CVGuard: Mitigating Application Attacks on Connected Vehicles

Connected vehicle (CV) applications promise to revolutionize our transportation systems, improving safety and traffic capacity while reducing environmental footprint. Many CV applications have been proposed towards these goals, with the US Department of Transportation (USDOT) recently initiating some designated deployment sites to enable experimentation and validation. While the focus of this initial development effort is on demonstrating the functionality of a range of proposed applications, recent attacks have demonstrated their vulnerability to application level attacks. In these attacks, a malicious actor operates within the application’s parameters but providing falsified information. This paper explores a framework that protects against such application-level attacks. Then, we analyze the impact of the attacks, showing that an individual attacker can have substantial effects on the safety and efficiency of traffic flow even in the presence of message security standards developed by USDOT, motivating the need for our defense. Our defense relies on physically modeling the vehicles and their interaction using dynamic models and state estimation filters as well as reinforcement learning. It combines these observations with knowledge of application rules and guidelines to capture logic deviations. We demonstrate that the resultant defense, called CVGuard, can accurately and promptly detect attacks, with low false positive rates over a range of attack scenarios for different CV applications.