Change Point Models for Real-Time Cyber Attack Detection in Connected Vehicle Environment

Abstract

Connected vehicle (CV) systems are subject to potential cyber attacks because of increasing connectivity between its different components, such as vehicles, roadside infrastructure, and traffic management centers. However, it is a challenge to detect security threats in real-time and develop appropriate or effective countermeasures for a CV system because of the dynamic behavior of such attacks, high computational power requirement, and a historical data requirement for training detection models. To address these challenges, statistical models, especially change point models, have potentials for real-time anomaly detection. Thus, the objective of this study is to investigate the efficacy of two change point models; Expectation Maximization (EM) and two forms of Cumulative Summation (CUSUM) algorithms (i.e., typical and adaptive), for real-time vehicle-to-infrastructure (V2I) cyber attack detection in a CV Environment. To prove the efficacy of these models, we evaluated these two models for three different types of cyber attack, denial of service (DOS), impersonation, and false information, using basic safety messages (BSMs) generated from CVs through simulation. Results from numerical analysis revealed that EM, CUSUM, and adaptive CUSUM (aCUSUM) could detect these cyberattacks, such as DOS, impersonation, and false information with low false positives.