Hybrid Control as a Proxy for Detection and Mitigation of Sensor Attacks in Cooperative Driving

TL;DR

The paper addresses false-data injection attacks on cooperative adaptive cruise control by introducing a real-time hybrid controller that uses multiple equivalent controller realizations, each driven by different sensor subsets, to detect and mitigate attacks. Attack detection is achieved by monitoring inconsistencies in control signals across realizations, with healthy inputs switching to a nominal input that preserves stability. A hybrid automaton governs flows and jumps between a healthy mode and attack modes, including resets to avoid lingering effects; this yields attack-resilient performance without requiring new stability analysis since the nominal controller is already stable. The approach leverages sensor redundancy and flow-jump design to achieve real-time detection, mitigation, and restoration of safe operation, and has potential applicability to a broader class of cyber-physical systems beyond CACC.

Abstract

We propose a real-time hybrid controller scheme to detect and mitigate False-Data Injection (FDI) attacks on Cooperative Adaptive Cruise Control (CACC). Our method uses sensor redundancy to create equivalent controller realizations, each driven by distinct sensor subsets but producing identical control inputs when no attack occurs. By comparing control signals and measurements via majority voting, the scheme identifies compromised sensors in real-time and switches to a healthy controller. The hybrid controller uses attack-dependent flow and jump sets, and resets compromised controllers' states. Simulation results demonstrate the effectiveness of this approach.

Figures (5)

• Figure 1: Vehicle platoon with CACC. Each vehicle has onboard sensors (e.g., LiDARs, cameras, and velocity/acceleration sensors) which may be subject to FDI attacks.
• Figure 2: Jumps between modes $q_0, q_{j|k}$, and $q_{3-j|l}, \, j,k,l\in\{1,2\}$, where the system either jumps from or to healthy mode, or transitions between attack modes with different controller realizations $\mathcal{F}_{j|k}$ and $\mathcal{F}_{3-j|l}$.
• Figure 3: Switching between modes $q_{j|1}$ and $q_{j|2}$ for $j\in\{1,2\}$, indicating the attacker switches its FDI attack between $\mathcal{F}_{j|1}$ and $\mathcal{F}_{j|2}$.
• Figure 4: Resulting inter-vehicle distance $d_1$, velocities $v_1$ and $v_2$, and controller inputs $u_{j|k}$ for $j,k \in \{1,2\}$ during the FDI sequence \ref{['eq:AttSequence']}.
• Figure 5: Resulting discrete mode $q \in Q$ with the controller output shown in red (indicating the active mode), ground truth mode transitions in blue, and system output $y_{4+j|k}$ for $j,k$ during the FDI attack sequence \ref{['eq:AttSequence']}.