Vehicle-to-vehicle communication enables autonomous platoons to boost traffic efficiency and safety, while ensuring string stability with a constant spacing policy. However, communication-based controllers are susceptible to a range of cyber-attacks. In this paper, we propose a distributed attack mitigation defense framework with a dual-mode control system reconfiguration scheme to prevent a compromised platoon member from causing collisions via message falsification attacks. In particular, we model it as a switched system consisting of a communication-based cooperative controller and a sensor-based local controller and derive conditions to achieve global uniform exponential stability (GUES) as well as string stability in the sense of platoon operation. The switching decision comes from game-theoretic analysis of the attacker and the defender's interactions. In this framework, the attacker acts as a leader that chooses whether to engage in malicious activities and the defender decides which control system to deploy with the help of an anomaly detector. Imperfect detection reports associate the game with imperfect information. A dedicated state constraint further enhances safety against bounded but aggressive message modifications in which a bounded solution may still violate practical constraint e.g. vehicles nearly crashing. Our formulation uniquely combines switched systems with security games to strategically improve the safety of such autonomous vehicle systems.
翻译:车辆对车辆的通信使自治排能够提高交通效率和安全,同时确保固定间隔政策的稳定,但基于通信的控制员容易受到一系列网络攻击;在本文件中,我们提议一个分布式的减少攻击防御框架,配有双模式控制系统重组计划,以防止受损的排员通过伪造信息攻击造成碰撞;特别是,我们把它建为由基于通信的合作控制员和基于传感器的地方控制员组成的交换式系统,并为实现全球统一指数稳定以及排运作意义上的断线稳定创造条件;转换决定来自对攻击者以及防御者互动的游戏理论分析;在这个框架内,攻击者作为领导人选择是否从事恶意活动,而防御者则决定是否在异常探测器的帮助下部署何种控制系统;不起作用的检测报告将游戏与不完善的信息联系起来。一个专门的国家制约因素进一步强化了安全性,使受约束但具有攻击性的信息修改在排业务上仍然可能违反实际限制,例如,车辆几乎坠毁。