrbComp '12.

[14]  Yiheng Feng,et al.  Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control , 2018, NDSS.

[15]  Michail Maniatakos,et al.  Stop-and-Go: Exploring Backdoor Attacks on Deep Reinforcement Learning-Based Traffic Congestion Control Systems , 2020, IEEE Transactions on Information Forensics and Security.

[16]  Mohammad Samie,et al.  Evaluation of CAN Bus Security Challenges † , 2020, Sensors.

[17]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[18]  Jin Wang,et al.  Anomaly Detection Based on Convolutional Recurrent Autoencoder for IoT Time Series , 2022, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[19]  D. Schrank,et al.  2012 Urban Mobility Report , 2002 .

[20]  R. W. Barsness,et al.  The Department of Transportation , 1970 .

[21]  Daniel D. Dunn,et al.  Attacker-induced traffic flow instability in a stream of automated vehicles , 2015 .

[22]  Natalia Gimelshein,et al.  PyTorch: An Imperative Style, High-Performance Deep Learning Library , 2019, NeurIPS.

[23]  Kun Jiang,et al.  An Overview of Attacks and Defences on Intelligent Connected Vehicles , 2019, ArXiv.

[24]  Gedare Bloom,et al.  Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes , 2019, AutoSec@CODASPY.

[25]  Prateek Mittal,et al.  DARTS: Deceiving Autonomous Cars with Toxic Signs , 2018, ArXiv.

[26]  Daniel B. Work,et al.  Model-Based String Stability of Adaptive Cruise Control Systems Using Field Data , 2020, IEEE Transactions on Intelligent Vehicles.

[27]  Helbing,et al.  Congested traffic states in empirical observations and microscopic simulations , 2000, Physical review. E, Statistical physics, plasmas, fluids, and related interdisciplinary topics.

[28]  Sara Dadras,et al.  Identification of the Attacker in Cyber-Physical Systems with an Application to Vehicular Platooning in Adversarial Environment , 2018, 2018 Annual American Control Conference (ACC).

[29]  Djamel Djenouri,et al.  A Survey on Urban Traffic Anomalies Detection Algorithms , 2019, IEEE Access.

[30]  Sara Dadras,et al.  Reachable Set Analysis of Vehicular Platooning in Adversarial Environment , 2018, 2018 Annual American Control Conference (ACC).

[31]  Rajnikant Sharma,et al.  Learning Based Vehicle Platooning Threat Detection, Identification and Mitigation , 2021 .

[32]  H. Vincent Poor,et al.  BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid , 2018, USENIX Security Symposium.

[33]  Zhi-Hua Zhou,et al.  iBAT: detecting anomalous taxi trajectories from GPS traces , 2011, UbiComp '11.

[34]  Eder Santana,et al.  Learning a Driving Simulator , 2016, ArXiv.

[35]  Daniel Krajzewicz,et al.  Recent Development and Applications of SUMO - Simulation of Urban MObility , 2012 .

[36]  Ming Li,et al.  Regular: Attacker-Induced Traffic Flow Instability in a Stream of Semi-Automated Vehicles , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[37]  Anthony Gar-On Yeh,et al.  Outlier Detection In Large-scale Traffic Data By Naïve Bayes Method and Gaussian Mixture Model Method , 2015, IRIACV.

[38]  J. Alex Halderman,et al.  Green Lights Forever: Analyzing the Security of Traffic Infrastructure , 2014, WOOT.

[39]  Steven E Shladover,et al.  Modeling cooperative and autonomous adaptive cruise control dynamic responses using experimental data , 2014 .

[40]  Kevin Fu,et al.  Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving , 2019, CCS.

[41]  Lutz Eckstein,et al.  The highD Dataset: A Drone Dataset of Naturalistic Vehicle Trajectories on German Highways for Validation of Highly Automated Driving Systems , 2018, 2018 21st International Conference on Intelligent Transportation Systems (ITSC).

[42]  Alexandre M. Bayen,et al.  On Cybersecurity of Freeway Control Systems: Analysis of Coordinated Ramp Metering Attacks , 2015 .

[43]  Saurabh Amin,et al.  Vulnerability of Transportation Networks to Traffic-Signal Tampering , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).

[44]  Steven E. Shladover,et al.  Potential Cyberattacks on Automated Vehicles , 2015, IEEE Transactions on Intelligent Transportation Systems.

[45]  Soodeh Dadras,et al.  Vehicular Platooning in an Adversarial Environment , 2015, AsiaCCS.