1. Introduction
With the rapid increase in the number of road vehicles, the problems of traffic congestion, exhaust emissions and safety are becoming more and more serious in big cities and/or urban areas [
1,
2]. Intelligent transportation systems (ITS) technology is one of the potential solutions to lessen these problems [
3,
4,
5,
6]. Benefiting from the development of the wireless communication technology, the intelligent connected vehicle system is one of such ITS that can potentially reduce the risk of accidents and increase traffic throughput by resorting the Internet of Vehicles (IoV), e.g., vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), vehicle-to-road (V2R) communication, etc. However, due to the open nature of wireless communication and the high-mobility of moving vehicles, the IoV communication networks are vulnerable to packet dropping, communication time-delay and malicious cyber-attack [
7]. Especially, the malicious cyber-attack, e.g., false data injection attack, will cause mistakes in the decision makers of ITS that may lead to serious traffic accidents [
7]. Hence, it is necessary to realize the secure estimation of vehicle motion states in the remote monitoring platform of intelligent connected vehicle systems.
The intelligent connected vehicle system contains many on-board sensors, controllers, actuators and other units, and integrates modern wireless communication and network technologies. It can realize intelligent information exchange between moving vehicles and X (i.e., cars, roads, people, clouds, etc.) and can real-time sense the complex surroundings. Based on IoV and intelligent sensing, the intelligent connected vehicle system makes intelligent decisions in real time to help drivers to achieve collaborative control of a group of connected vehicles, and ultimately achieve automated intelligent driving with safety, efficiency, ride comfort and energy-saving [
5,
6,
7,
8]. However, there are some inherent weakness in wireless IoV, such as communication delays and packet dropping. Moreover, because of the openness of wireless networks, there may be artificial attacks in intelligent connected vehicle systems [
9,
10,
11,
12,
13]. In the past decades, many efforts have been directed at the study of the issues of wireless networked control of connected vehicle systems and rich control methods to compensate network defects such as packet dropping and communication delay have been proposed. For example, Ploeg et al. [
14] and [
15] proposed the
Lp norm-based string stabilizing control method and discussed the string stability of cooperative adaptive cruise control (CACC) systems in unreliable communication networks. Ploeg et al. [
16] considered the communication delay problem of IoV and achieved the stability of the intelligent connected vehicle systems using CACC approaches [
12,
13]. Moreover, when communication delay and packet loss occur simultaneously, the CACC system of connected vehicles will actively degrade to the traditional adaptive cruise control (ACC) system [
5] while ensuring string stability that is better than the one of the ACC system [
17].
In recent years, the cyber-security issue has increasingly gained attention in the automotive and academic communities due to widely used wireless communication networks of IoV and very dangerous results caused by cyber-attacks. For example, in July 2015, the "white hat hackers" Miller and Wallacek demonstrated how to "hijack" remote command methods by invading Chrysler Uconnect vehicle systems when driving, and eventually caused a "roll over" [
8]. This remote cyber-attack event has made many scholars investigate the cyber-security problem in the field of intelligent connected vehicle system with various embedded CACC systems. For instance, Biron et al. [
18] proposed a sliding mode observer algorithm for detecting the occurrence of denial of service (DOS) attacks in the networks and estimating the magnitude of the delay. Amoonzadeh et al. [
19] studied the effects of the tampered sensors, which seriously affects the string stability of connected vehicle platooning systems. Dadras et al. [
20] studied the ability of an attacker to invade a networked vehicle by remote attack and showed that attackers can remotely control the individual position and speed of networked vehicles. Liu et al. [
21] showed the serious impacts of the cyber-attack on automated platoon systems and proposed a design approach for safe platooning controllers. Following the method in [
21], the safe inter-vehicle distance is greatly shortened. Alipour-Fanid et al. [
22] conducted a comprehensive analysis of stability and safety for vehicle strings over wireless Rician fading channels under jamming attacks. They showed that fading channels degrade the performance of CACC systems through rich simulation experiments under various attacked scenarios. In addition, Li et al. [
23] summerized the influences of cyber-attacks on longitudinal safety of connected and automated vehicles via extensive simulations and sensitivity analysis.
Due to the significant threat of cyber-attacks to the safety of persons and property, in the automotive and academic communities more and more scholars have studied the safety and security problems of connected and networked vehicles under cyber-attack. For example, Massoumnia et al. [
24] and Blanke et al. [
25] proposed the residual test method to detect the false data injection attack for networked systems including connected and networked vehicles. Since each measured value has a residual signal, the measured value is considered to be attacked if the residual value is greater than a given threshold. However, if an attacker sets the special data so that the residual is still less than the threshold, this method cannot be applied well. Another method to again cyber-attack is to use the idea of robust control. It can achieve stability of uncertain systems when the system is destroyed by some unknown disturbances. However, in this method perturbations are assumed to be bounded by some ranges [
26]. For instance, Schenato et al. [
27] considered the disturbance as a certain random process if the wireless channel is interfered and analyzed the control and estimation problems of networked control systems. Lately, Lu and Yang [
28] designed a Luenberger-like observer and used a new projection operator method to reconstruct the states from a series of continuous measurements of cyber-physical systems. Wu et al. [
29] proposed a sliding mode observer for estimating the system states from the measurement data of contaminated sensors. Fawzi et al. [
30] and Hwan et al. [
31] assumed that the attacked states satisfied sparseness and then proposed the use of
L1 norm optimization to reconstruct the states of cyber-physical systems including connected vehicle systems.
Aiming at the problem of secure state estimation of intelligent connected vehicle systems under the attack of false data injection in the wireless monitoring networks, this paper proposes a secure state estimation method to reconstruct the motion states of the connected and networked vehicles equipped with CACC systems. The main idea of the method is to use the principle of compressed sensing based on the notion of sparseness. By adopting Proportion-Differentiation (PD) controllers, e.g., [
12,
13], the set of CACC models is used to represent the longitudinal dynamics of the intelligent connected vehicle systems. Due to adversarial attack to the intelligent connected vehicle system, the number of attacked sensors is assumed to be less than the half of the total sensors. Then the attacked vector can be regarded as a sparse vector and transformed into an
L1 norm optimization problem for secure state reconstruction. Finally, the simulation experiments verify that the proposed method can effectively reconstruct the motion states of vehicles for remote monitoring of the intelligent connected vehicle system.
The remaining of this paper is organized as follows: In
Section 2, the set of CACC models and false data injection attack models are formulated. In
Section 3, we present the secure state estimation approach and verify the applicability of the approach. Then we demonstrate the proposed approach through some classical simulations in
Section 4. Finally, we conclude the paper in
Section 5.
3. Secure State Estimation
In order to reconstruct the initial states of the vehicle CACC system (11), let we first consider the principle of compressive sensing [
32]:
where
b ∈
Rm is the measurements,
P ∈
Rm×n is a sensing matrix and ‖
x‖0 denotes the number of nonzero elements for the vector
x. If the sparse vector
x meets ‖
x‖0 =
q ≤
m/2 and all subsets of 2
q columns of
P are full rank, then the solution to (14) is unique [
32].
To reconstruct the states attacked through the above compression sensing method, we integrates the attacked CACC system of the connected vehicles described by (11)–(13) as:
where the diagonal matrix Γ corresponds with the data package which is under attacking.
To solve the problem of reconstructing the state at the initial time using the compressive sensing method, now we consider the set of output measured values
y(
k),
k = 0, …,
M − 1, which are destroyed at successive
M times. From the model (15), we stacked the
M output measurements as:
where the coefficient matrices are:
Moving the term
Ŷ to the left of equation (16), we have:
where
.
In order to resolve the problem of the state estimation, we should determine the value of
M. From the results in [
30,
31], the value of
M is equal to the number of states if the attacked states are fixed; but if the attacked states are varying,
M may be greater than the number of states in some cases. Through the simulation experiments (see later), under the condition of varying attacked states, the states also can be reconstructed successfully if
M is equal to the number of the states. As a result, we can estimate the error vector
E firstly and next we reconstruct the initial state
x(0) through the estimated value of
E.
In order to achieve the purpose of estimating
E, we use the orthogonal decomposition to the matrix
Φ ∈
RpM×3n, where
p,
M and
n represents the number of the sensors, measurements and vehicles of the CACC system, respectively. Consider the orthogonal decomposition of
Φ as:
where [
Q1 Q2] is an orthogonal matrix with
Q1 ∈
RpM×3n and
Q2 ∈
R pM×(pM−3n) and
R1 ∈
R3n×3n is an upper triangular matrix with full rank.
Substituting Equation (18) into Equation (17), we can obtain that:
Because the matrix [
Q1 Q2] is the orthogonal matrix. Multiplying the matrix [
Q1 Q2]
T on both sides of (19), it is obtained that:
Simplifying (20), it is derived that:
Since the number of attacked states is less than p/2, where p represents the number of the delivered states at each moment, the solution to Equation (22) is unique from the principle of compressive sensing in Equation (14). Because the intelligent connected vehicle system consists of n vehicles with together the leader vehicle and every vehicle has three state variables, then the number of the attacked states are up to at each time instant.
Now we use the compressive sensing method to estimate the attack vector
E by solving the following optimization problem:
Note that the solution of Equation (23) involves the
L0 norm but the
L0 norm optimization is an NP hard problem. As a result, the computational burden of solving Equation (23) is too heavy to efficiently solve the problem. To this end, we can transform the
L0 norm optimization to
L1 norm optimization as the
L1 norm is the optimal convex approximation of the
L0 norm:
We can obtain the estimation
Ê by computing Equation (24). Clearly, this approximation greatly reduces the computing burden of solving the estimation of the attack vector
E. Moreover, substituting
Ê into (21) and simplifying the equation, we derive the initial state
x(0) by:
Then the actual motion states of each vehicle in the intelligent connected vehicle system can be evaluated real-time by iterative computing Equation (11).
It is noted that from the compressive sensing method [
30,
31], it is ensured that the solution of
Ê is unique. Because the matrix
R1 is an upper triangular matrix with full rank, the initial state
x(0) is also unique. Therefore, in the remote monitoring platform the presented secure state estimate method is used to real-time obtain the actual motion states of each vehicle in the intelligent connected vehicle system even under cyber-attack of false data injection.
4. Simulation Results
In this section, we show the validity of the presented secure state estimate method of the intelligent connected vehicle system. The simulation scene here considers a group of four heterogeneous vehicles running in a single lane, where all vehicles are equipped with the PD-type CACC controllers. Moreover, the vehicle CACC system is stable and string stable. There is the remote monitoring layer which monitors the vehicular motion states through wireless IoV communication (see
Figure 1). The wireless channels may be maliciously attacked by the false data injection from cyber attackers. Using the presented secure state estimate method to recover the corrupted received data, the remote monitoring platform can achieve normal operation.
In this simulation study, the vehicles’ parameters are selected as
Li = 4 m for
i = 0, 1, 2, 3,
τ0 = 0.20 s,
τ1 = 0.25 s,
τ2 = 0.20 s,
τ3 = 0.25 s and
δd = 2 m. Note that the subscript “0” represents the leading vehicle and the others represent the following vehicles. For the wireless channels which link the vehicles to the remote monitoring layer, the observation matrix
C is chosen as a nine-order identity. Moreover, the PD-type CACC controllers are calculated by the method in [
12] and the controllers’ gains are selected as
K1 = [0.2284, 0.7740, 0.1961],
K2 = [0.2181, 0.7456, 0.1466] and
K3 = [0.2360, 0.8084, 0.2280]. In addition, the simulation scenario is initialized such the case that the leading vehicle is running at the position of 40 m with the velocity of 20 m/s. Because the leading vehicle is running with the constant velocity, the motion state-space model of the leading vehicle is given as:
where
z0,
v0 and
a0 represents the absolute position, velocity and acceleration of the leading vehicle. The matrix
G in (11) is calculated through the leading vehicle’s states. At the initial time instant, the three following vehicles stop at the position of 25 m, 10 m and 0 m, and the velocity and acceleration are zero, that is,
x(0) = [25, 0, 0, 10, 0, 0, 0, 0, 0]
T. Because the number of the states of the vehicle CACC system is 9, then the number of measurements of the system is selected at least as
M = 9.
In the simulation experiment, it is assumed that attackers want to maliciously interfere with the normal operation of the remote monitoring platform of the intelligent connected vehicle system. Hence, they randomly attack the data packets in the remote monitoring networks. In this scene, it is assumed that the second following-vehicle is under attacking. The data delivered to the monitoring platform is injected by the false data from malicious attackers, which is shown in
Figure 2. Note that this attack is launched randomly to the three states of this vehicle in this study. It is observed from
Figure 2 that the three states of this vehicle are attacked and the other vehicles’ states are not attacked. In
Figure 2, the red dashed and dot-dashed lines represent the real and the attacked states of the following vehicles, respectively. Then we use the presented secure state estimate method to estimate the real states of the vehicle platoon. The secure state estimate results are shown in
Figure 3,
Figure 4 and
Figure 5.
In order to clearly analyze the results on secure state estimation of the vehicle CACC system, we use the spacing, relative velocity and acceleration profiles of the adjacent two vehicles to replace the absolute position, velocity and acceleration profiles. Hence, the subplots (a) of
Figure 3,
Figure 4 and
Figure 5 represent the 1st two-car’s inter-vehicle distance, relative velocity and relative acceleration profiles, respectively, and subplots (b) and (c) represent the 2nd two-cars’ and the 3rd two-cars’, respectively. Note that the second following-vehicle is under attacking and the ranges of attack are as shown in
Figure 2. As the CACC system (11) used in the remote monitoring platform is dependent on the inter-vehicle distance, relative velocity and acceleration between adjacent vehicles, the monitoring motion states of the third following-vehicle are also negatively, indirectly affected by the attack launched to the second following-vehicle. Hence, in
Figure 3,
Figure 4 and
Figure 5, the 2nd and 3rd two-cars’ green dot-dashed lines are different from the 1st two-cars’, which represent the values after attacking.
It is observed from
Figure 3,
Figure 4 and
Figure 5 that the red dashed lines and the blue dotted lines almost coincide, where the two sets of lines represent the real states and the estimated motion states of the vehicle CACC system, respectively. The estimated motion states of the vehicle CACC system are calculated from the attacked states by applying the proposed secure state estimation method. In other words, the motion states of the vehicle CACC system are estimated successfully in the context that the states of the second following-vehicle are under attacking randomly. Note that the attack launched here is hidden in the sense that it is intermittent to inject false data to the states of the second following-vehicle and the number of the attacked states is limited and may change over the time. Hence, the simulation results illustrate the effectiveness of the proposed secure state estimation method for remote monitoring of intelligent connected vehicle systems under the false data injection attack. The proposed estimation method increases the resilient ability of the remote monitoring platform of connected vehicles against to cyber-attack.