Detect and Mitigate Attacks in Platooning

Introduction

Vehicles moving in a platoon maintain a consistent distance from the preceding vehicle using acceleration, velocity, and position information from the vehicle in front as well as the platoon leader. The controller, discussed in the Design Controller for Vehicle Platooning (Simulink Control Design) example, minimizes the velocity error between the ego and lead vehicles as well as the spacing error between the ego and front vehicles. Using V2V communication, the controller receives the precise information over a wireless network. For more information, see the Truck Platooning Using Vehicle-to-Vehicle Communication (Automated Driving Toolbox) example.

Malicious agents can attack and modify the transmitted information. This leads to undesired behavior that can range from collisions, isolating certain vehicles by increasing the spacing, and affecting the string stability of the platoon. This example shows how to detect and mitigate such attacks. Each vehicle in the platoon switches to adaptive cruise control using the position and velocity information from the sensors.

Open the Simulink® project.

attackDetectionProject = openProject("Platooning");
open_system("AttackDetectionInPlatooning.slx");

Modify Platoon Leader Velocity

In the AttackDetectionInPlatooning model, the attack intercepts and modifies the transmitted message from the platoon leader at t = 15 s. The attack adds an oscillatory signal to the velocity received by Follower1 and Follower2 vehicles.

To enable the attack and simulate the model, use the project shortcut Simulate Attack On Platoon Lead Vehicle. Alternatively, you can set these flags and run the model.

enableAttack = 1;
enableAttackDetection = 0;

To view the velocity and spacing plots, use the Visualization subsystem in the model.

The received velocity introduces oscillations in the spacing of the platoon and results in violation of the spacing metrics within 10 seconds of the attack.

Attack Detection

The acceleration, velocity, and position information received by the ego vehicle are the measured inputs and outputs of the lead (or front) vehicle model. Modifying these transmitted signals is similar to injecting unknown and unmeasured disturbances to the system. To detect these disturbances, you can use a Kalman filter to compute the residual, which is the difference between the observed and predicted value. A nonzero residual indicates the presence of an attack.

The model uses a Kalman Filter block to estimate the states based on the observed values of acceleration (input) and position or velocity (output). To represent the longitudinal dynamics of a vehicle, the block uses these linear models.

open_system("AttackDetectionInPlatooning/Follower1/Detect Attack on Leader Vehicle");

Selecting Threshold

The model averages the residuals based on a time window of 1 s. To check amplitude of the residuals, you can use multiple simulations in nominal conditions (without attacks). Typically, these values are nonzero due to model uncertainties and noise. Therefore, you must specify a threshold for attack detection to prevent false positives.

To simulate the model in nominal conditions, use the project shortcut Simulate Nominal Conditions with Attack Detection. Alternatively, execute these commands and simulate the model.

enableAttack = 0;
enableAttackDetection = 1;

To view the residual plots, use the Visualization subsystem in the model.

Based on the residual plot, choose the thresholds as 0.1 for detecting attacks on the lead vehicle. To allow the transients to settle and the Kalman filter predicted output to converge to the measured values, the model enables attack detection after 5 seconds.

Attack Mitigation

The presence of an attack indicates that the platooning controller can not rely on the information received from the vehicle-to-vehicle communication. In such a scenario, the ego vehicle exits platooning mode and uses the Adaptive Cruise Control System (Model Predictive Control Toolbox) block from Model Predictive Control Toolbox™ software to track a constant velocity of 10 m/s. The sensors on each vehicle obtain the relative distance and velocity and maintain a safe distance from the vehicle in front.

In the Simulink® model, the sensor information is modeled using the Actor Info output. The follower vehicles include Attack Detection (red) and Adaptive Cruise Control (light blue) subsystems, which allow the followers to switch controllers to generate the longitudinal acceleration.

This diagram shows the subsystems for Follower1.

open_system("AttackDetectionInPlatooning/Follower1");

To simulate the model with both the attack and attack detection enabled, use the project shortcut Detect and Mitigate Attack in Platoon. Alternatively, execute these commands and run the model.

enableAttack = 1;
enableAttackDetection = 1;

To view the residual, velocity, and spacing plots, use the Visualization subsystem in the model.

The results show the spacing and velocities of Follower1 and Follower2, after an attack occurs at t = 15 s. The model detects the attack within 1 second, and switches the ego car into adaptive cruise control mode. You can then see the velocities of the followers 1 and 2 converging to the set velocity of 10 m/s in the Adaptive Cruise Control System block. This avoids collisions at the expense of maintaining a greater spacing and slower convergence of the velocities.

Close the project.

close(attackDetectionProject);