In this section, we will describe the architecture of the proposed cyberattack detection system. Performance analysis using real data will be presented in the following sections.
Compared to a standard FMCW radar system, the main difference of the proposed system is the random signature generator software block, which generates a random sequence of 1’s and 0’s. The ramp generator outputs a positive slope ramp for 1’s, and a negative slope ramp for 0’s. In other words, for each chirp, either a positive or a negative frequency slope is selected on a random basis. Note that, we are using a standard FMCW radar RF subsystem and hardware, and we have one extra software block for generating random signatures to control the ramp generator, and another extra software block for cyberattack detection DSP algorithm. In the proposed system, the AV sensor software block has a slightly modified DSP algorithm to suppress the effects of “weak” undetected attack signals, and detailed analysis of this will be presented in the following sections.
Mathematical Notation
In this section, we will summarize the mathematical notation used to describe the proposed system. As shown in
Figure 4, the AV radar outputs a chirp signal in every
seconds. However, the slope of the chirp is based on the randomly generated signature, and can be either positive or negative. Positive slope chirps are shown in blue color, have increasing instantaneous frequency, and are marked with a 1 on the top. Negative slope chirps are shown in red color, have decreasing instantaneous frequency, and are marked with a 0 on the top. These non-overlapping chirp windows are denoted as
, and we have a total of
M chirps followed by a blank period of
seconds. This time window of
seconds is called a measurement cycle, or frame duration, and the corresponding received data is called the frame data. Basically, the AV Sensor (Radar DSP) block shown in
Figure 3, outputs an estimate about the environment in every
seconds. This estimate usually consists of a set of identified targets (or reflectors), their distance and velocity values. In most radar applications, this is done by using the 2D FFT of the frame data, and some additional post-processing.
We now introduce some relevant notation for random signatures. Let
be the set
. The set of all functions from
to
will be denoted by
. Basically, a random signature is a function in
with some extra conditions. More precisely, a
is a random signature iff it is equal to 1 for
values in
, and is equal to 0 for the remaining
values in
. In other words, a
is as a random signature iff
. The set of all possible random signatures will be
The reason behind this
value is the inequality
in other words, the
which appears in the definition of
results in the largest set of random signatures, equivalently the largest size for the set
.
Basically, for each frame a randomly selected element of
will be used as the random signature
. The slope of each chirp in a frame is determined by the value of
at the chirp index. In other words, if
, then the
chirp in the time window
will have positive slope, that is, increasing instantaneous frequency. However, if
, then the corresponding
chirp in the time window
will have negative slope, that is, decreasing instantaneous frequency. (See
Figure 4).
The set
is indeed a very large set, because the cardinality of
is
, and
where we used the inequality
. For
, we have at least
random signatures in
. If the AV radar is used continuously for 100 years with 25 frames/s, we will use only
frames, which is less than
times the total number of random signatures in
.
In our proposed design, the AV radar is operated according to the following procedure:
In every measurement cycle, a random signature is selected randomly.
Throughout the measurement cycle, there will be total M chirps with index .
If , the ramp generator outputs a positive slope ramp resulting in an up-chirp. Otherwise, the ramp generator outputs a negative slope ramp resulting in a down-chirp.
In
Figure 4, a sample AV radar frame is shown. There are
chirp windows, and half of them,
, are up-chirps (shown in blue color), and the remaining ones are down-chirps (shown in red color). For each measurement cycle, we re-select a
. Note that, there are blank periods between successive chirps, which can be used for VCO relaxation. There are also blank periods between successive frames, that is,
, which can be used for on-chip signal processing of the frame data.
The signal observed at the input of ADCs, is denoted by
, where
is the chirp index, and
is the sample index. Our mathematical model is
where
is the received signal when there is no system noise and no attack. The term
is the effective noise term which represents system noise in a mathematically equivalent formulation. Although several subsystems of an AV radar can generate different levels of noise, eventually their combined effect will appear as an added term,
, at the output of the ADC block (See
Figure 3). The term
is the effective attack signal. Although one can consider so many different attack scenarios, eventually all attack signals will appear as an added,
, at the output of the ADC. This mathematical formulation allows us to study the effects of noise level, and cyberattack signal power level separately.
The motivation behind the proposed approach can be explained as follows: The AV radar system knows the random signature , but does not know ’s. On the other hand, the attacking agent may have full information about the AV radar system architecture, may even know chirp start/end times, but we assume that it does not know the random signature. Because of the rapid switching pattern of the AV radar, we assume that the attacking agent cannot determine the value of while we are in the interval . This is a very realistic assumption, because for the Texas Instruments radar used in this work, the transmitter is active for only during every chirp, and for each chirp the slope is re-selected on a random basis. Identifying the nature of the received RF waveform, finding the slope of the chirp, and generating an intelligent counter attack signal in such a short period of time requires noticeable effort and resources. Basically, by the time that the attacking agent determines the slope, that chirp cycle will be over, and the next chirp cycle will begin with a new random slope.
Our cyberattack Detection DSP algorithm is presented in Algorithm 1. The main motivation behind this specific detector design is the following: For up-chirps, the complex beat signal will have only positive frequency components in its FFT decomposition, whereas for down-chirps, we will have only negative frequency components. In reality, because of system noise, we will always observe both negative and positive frequency components. However, for up-chirps, the average power at negative frequencies should be small, and for down-chirps, the average power at negative frequencies of the reversed signal should be small. By comparing this with the average power of system noise, we can design a detector. Of course, the threshold selection, and associated false alarm rates are important design parameters. These will be discussed in the following sections using real data.
In Line 3 of the Algorithm 1, we have
, which is a vector expression and should be interpreted as subtracting the constant
from each component of
simultaneously. In Line 4,
is value of the random signature function at
k, and
means positive ramp, and 0 means negative ramp is used for the
chirp. The
means reversal in time domain, that is,
For up-chirps, we compute the average power at negative frequencies, and for down-chirps we first do time reversal and then compute the average power at negative frequencies. For a given one dimensional signal
defined for
, the
is defined as
and the average power at negative frequencies is defined as
Maximum of these average power values, P, are compared with , where is the average power of the system noise. Basically, a P value below does not trigger an alarm, however larger P values will be considered as suspicious, and the cyberattack alarm will be triggered.
Our AV sensor Radar DSP algorithm is presented in Algorithm 2. It is similar to a standard 2D FFT based range-velocity heatmap generation algorithm. As in the Detector DSP code, we start with DC offset removal, and then do time reversal for down-chirps. Then we define the complex matrix
I, compute its 2D FFT, then do
, followed by element-wise absolute value. The 2D FFT of
I is denoted by
, and is equal to
The
which appears in Line 6 of Algorithm 2 is defined as
provided that
are square matrices of same dimensions. Similary, the absolute value of a matrix is defined as the element-wise absolute value, namely for a given
matrix
A,
is defined as
In Line 8 of Algorithm 2, the notation
means the
zero matrix.
Algorithm 1: Detector (a.k.a. Detection DSP) |
|
Algorithm 2: AV Sensor (a.k.a. Radar DSP) |
|