Kuei-Fang Hsueh, Ayleen Farnood, Isam Al-Darabsah, Mohammad Al Saaideh, Mohammad Al Janaideh, Deepa Kundur
Cooperative adaptive cruise control (CACC) is a smart transportation solution to alleviate traffic congestion and enhance road safety. The performance of CACC systems can be remarkably affected by communication time delays, and traditional control methods often compromise control performance by adjusting control gains to maintain system stability. In this paper, we present a study on the stability of a CACC system in the presence of time delays and highlight the trade-off between control performance and tuning controller gains to address increasing delays. We propose a novel approach incorporating a neural network module called the deep time delay filter (DTDF) to overcome this limitation. The DTDF leverages the assumption that time delays primarily originate from the communication layer of the CACC network, which can be subject to adversarial delays of varying magnitudes. By considering time-delayed versions of the car states and predicting the present (un-delayed) states, the DTDF compensates for the effects of communication delays. The proposed approach combines classical control techniques with machine learning, offering a hybrid control system that excels in explainability and robustness to unknown parameters. We conduct comprehensive experiments using various deep-learning architectures to train and evaluate the DTDF models. Our experiments utilize a robot platform consisting of MATLAB, Simulink, the Optitrack motion capture system, and the Qbot2e robots. Through these experiments, we demonstrate that when appropriately trained, our system can effectively mitigate the adverse effects of constant time delays and outperforms a traditional CACC baseline in control performance. This experimental comparison, to the best of the author’s knowledge, is the first of its kind in the context of a hybrid machine learning CACC system. We thoroughly explore initial conditions and range policy parameters to evaluate our system under various experimental scenarios. By providing detailed insights and experimental results, we aim to contribute to the advancement of CACC research and highlight the potential of hybrid machine learning approaches in improving the performance and reliability of CACC systems.
{"title":"A Deep Time Delay Filter for Cooperative Adaptive Cruise Control","authors":"Kuei-Fang Hsueh, Ayleen Farnood, Isam Al-Darabsah, Mohammad Al Saaideh, Mohammad Al Janaideh, Deepa Kundur","doi":"10.1145/3631613","DOIUrl":"https://doi.org/10.1145/3631613","url":null,"abstract":"Cooperative adaptive cruise control (CACC) is a smart transportation solution to alleviate traffic congestion and enhance road safety. The performance of CACC systems can be remarkably affected by communication time delays, and traditional control methods often compromise control performance by adjusting control gains to maintain system stability. In this paper, we present a study on the stability of a CACC system in the presence of time delays and highlight the trade-off between control performance and tuning controller gains to address increasing delays. We propose a novel approach incorporating a neural network module called the deep time delay filter (DTDF) to overcome this limitation. The DTDF leverages the assumption that time delays primarily originate from the communication layer of the CACC network, which can be subject to adversarial delays of varying magnitudes. By considering time-delayed versions of the car states and predicting the present (un-delayed) states, the DTDF compensates for the effects of communication delays. The proposed approach combines classical control techniques with machine learning, offering a hybrid control system that excels in explainability and robustness to unknown parameters. We conduct comprehensive experiments using various deep-learning architectures to train and evaluate the DTDF models. Our experiments utilize a robot platform consisting of MATLAB, Simulink, the Optitrack motion capture system, and the Qbot2e robots. Through these experiments, we demonstrate that when appropriately trained, our system can effectively mitigate the adverse effects of constant time delays and outperforms a traditional CACC baseline in control performance. This experimental comparison, to the best of the author’s knowledge, is the first of its kind in the context of a hybrid machine learning CACC system. We thoroughly explore initial conditions and range policy parameters to evaluate our system under various experimental scenarios. By providing detailed insights and experimental results, we aim to contribute to the advancement of CACC research and highlight the potential of hybrid machine learning approaches in improving the performance and reliability of CACC systems.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135390911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Intersection management systems, with the assistance of vehicular networks and autonomous vehicles, have potential to perform traffic control more precisely than contemporary signalized intersections. However, as infrastructural intersection management controllers do not directly activate motions of vehicles, it is possible that the vehicles fail to follow the instructions from controllers, undermining system properties such as deadlock-freeness and traffic performance. In this paper, we consider a class of robustness issues, the time violations, which stem from possible discrepancies between scheduled orders and real executions. We refine a graph-based intersection model to build our theoretical foundations and analyze potential deadlocks and their resolvability. We develop solutions that mitigate negative effects of time violations. Particularly, we propose a Robustness-Aware Greedy Scheduling (RGS) algorithm for robust scheduling and evaluate the deadlock-free robustness of different intersection models and scheduling algorithms. Experimental results show that the RGS algorithm is able to significantly improve robustness and keep a good balance with traffic performance.
{"title":"Graph-Based Deadlock Analysis and Prevention for Robust Intelligent Intersection Management","authors":"Kai-En Lin, Kuan-Chun Wang, Yu-Heng Chen, Li-Heng Lin, Ying-Hua Lee, Chung-Wei Lin, Iris Hui-Ru Jiang","doi":"10.1145/3632179","DOIUrl":"https://doi.org/10.1145/3632179","url":null,"abstract":"Intersection management systems, with the assistance of vehicular networks and autonomous vehicles, have potential to perform traffic control more precisely than contemporary signalized intersections. However, as infrastructural intersection management controllers do not directly activate motions of vehicles, it is possible that the vehicles fail to follow the instructions from controllers, undermining system properties such as deadlock-freeness and traffic performance. In this paper, we consider a class of robustness issues, the time violations, which stem from possible discrepancies between scheduled orders and real executions. We refine a graph-based intersection model to build our theoretical foundations and analyze potential deadlocks and their resolvability. We develop solutions that mitigate negative effects of time violations. Particularly, we propose a Robustness-Aware Greedy Scheduling (RGS) algorithm for robust scheduling and evaluate the deadlock-free robustness of different intersection models and scheduling algorithms. Experimental results show that the RGS algorithm is able to significantly improve robustness and keep a good balance with traffic performance.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135341889","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ion Matei, Wiktor Piotrowski, Alexandre Perez, Johan de Kleer, Jorge Tierno, Wendy Mungovan, Vance Turnewitsch
We demonstrate an end-to-end framework to improve the resilience of man-made systems to unforeseen events. The framework is based on a physics-based digital twin model and three modules tasked with real-time fault diagnosis, prognostics and reconfiguration. The fault diagnosis module uses model-based diagnosis algorithms to detect and isolate faults and generates interventions in the system to disambiguate uncertain diagnosis solutions. We scale up the fault diagnosis algorithm to the required real-time performance through the use of parallelization and surrogate models of the physics-based digital twin. The prognostics module tracks fault progression and trains the online degradation models to compute remaining useful life of system components. In addition, we use the degradation models to assess the impact of the fault progression on the operational requirements. The reconfiguration module uses PDDL-based planning endowed with semantic attachments to adjust the system controls to minimize the fault impact on the system operation. We define a resilience metric and use a fuel system example to demonstrate how the metric improves with our framework.
{"title":"System Resilience through Health Monitoring and Reconfiguration","authors":"Ion Matei, Wiktor Piotrowski, Alexandre Perez, Johan de Kleer, Jorge Tierno, Wendy Mungovan, Vance Turnewitsch","doi":"10.1145/3631612","DOIUrl":"https://doi.org/10.1145/3631612","url":null,"abstract":"We demonstrate an end-to-end framework to improve the resilience of man-made systems to unforeseen events. The framework is based on a physics-based digital twin model and three modules tasked with real-time fault diagnosis, prognostics and reconfiguration. The fault diagnosis module uses model-based diagnosis algorithms to detect and isolate faults and generates interventions in the system to disambiguate uncertain diagnosis solutions. We scale up the fault diagnosis algorithm to the required real-time performance through the use of parallelization and surrogate models of the physics-based digital twin. The prognostics module tracks fault progression and trains the online degradation models to compute remaining useful life of system components. In addition, we use the degradation models to assess the impact of the fault progression on the operational requirements. The reconfiguration module uses PDDL-based planning endowed with semantic attachments to adjust the system controls to minimize the fault impact on the system operation. We define a resilience metric and use a fuel system example to demonstrate how the metric improves with our framework.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135818870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Increasingly Industrial Control Systems (ICS) systems are being connected to the Internet to minimise the operational costs and provide additional flexibility. These control systems such as the ones used in power grids, manufacturing and utilities operate continually and have long lifespans measured in decades rather than years as in the case of IT systems. Such industrial control systems require uninterrupted and safe operation. However, they can be vulnerable to a variety of attacks, as successful attacks on critical control infrastructures could have devastating consequences to the safety of human lives as well as a nation’s security and prosperity. Furthermore, there can be a range of attacks that can target ICS and it is not easy to secure these systems against all known attacks let alone unknown ones. In this paper, we propose a software enabled security architecture using Software Defined Networking (SDN) and Network Function Virtualisation (NFV) that can enhance the capability to secure industrial control systems. We have designed such an SDN/NFV enabled security architecture and developed a Control System Security Application (CSSA) in SDN Controller for enhancing security in ICS by achieving real time situational awareness and dynamic policy-driven decision making across the network infrastructure. In particular, CSSA can be used for establishing secure path for end-to-end communication between devices and also deal against certain specific attacks namely denial of service attacks, from unpatched vulnerable control system components and securing the communication flows from the legacy devices that do not support any security functionality. We also discuss how CSSA provides reliable paths for safety critical messages in control systems. We discuss the prototype implementation of the proposed architecture and the results obtained from our analysis.
{"title":"Techniques for Enhancing Security in Industrial Control Systems","authors":"Vijay Varadharajan, Uday Tupakula, Kallol Krishna Karmakar","doi":"10.1145/3630103","DOIUrl":"https://doi.org/10.1145/3630103","url":null,"abstract":"Increasingly Industrial Control Systems (ICS) systems are being connected to the Internet to minimise the operational costs and provide additional flexibility. These control systems such as the ones used in power grids, manufacturing and utilities operate continually and have long lifespans measured in decades rather than years as in the case of IT systems. Such industrial control systems require uninterrupted and safe operation. However, they can be vulnerable to a variety of attacks, as successful attacks on critical control infrastructures could have devastating consequences to the safety of human lives as well as a nation’s security and prosperity. Furthermore, there can be a range of attacks that can target ICS and it is not easy to secure these systems against all known attacks let alone unknown ones. In this paper, we propose a software enabled security architecture using Software Defined Networking (SDN) and Network Function Virtualisation (NFV) that can enhance the capability to secure industrial control systems. We have designed such an SDN/NFV enabled security architecture and developed a Control System Security Application (CSSA) in SDN Controller for enhancing security in ICS by achieving real time situational awareness and dynamic policy-driven decision making across the network infrastructure. In particular, CSSA can be used for establishing secure path for end-to-end communication between devices and also deal against certain specific attacks namely denial of service attacks, from unpatched vulnerable control system components and securing the communication flows from the legacy devices that do not support any security functionality. We also discuss how CSSA provides reliable paths for safety critical messages in control systems. We discuss the prototype implementation of the proposed architecture and the results obtained from our analysis.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136018959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Deval Shah, Zi Yu Xue, Karthik Pattabiraman, Tor M. Aamodt
Motion planning is a computationally intensive and well-studied problem in autonomous robots. However, motion planning hardware accelerators (MPA) must be soft-error resilient for deployment in safety-critical applications, and blanket application of traditional mitigation techniques is ill-suited due to cost, power, and performance overheads. We propose Collision Exposure Factor (CEF), a novel metric to assess the failure vulnerability of circuits processing spatial relationships, including motion planning. CEF is based on the insight that the safety violation probability increases with the surface area of the physical space exposed by a bit-flip. We evaluate CEF on four MPAs. We demonstrate empirically that CEF is correlated with safety violation probability, and that CEF-aware selective error mitigation provides 12.3 ×, 9.6 ×, and 4.2 × lower dangerous Failures-In-Time rate on average for the same amount of protected memory compared to uniform, bit-position, and access-frequency-aware selection of critical data. Furthermore, we show how to employ CEF to enable fault characterization using 23, 000 × fewer fault injection (FI) experiments than exhaustive FI, and evaluate our FI approach on different robots and MPAs. We demonstrate that CEF-aware FI can provide insights on vulnerable bits in an MPA while taking the same amount of time as uniform statistical FI. Finally, we use the CEF to formulate guidelines for designing soft-error resilient MPAs.
{"title":"Characterizing and Improving Resilience of Accelerators to Memory Errors in Autonomous Robots","authors":"Deval Shah, Zi Yu Xue, Karthik Pattabiraman, Tor M. Aamodt","doi":"10.1145/3627828","DOIUrl":"https://doi.org/10.1145/3627828","url":null,"abstract":"Motion planning is a computationally intensive and well-studied problem in autonomous robots. However, motion planning hardware accelerators (MPA) must be soft-error resilient for deployment in safety-critical applications, and blanket application of traditional mitigation techniques is ill-suited due to cost, power, and performance overheads. We propose Collision Exposure Factor (CEF), a novel metric to assess the failure vulnerability of circuits processing spatial relationships, including motion planning. CEF is based on the insight that the safety violation probability increases with the surface area of the physical space exposed by a bit-flip. We evaluate CEF on four MPAs. We demonstrate empirically that CEF is correlated with safety violation probability, and that CEF-aware selective error mitigation provides 12.3 ×, 9.6 ×, and 4.2 × lower dangerous Failures-In-Time rate on average for the same amount of protected memory compared to uniform, bit-position, and access-frequency-aware selection of critical data. Furthermore, we show how to employ CEF to enable fault characterization using 23, 000 × fewer fault injection (FI) experiments than exhaustive FI, and evaluate our FI approach on different robots and MPAs. We demonstrate that CEF-aware FI can provide insights on vulnerable bits in an MPA while taking the same amount of time as uniform statistical FI. Finally, we use the CEF to formulate guidelines for designing soft-error resilient MPAs.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135366639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Levente Csikor, Hoon Wei Lim, Jun Wen Wong, Soundarya Ramesh, Rohini Poolat Parameswarath, Mun Choon Chan
Automotive Keyless Entry (RKE) systems provide car owners with a degree of convenience, allowing them to lock and unlock the car without using a mechanical key. Today’s RKE systems implement disposable rolling codes, making every key fob button press unique, effectively preventing simple replay attacks. However, a prior attack called RollJam was proven to break all rolling code-based systems in general. By a careful sequence of signal jamming, capturing, and replaying, an attacker can become aware of the subsequent valid unlock signal that has not been used yet. RollJam, however, requires continuous deployment indefinitely until it is exploited. Otherwise, the captured signals become invalid if the key fob is used again without RollJam in place. We introduce RollBack, a new replay-and-resynchronize attack against most of today’s RKE systems. In particular, we show that even though the one-time code becomes invalid in rolling code systems, replaying a few previously captured signals consecutively can trigger a rollback-like mechanism in the RKE system. Put differently, the rolling codes become resynchronized back to a previous code used in the past from where all subsequent yet already used signals work again. Moreover, the victim can still use the key fob without noticing any difference before and after the attack. Unlike RollJam, RollBack does not necessitate jamming at all. In fact, it requires signal capturing only once and can be exploited at any time in the future as many times as desired. This time-agnostic property is particularly attractive to attackers, especially in car-sharing/renting scenarios where accessing the key fob is straightforward. However, while RollJam defeats virtually any rolling code-based system, vehicles might have additional anti-theft measures against malfunctioning key fobs, hence against RollBack. Our ongoing analysis (with crowd-sourced data) against different vehicle makes and models has revealed that ∼ 50% of the examined vehicles in the Asian region are vulnerable to RollBack, while the impact tends to be smaller in other regions like Europe and North America.
{"title":"RollBack: A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems","authors":"Levente Csikor, Hoon Wei Lim, Jun Wen Wong, Soundarya Ramesh, Rohini Poolat Parameswarath, Mun Choon Chan","doi":"10.1145/3627827","DOIUrl":"https://doi.org/10.1145/3627827","url":null,"abstract":"Automotive Keyless Entry (RKE) systems provide car owners with a degree of convenience, allowing them to lock and unlock the car without using a mechanical key. Today’s RKE systems implement disposable rolling codes, making every key fob button press unique, effectively preventing simple replay attacks. However, a prior attack called RollJam was proven to break all rolling code-based systems in general. By a careful sequence of signal jamming, capturing, and replaying, an attacker can become aware of the subsequent valid unlock signal that has not been used yet. RollJam, however, requires continuous deployment indefinitely until it is exploited. Otherwise, the captured signals become invalid if the key fob is used again without RollJam in place. We introduce RollBack, a new replay-and-resynchronize attack against most of today’s RKE systems. In particular, we show that even though the one-time code becomes invalid in rolling code systems, replaying a few previously captured signals consecutively can trigger a rollback-like mechanism in the RKE system. Put differently, the rolling codes become resynchronized back to a previous code used in the past from where all subsequent yet already used signals work again. Moreover, the victim can still use the key fob without noticing any difference before and after the attack. Unlike RollJam, RollBack does not necessitate jamming at all. In fact, it requires signal capturing only once and can be exploited at any time in the future as many times as desired. This time-agnostic property is particularly attractive to attackers, especially in car-sharing/renting scenarios where accessing the key fob is straightforward. However, while RollJam defeats virtually any rolling code-based system, vehicles might have additional anti-theft measures against malfunctioning key fobs, hence against RollBack. Our ongoing analysis (with crowd-sourced data) against different vehicle makes and models has revealed that ∼ 50% of the examined vehicles in the Asian region are vulnerable to RollBack, while the impact tends to be smaller in other regions like Europe and North America.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135729097","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this article, we investigate the vehicle path-following problem for a vehicle-to-vehicle (V2V)–enabled leader–follower scenario and propose an integrated control policy for the following vehicle to accurately follow the leader’s path. We propose a control strategy for the follower vehicle to maintain a velocity-dependent distance relative to the leader vehicle while stabilizing its longitudinal and lateral dynamics considering the combined-slip effect and tire force saturation. In light of reducing wireless communication errors and efficient usage of battery power and resources, we propose an intermittent V2V communication in which transmissions are scheduled based on an event-triggered law. An event is triggered and a transmission is scheduled in subsequent sample time if some of the well-defined path-following error functions (relative distance error and lateral error) exceed given tolerance bounds. Considering that the V2V communication channel might be erroneous or a transmission fails due to, e.g., vehicles’ distance or low battery power, we consider data loss in the V2V channel. Our proposed control law consists of two components: a receding horizon feedback controller with state constraints based on a safe operation envelop and a feedforward controller that generates complementary control inputs when the leader’s states are successfully communicated to the follower. To mitigate the effects of data loss on the follower’s path-following performance, we design a remote estimator for the follower to predict the leader’s state using its on-board sensor equipment when an event is triggered but the corresponding state information is not received by the follower due to a packet loss. Incorporating this estimator allows the follower to apply cautionary control inputs knowing that the path-following error had exceeded a tolerance bound. We show that while the feedback controller stabilizes the follower’s dynamics, the feedforward component improves the safety margins and reduces the path-following errors even in the presence of data loss. High-fidelity simulations are performed using CarSim to validate the effectiveness of our proposed control architecture specifically in harsh maneuvers and high-slip scenarios on various road surface conditions.
{"title":"Event-Triggered Control with Intermittent Communications over Erasure Channels for Leader-Follower Problems with the Combined-Slip Effect","authors":"Mohammad H. Mamduhi, Ehsan Hashemi","doi":"10.1145/3625562","DOIUrl":"https://doi.org/10.1145/3625562","url":null,"abstract":"In this article, we investigate the vehicle path-following problem for a vehicle-to-vehicle (V2V)–enabled leader–follower scenario and propose an integrated control policy for the following vehicle to accurately follow the leader’s path. We propose a control strategy for the follower vehicle to maintain a velocity-dependent distance relative to the leader vehicle while stabilizing its longitudinal and lateral dynamics considering the combined-slip effect and tire force saturation. In light of reducing wireless communication errors and efficient usage of battery power and resources, we propose an intermittent V2V communication in which transmissions are scheduled based on an event-triggered law. An event is triggered and a transmission is scheduled in subsequent sample time if some of the well-defined path-following error functions (relative distance error and lateral error) exceed given tolerance bounds. Considering that the V2V communication channel might be erroneous or a transmission fails due to, e.g., vehicles’ distance or low battery power, we consider data loss in the V2V channel. Our proposed control law consists of two components: a receding horizon feedback controller with state constraints based on a safe operation envelop and a feedforward controller that generates complementary control inputs when the leader’s states are successfully communicated to the follower. To mitigate the effects of data loss on the follower’s path-following performance, we design a remote estimator for the follower to predict the leader’s state using its on-board sensor equipment when an event is triggered but the corresponding state information is not received by the follower due to a packet loss. Incorporating this estimator allows the follower to apply cautionary control inputs knowing that the path-following error had exceeded a tolerance bound. We show that while the feedback controller stabilizes the follower’s dynamics, the feedforward component improves the safety margins and reduces the path-following errors even in the presence of data loss. High-fidelity simulations are performed using CarSim to validate the effectiveness of our proposed control architecture specifically in harsh maneuvers and high-slip scenarios on various road surface conditions.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135767377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Klaus Bengler, Werner Damm, Andreas Luedtke, Jochem Rieger, Benedikt Austel, Bianca Biebl, Martin Fränzle, Willem Hagemann, Moritz Held, David Hess, Klas Ihme, Severin Kacianka, Alyssa J. Kerscher, Lain Forrest, Sebastian Lehnhoff, Alexander Pretschner, Astrid Rakow, Daniel Sonntag, Janos Sztipanovits, Maike Schwammberger, Mark Schweda, Anirudh Unni, Eric Veith
As automation increases qualitatively and quantitatively in safety-critical human cyber-physical systems, it is becoming more and more challenging to increase the probability or ensure that human operators still perceive key artefacts and comprehend their roles in the system. In the companion paper, we proposed an abstract reference architecture capable of expressing all classes of system-level interactions in human cyber-physical systems. Here we demonstrate how this reference architecture supports the analysis of levels of communication between agents and helps to identify the potential for misunderstandings and misconceptions. We then develop a metamodel for safe human machine interaction. Therefore, we ask what type of information exchange must be supported on what level so that humans and systems can cooperate as a team, what is the criticality of exchanged information, what are timing requirements for such interactions, and how can we communicate highly critical information in a limited time frame in spite of the many sources of a distorted perception. We highlight shared stumbling blocks and illustrate shared design principles, which rest on established ontologies specific to particular application classes. In order to overcome the partial opacity of internal states of agents, we anticipate a key role of virtual twins of both human and technical cooperation partners for designing a suitable communication.
{"title":"A References Architecture for Human Cyber Physical Systems - PART II: Fundamental Design Principles for Human-CPS Interaction","authors":"Klaus Bengler, Werner Damm, Andreas Luedtke, Jochem Rieger, Benedikt Austel, Bianca Biebl, Martin Fränzle, Willem Hagemann, Moritz Held, David Hess, Klas Ihme, Severin Kacianka, Alyssa J. Kerscher, Lain Forrest, Sebastian Lehnhoff, Alexander Pretschner, Astrid Rakow, Daniel Sonntag, Janos Sztipanovits, Maike Schwammberger, Mark Schweda, Anirudh Unni, Eric Veith","doi":"10.1145/3622880","DOIUrl":"https://doi.org/10.1145/3622880","url":null,"abstract":"As automation increases qualitatively and quantitatively in safety-critical human cyber-physical systems, it is becoming more and more challenging to increase the probability or ensure that human operators still perceive key artefacts and comprehend their roles in the system. In the companion paper, we proposed an abstract reference architecture capable of expressing all classes of system-level interactions in human cyber-physical systems. Here we demonstrate how this reference architecture supports the analysis of levels of communication between agents and helps to identify the potential for misunderstandings and misconceptions. We then develop a metamodel for safe human machine interaction. Therefore, we ask what type of information exchange must be supported on what level so that humans and systems can cooperate as a team, what is the criticality of exchanged information, what are timing requirements for such interactions, and how can we communicate highly critical information in a limited time frame in spite of the many sources of a distorted perception. We highlight shared stumbling blocks and illustrate shared design principles, which rest on established ontologies specific to particular application classes. In order to overcome the partial opacity of internal states of agents, we anticipate a key role of virtual twins of both human and technical cooperation partners for designing a suitable communication.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136061283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jiangwei Wang, Lili Su, Songyang Han, Dongjin Song, Fei Miao
Hybrid traffic which involves both autonomous and human-driven vehicles would be the norm of the autonomous vehicles’ practice for a while. On the one hand, unlike autonomous vehicles, human-driven vehicles could exhibit sudden abnormal behaviors such as unpredictably switching to dangerous driving modes – putting its neighboring vehicles under risks; such undesired mode switching could arise from numbers of human driver factors, including fatigue, drunkenness, distraction, aggressiveness, etc. On the other hand, modern vehicle-to-vehicle (V2V) communication technologies enable the autonomous vehicles to efficiently and reliably share the scarce run-time information with each other [1]. In this paper, we propose, to the best of our knowledge, the first efficient algorithm that can (1) significantly improve trajectory prediction by effectively fusing the run-time information shared by surrounding autonomous vehicles, and can (2) accurately and quickly detect abnormal human driving mode switches or abnormal driving behavior with formal assurance without hurting human drivers’ privacy. To validate our proposed algorithm, we first evaluate our proposed trajectory predictor on NGSIM and Argoverse datasets and show that our proposed predictor outperforms the baseline methods. Then through extensive experiments on SUMO simulator, we show that our proposed algorithm has great detection performance in both highway and urban traffic. The best performance achieves detection rate of (97.3% ) , average detection delay of 1.2s, and 0 false alarm.
{"title":"Towards Safe Autonomy in Hybrid Traffic: Detecting Unpredictable Abnormal Behaviors of Human Drivers via Information Sharing","authors":"Jiangwei Wang, Lili Su, Songyang Han, Dongjin Song, Fei Miao","doi":"10.1145/3616398","DOIUrl":"https://doi.org/10.1145/3616398","url":null,"abstract":"Hybrid traffic which involves both autonomous and human-driven vehicles would be the norm of the autonomous vehicles’ practice for a while. On the one hand, unlike autonomous vehicles, human-driven vehicles could exhibit sudden abnormal behaviors such as unpredictably switching to dangerous driving modes – putting its neighboring vehicles under risks; such undesired mode switching could arise from numbers of human driver factors, including fatigue, drunkenness, distraction, aggressiveness, etc. On the other hand, modern vehicle-to-vehicle (V2V) communication technologies enable the autonomous vehicles to efficiently and reliably share the scarce run-time information with each other [1]. In this paper, we propose, to the best of our knowledge, the first efficient algorithm that can (1) significantly improve trajectory prediction by effectively fusing the run-time information shared by surrounding autonomous vehicles, and can (2) accurately and quickly detect abnormal human driving mode switches or abnormal driving behavior with formal assurance without hurting human drivers’ privacy. To validate our proposed algorithm, we first evaluate our proposed trajectory predictor on NGSIM and Argoverse datasets and show that our proposed predictor outperforms the baseline methods. Then through extensive experiments on SUMO simulator, we show that our proposed algorithm has great detection performance in both highway and urban traffic. The best performance achieves detection rate of (97.3% ) , average detection delay of 1.2s, and 0 false alarm.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136059975","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Werner Damm, Martin Fränzle, Alyssa J. Kerscher, Laine Forrest, Klaus Bengler, Bianca Biebl, Willem Hagemann, Moritz Held, David Hess, Klas Ihme, Severin Kacianka, Sebastian Lehnhoff, Andreas Luedtke, Alexander Pretschner, Astrid Rakow, Rieger Jochem, Daniel Sonntag, Jonas Sztipanovits, Maike Schwammberger, Mark Schweda, Alexander Trende, Anirudh Unni, Eric Veith
The design and analysis of multi-agent human cyber-physical systems in safety-critical or industry-critical domains calls for an adequate semantic foundation capable of exhaustively and rigorously describing all emergent effects in the joint dynamic behavior of the agents that are relevant to their safety and well-behavior. We present such a semantic foundation. This framework extends beyond previous approaches by extending the agent-local dynamic state beyond state components under direct control of the agent and belief about other agents (as previously suggested for understanding cooperative as well as rational behavior) to agent-local evidence and belief about the overall cooperative, competitive, or coopetitive game structure. We argue that this extension is necessary for rigorously analyzing systems of human cyber-physical systems because humans are known to employ cognitive replacement models of system dynamics that are both non-stationary and potentially incongruent. These replacement models induce visible and potentially harmful effects on their joint emergent behavior and the interaction with cyber-physical system components.
{"title":"A REFERENCE ARCHITECTURE OF HUMAN CYBER-PHYSICAL SYSTEMS – PART III: SEMANTIC FOUNDATIONS","authors":"Werner Damm, Martin Fränzle, Alyssa J. Kerscher, Laine Forrest, Klaus Bengler, Bianca Biebl, Willem Hagemann, Moritz Held, David Hess, Klas Ihme, Severin Kacianka, Sebastian Lehnhoff, Andreas Luedtke, Alexander Pretschner, Astrid Rakow, Rieger Jochem, Daniel Sonntag, Jonas Sztipanovits, Maike Schwammberger, Mark Schweda, Alexander Trende, Anirudh Unni, Eric Veith","doi":"10.1145/3622881","DOIUrl":"https://doi.org/10.1145/3622881","url":null,"abstract":"The design and analysis of multi-agent human cyber-physical systems in safety-critical or industry-critical domains calls for an adequate semantic foundation capable of exhaustively and rigorously describing all emergent effects in the joint dynamic behavior of the agents that are relevant to their safety and well-behavior. We present such a semantic foundation. This framework extends beyond previous approaches by extending the agent-local dynamic state beyond state components under direct control of the agent and belief about other agents (as previously suggested for understanding cooperative as well as rational behavior) to agent-local evidence and belief about the overall cooperative, competitive, or coopetitive game structure. We argue that this extension is necessary for rigorously analyzing systems of human cyber-physical systems because humans are known to employ cognitive replacement models of system dynamics that are both non-stationary and potentially incongruent. These replacement models induce visible and potentially harmful effects on their joint emergent behavior and the interaction with cyber-physical system components.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136062299","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}