Detection and Isolation of False Data Injection Attack in Intelligent Transportation System via Robust State Observer

Abstract

As the future of transportation systems, the intelligent transportation system is a promising technology to improve the increasingly serious traffic problems. However, the integration of cyber-physical systems makes them vulnerable to new cyber–physical attacks. To ensure the security of intelligent transportation systems, a novel robust state observer-based detection and isolation method against false data injection attacks is developed. Based on the constructed dynamic model of intelligent vehicle networking, the covert characteristic of a false data injection attack is analyzed. Then, a novel state residuals-based detection criterion is developed by using a real-time observed state. To shorten the detection time, an adaptive detection threshold is designed to replace the existing computed threshold. In addition, robust state observer banks are established to isolate multiple injected attacks. Finally, simulation results on the vehicle networking system demonstrate the effectiveness of the developed detection and isolation method against false data injection attacks.

1. Introduction

With the rapid development of artificial intelligence technology, the intelligent transportation system, as a typical cyber–physical system, has gradually improved the current traffic situation and realized the intellectualization of vehicle networking systems [1,2]. As an important part of the intelligent transportation system, the intelligent vehicle networking system realizes the communication between vehicles, between vehicles and people, and between vehicles and roads [3]. However, the emerging characteristics of intelligent vehicle networking systems, such as intelligence and openness, cause them to be vulnerable to new cyber–physical attacks [4,5]. For example, in July 2015, white hat hackers simulated a malicious information attack, which can control the remote driving of an intelligent vehicle networking system [6]. Therefore, novel detection and isolation mechanisms against cyber–physical attacks are of great significance to the security of intelligent transportation systems.

Up to now, the cyber–physical security problem of the intelligent transportation system has become a hot issue in academic and industrial circles. From different research angles, lots of attack-detection works were carried out by scholars. In [7], Xiao et al. established a logical packet, by which the injected denial-of-service (Dos) attacks can be detected. Based on the established characteristics of an attack, a long short-term memory (LSTM) neural-network-based detection method is proposed to ensure the security of an intelligent vehicle networking system [8]. Taking four different attack schemes into account, a detection and identification attack method is developed to ensure the security of vehicular networks based on the machine learning models [9]. In [10], A. Benslimane et al. investigated the impact of Dos attacks on these basic safety messages. Based on this, a detection method was proposed through the feasibility of the existing threshold. Considering the impact of Dos jamming attacks on communication delays, a novel filter was designed to detect the injected malicious attacks [11]. By analyzing the impact of Dos jamming attacks on communication channels, a detection and estimation algorithm is developed to guarantee the safety of vehicle networking systems [12]. By observing the physical impact of Dos jamming attacks, a graph theory method is introduced into attack detection based on a decision tree [13]. A novel deep learning-based intrusion detection method against Dos attack is developed based on the multiple neural network architecture in [14].

To sum up, lots of detection methods against Dos attacks were developed to ensure the safety of vehicle networking systems. Different from the above Dos attacks, the emerging false data injection (FDI) attacks are more deceptive [15,16,17]. By tampering with the transmitted data, the FDI attacks can spoof the common detection method. For this reason, the detection of FDI attacks brings great challenges to the security mechanism of intelligent vehicle networking systems.

To respond to the FDI attacks timely, scholars have carried out some research on the security of vehicle networking systems under FDI attacks [16,17,18,19,20]. In [16], L. Guo et al. investigated the covert characteristics of FDI attacks and gave the optimal attack strategies with respect to the cyber–physical system of intelligent vehicle networking. In addition, the FDI attack was modeled as an additive attack that affects the vehicle platoon, and a new assessment method was developed [17]. To detect and identify the FDI attacks, a machine learning-based detection method is proposed in [18]. In [19], a fuzzy theory and deep learning-based detection are developed by considering the impact of FDI attacks on the load frequency control system. Taking the covert characteristics of FDI attacks into account, a partial differential equation model-based detection method was developed [20]. The above artificial intelligence-based detection method in [18,19] can effectively detect the FDI attacks but need to depend on the training of historical data in the vehicle networking system. Although the model-based detection work in [20] can reduce the complexity of attack detection, the computation of the precomputed threshold limits the detection performance of FDI attacks. It is shown that model-based detection works rely on the accuracy of the model in [21]. For this reason, the attack-detection task is extremely challenging to accomplish in large-scale urban traffic networks due to phenomena such as scattering and hysteresis that increase the uncertainty of the Macroscopic Fundamental Diagram (MFD) [22]. In addition, the above detection methods do not further consider the detection and isolation of multiple FDI attacks.

Motivated by the above problems, this paper develops a robust state observer-based detection and isolation method against FDI attacks in intelligent vehicle networking systems. Through the constructed physical dynamics model of the vehicle networking system, robust state observers are designed to obtain the state change under FDI attack. Then, a state residual-based detection criterion is developed. To shorten the time of attack detection, an adaptive detection threshold is designed to replace the precomputed threshold. In addition, robust state observer banks are developed to isolate the injected FDI attacks in the intelligent vehicle networking system. The main contributions of this work are summarized as follows.

(1)

Taking the deception characteristics of the attack on the Chi-square estimator into account, a robust state observer-based is proposed to detect the FDI attacks;

(2)

Considering the limitation of the precomputed threshold on detection performance, an adaptive detection threshold is developed;

(3)

A robust state observer bank-based algorithm is developed to isolate the injected multiple FDI attacks in an intelligent vehicle networking system.

The outline of the work is organized as follows. Section 2 shows the problem formulation. The proposed robust state observer-based detection and isolation method against FDI attacks is presented in Section 3. Numerical studies are provided to verify the effectiveness of the proposed method in Section 4. Section 5 presents the conclusion and discussion.

2. Motivation

In this subsection, the physical dynamics model of the intelligent vehicle networking system and spoofing feature of FDI attacks are given, respectively. Finally, the motivation of this paper is presented.

2.1. Dynamic Model of Vehicle Networking

Consider an intelligent network-connected adaptive cruise control system, as shown in Figure 1. Each intelligent vehicle is equipped with sensors and controllers, which can measure the vehicle speed, acceleration, and vehicle distance in real-time. Through the information interaction of the communication channel, the monitoring center can send the corresponding control instructions to the intelligent vehicle. Then, the corresponding physical dynamics model of the intelligent vehicle networking system is described as follows [23]:

$$\mathsf{\Delta }h\left(t\right)=h_i\left(t\right)-h_{i+1}\left(t\right)-L-h_d$$

(1)

$$\mathsf{\Delta }v\left(t\right)=v_i\left(t\right)-v_{i+1}\left(t\right)$$

(2)

$$\mathsf{\Delta }a\left(t\right)=a_i\left(t\right)-a_{i+1}\left(t\right)$$

(3)

where $\mathsf{\Delta }h\left(t\right)$, $\mathsf{\Delta }v\left(t\right)$ and $\mathsf{\Delta }a\left(t\right)$ represent the relative distance, speed and acceleration of two adjacent intelligent network vehicles, $h_i\left(t\right)$ and $h_{i+1}\left(t\right)$ ($i=1,2,\cdots ,n$) denote the reference position of two adjacent autonomous vehicles, respectively, $L$ and $h_d$ represent the vehicle length and safety distance of two adjacent autonomous vehicles, respectively, $v_i\left(t\right)$ and $v_{i+1}\left(t\right)$ denote the speed of the $ith$ vehicle, respectively, $a_i$ and $a_{i+1}$ denote the acceleration of the $ith$ vehicle, respectively.

Based on Equations (1)–(3), the dynamic model of an intelligent vehicle networking system can be described as:

$$\left\{\begin{array}{l}\dot{x}\left(t\right)=Ax\left(t\right)+Bu\left(t\right)+\mathsf{\Theta }\left(t\right)\\ y\left(t\right)=Cx\left(t\right)\end{array}\right.$$

(4)

where $x\left(t\right)=\left[\begin{array}{ccc}\mathsf{\Delta }h\left(t\right)& \mathsf{\Delta }v\left(t\right)& \mathsf{\Delta }a\left(t\right)\end{array}\right]$, $A=\left[\begin{array}{ccc}0& 1& 0\\ 0& 0& 1\\ 0& 0& 1/{\zeta }_i\end{array}\right]$, $B={\left[\begin{array}{ccc}0& 0& \frac{1}{{\zeta }_i}\end{array}\right]}^T$, $u$ denotes the control input, $\mathsf{\Theta }\left(t\right)$ denotes the model error and perturbations, which is norm bounded, $C$ denotes the measurement matrix with appropriate dimension, ${\zeta }_i$ is the vehicle interior actuator parameters.

Remark 1:

Motivated by the works in [21,22], we considered the model error and perturbations in the above-constructed physical dynamic model of an intelligent vehicle networking system. Through the consideration of model error and perturbations, the influence of the uncertainty on model-based detection methods shall be reduced as much as possible.

2.2. Spoofing Feature of FDI Attacks

As shown in Figure 1, hackers can cheat the monitoring center by tampering with the data of the communication channel. For this reason, FDI attacks can not only cover up the tampering of physical dynamics but also fool the existing Chi-square detector-based detection methods. In an intelligent network-connected adaptive cruise control system, the Chi-square detector is the common detection method, which is described as [24]:

$$\left\{\begin{array}{l}\Vert r\left(t\right)\Vert =\Vert z\left(t\right)-Cx\left(t\right)\Vert <\tau ,normal\\ \Vert r\left(t\right)\Vert =\Vert z\left(t\right)-Cx\left(t\right)\Vert \ge \tau ,attack\end{array}\right.$$

(5)

where $r$ and $z$ denote the measurement residual and output estimation, respectively, $\tau$ is detection threshold, which is determined by system disturbance.

To bypass the above detection method, the attacker can design a bank of false data vectors as [15,25]:

$$f\left(t\right)=C\kappa$$

(6)

where $\kappa$ denotes the residual change caused by FDI attacks. Based on Equations (5) and (6), one can obtain

$$\begin{array}{l}\Vert r_a\left(t\right)\Vert =\Vert z\left(t\right)+f\left(t\right)-C\left(\tilde{x}\left(t\right)+\kappa \right)\Vert \\ \hspace{1em}{{}_{}^{}}_{}^{}{{}_{}^{}}_{}^{}{}_{}^{}=\Vert z\left(t\right)-Cx\left(t\right)\Vert \\ \hspace{1em}{{}_{}^{}}_{}^{}{{}_{}^{}}_{}^{}{}_{}^{}=\Vert r\left(t\right)\Vert <\tau \end{array}$$

(7)

Equation (7) indicates that attackers can inject the above FDI attacks without triggering the detection mechanism in the vehicle networking system. For this reason, developing a detection and isolation method against FDI attacks is crucial to ensure the security of the vehicle networking system.

2.3. Problem Formulation

Under FDI attacks, the dynamic model of an intelligent vehicle networking system is described as:

$$\left\{\begin{array}{l}\dot{x}\left(t\right)=Ax\left(t\right)+Bu\left(t\right)+\mathsf{\Theta }\left(t\right)\\ y\left(t\right)=Cx\left(t\right)+Ff\left(t\right)\end{array}\right.$$

(8)

where $F$ and $f$ are attack selected matrix with appropriate dimension and attack vector, respectively. In order to realize the rapid destruction of the attack on the intelligent networked vehicle system, the following assumption is given.

Assumption 1:

In the process of attack injection and detection, it is assumed that there is no delay in the data transmission of the system [20].

Under Assumption 1, the goal of this paper is to develop a novel detection and isolation mechanism to ensure the security of the intelligent vehicle networking system in the next section.

3. Robust State Observer-Based Detection and Isolation Method against FDI Attacks

In this subsection, a novel safety mechanism is proposed to detect and isolate FDI attacks in intelligent vehicle networking systems. Taking the spoofing feature of FDI attacks into account, a robust state observer-based detection is developed. To improve the performance of FDI attacks, an adaptive detection threshold is designed. Furthermore, a bank of robust state observers is established to isolate the injected multiple FDI attacks.

3.1. Detection Method Based on Robust State Observer

Taking the spoofing feature of FDI attacks into account, the robust state observer is designed to observe the physical dynamics of the intelligent vehicle as follows:

$$\left\{\begin{array}{l}\dot{\hat{x}}\left(t\right)=A\hat{x}\left(t\right)+Bu\left(t\right)+K\left[y\left(t\right)-\hat{y}\left(t\right)\right]\\ \hat{y}\left(t\right)=C\hat{x}\left(t\right)\end{array}\right.$$

(9)

where $\hat{x}$ and $\hat{y}$ denote the observation value of state and output, respectively, $K$ is observer gain with appropriate dimension.

From Equations (4) and (9), one can obtain the error of state and output as:

$$\left\{\begin{array}{l}{e}_1\left(t\right)=x\left(t\right)-\hat{x}\left(t\right)\\ e_2\left(t\right)=y\left(t\right)-\hat{y}\left(t\right)\end{array}\right.$$

(10)

From Equation (10), one can obtain

$${\dot{e}}_1\left(t\right)=\left(A-KC\right)e_1\left(t\right)+\mathsf{\Theta }\left(t\right)$$

(11)

In order to ensure the stability of state estimation error under the designed robust state observer, the following theorem is given.

Theorem 1.

For a given scalar, if there exist positive definite symmetric matrices $Q$ and $H$, and the equation in (12) is satisfied, the designed robust state observer makes the state estimation error stable, and satisfies$‖e_2\left(t\right)‖\le \sigma ‖\mathsf{\Theta }\left(t\right)‖$

$$\left[\begin{array}{ccc}HA+A^{T}H-QC-C^T{Q}^T& H& C^T\\ \ast & -\sigma I& 0\\ \ast & \ast & -\sigma I\end{array}\right]<0.$$

(12)

where$\ast$denotes the match matrix.

Proof of Theorem 1.

Defining a Lyapunov as:

$$V\left(t\right)=e_1^T\left(t\right)H{e}_1\left(t\right).$$

(13)

Taking the derivative of Equation (13) into account, one can obtain

$$\begin{array}{ll}\dot{V}\left(t\right)& ={\dot{e}}_1^T\left(t\right)H{e}_1\left(t\right)+e_1^T\left(t\right)H{\dot{e}}_1^T\left(t\right)\\ & =e_1^T\left(t\right)\left[H\left(A-KC\right)+{\left(A-KC\right)}^{T}H\right]e_1\left(t\right)+2e_1^T\left(t\right)H\mathsf{\Theta }\left(t\right)\end{array}$$

(14)

Defining

$$\mathsf{{\rm Y}}={\displaystyle \underset{0}{\overset{T}{\int }}\left[\frac{1}{\sigma }{e}_2^T\left(t\right)e_2\left(t\right)-\sigma {\mathsf{\Theta }}^T\left(t\right)\mathsf{\Theta }\left(t\right)\right]}d\left(t\right)$$

(15)

Under zero initial conditions, one can obtain

$$\begin{array}{l}\mathsf{{\rm Y}}={\displaystyle \underset{0}{\overset{T}{\int }}\left[\frac{1}{\sigma }{e}_2^T\left(t\right)e_2\left(t\right)-\sigma {\mathsf{\Theta }}^T\left(t\right)\mathsf{\Theta }\left(t\right)\right]}d\left(t\right)-\left[V\left(t\right)-V\left(0\right)\right]\\ \le {\displaystyle \underset{0}{\overset{T}{\int }}\left[\frac{1}{\sigma }{e}_2^T\left(t\right)e_2\left(t\right)-\sigma {\mathsf{\Theta }}^T\left(t\right)\mathsf{\Theta }\left(t\right)+\dot{V}\left(t\right)\right]}d\left(t\right)\end{array}$$

(16)

Taking Equation (10) into Equation (16), one can obtain

$$\left\{\begin{array}{l}\mathsf{{\rm Y}}\le 0\\ ‖e_2\left(t\right)‖\le \sigma ‖\mathsf{\Theta }\left(t\right)‖\end{array}\right.$$

(17)

where

$$\left\{\begin{array}{l}\phi \left(t\right)={\left[\begin{array}{cc}{e}_1^T\left(t\right)& {\mathsf{\Theta }}^T\left(t\right)\end{array}\right]}^T\\ \mathsf{\Pi }=\left[\begin{array}{cc}HA+A^{T}H-QC-C^T{Q}^T+\frac{1}{\sigma }{C}^{T}C& H\\ \ast & -\sigma I\end{array}\right]\end{array}\right.$$

(18)

Based on the Schur complement lemma [26], one can obtain

$$\mathsf{\Pi }=\left[\begin{array}{cc}HA+A^{T}H-QC-C^T{Q}^T+\frac{1}{\sigma }{C}^{T}C& H\\ \ast & -\sigma I\end{array}\right]\le 0$$

(19)

By using Equation (19), one can obtain

$$\left\{\begin{array}{l}\mathsf{{\rm Y}}\le 0\\ ‖e_2\left(t\right)‖\le \sigma ‖\mathsf{\Theta }\left(t\right)‖\end{array}\right.$$

(20)

Equation (20) indicates that the designed robust state observer makes the state estimation error stable. □

Based on the proposed robust state observer, we can obtain real-time state changes to intelligent vehicles. Based on this, a state residuals-based detection including adaptive threshold is given in the following.

3.2. Design of Adaptive Detection Threshold

To improve the detection performance of FDI attacks, an adaptive detection is designed to replace the existing precomputed threshold as follows.

From Equations (10) and (11), one can obtain

$$\left\{\begin{array}{l}{\dot{e}}_1\left(t\right)=\left(A-KC\right)e_1\left(t\right)+\mathsf{\Theta }\left(t\right)\\ R\left(t\right)=C{e}_1\left(t\right)\end{array}\right.$$

(21)

Selecting $‖R\left(t\right)‖={\left[{\displaystyle \underset{t_1}{\overset{t_2}{\int }}{R}^T\left(t\right)R\left(t\right)d\left(t\right)}\right]}^{\frac{1}{2}},t=t_2-t_1$ as the evaluation function in [27], one can obtain

$${‖R\left(t\right)‖}_{2,t}={‖R_e\left(t\right)+R_{\mathsf{\Theta }}\left(t\right)‖}_{2,t}$$

(22)

where $R_e\left(t\right)$ and $R_{\mathsf{\Theta }}\left(t\right)$ denote the state estimation error norm and disturbance estimation norm. From Equation (22), one can obtain

$$\begin{array}{l}{‖R\left(t\right)‖}_{2,t}\le {‖R_e\left(t\right)‖}_{2,t}+{‖R_{\mathsf{\Theta }}\left(t\right)‖}_{2,t}\\ \begin{array}{cc}& \end{array}\le \sup {‖R_e\left(t\right)‖}_{2,t}+\sup {‖R_{\mathsf{\Theta }}\left(t\right)‖}_{2,t}\end{array}$$

(23)

Then, the adaptive detection threshold is chosen as:

$$\begin{array}{l}{J}_{th}=\sup {‖R_e\left(t\right)‖}_{2,t}+\sup {‖R_{\mathsf{\Theta }}\left(t\right)‖}_{2,t}\\ =\sigma \sup {‖R_{\mathsf{\Theta }}\left(t\right)‖}_{2,t}+\sup {‖R_{\mathsf{\Theta }}\left(t\right)‖}_{2,t}\\ =\left(\sigma +1\right){‖R_{\mathsf{\Theta }}\left(t\right)‖}_{2,t}\end{array}$$

(24)

Based on the developed robust state observer, one can obtain the state residual as:

$$R\left(t\right)=x\left(t\right)-\widehat{x}\left(t\right)$$

(25)

Based on Equations (25) and (26), the attack detection logic is given as:

$$\left\{\begin{array}{cc}‖R\left(t\right)‖\le J_{th}& \mathrm{Normal}\\ ‖R\left(t\right)‖>J_{th}& Attack\end{array}\right.$$

(26)

Although the attack can cheat the detection method based on output state estimation, Equation (25) indicates that the detection criterion proposed in this paper can find the impact of the attack on the state. In sum, a bank of the proposed state observer is designed based on the given Theorem 1. Then, we can obtain a bank of observation state of the relative distance, relative speed and acceleration of two adjacent autonomous vehicles. Based on the developed detection criterion in Equation (26), the injected FDI attacks can be detected. The detailed detection process can be seen in Algorithm 1.

Algorithm 1: State residuals-based detection of FDI attacks in vehicle networking system.

1. Input: Establish the vehicle networking model in Equations (1)–(3);

2. Design the corresponding robust state observer in Equation (9);

3. Compute the adaptive threshold in Equation (24) and residual in Equation (25);

4. for All the intelligent vehicles

if $‖R\left(t\right)‖\le J_{th}$ then

No FDI attacks;

else

There exists the injected FDI attacks;

end if

5. end for

6. Output: The vehicle networking system is attacked.

To isolate the injected multiple FDI attacks quickly, the robust state observer bank is constructed. It is assumed that the intelligent vehicle networking system includes n vehicle, the isolation strategy is given as follows:

Step 1: Based on the detection Algorithm 1, one can judge whether the system ($\vartheta$) is abnormal. If FDI attacks are detected, one can proceed to the next step.

Step 2: The vehicle networking system ($\vartheta$) outputs are divided into two subsets (${\vartheta }_1$ and ${\vartheta }_2$) and they are used to drive two robust state observers. By using the proposed detection Algorithm 1, one can judge whether the system (${\vartheta }_1$ and ${\vartheta }_2$) is abnormal. If FDI attacks are detected in (${\vartheta }_1$), one can proceed to the next step.

Step 3: The vehicle networking system (${\vartheta }_1$) outputs are divided into two subsets (${\vartheta }_3$ and ${\vartheta }_4$) and they are used to drive two robust state observers. By using the proposed detection Algorithm 1, one can judge whether the system (${\vartheta }_3$ and ${\vartheta }_4$) is abnormal. This process is repeated iteratively for each half of the subset until the attacked vehicle networking sensor nodes are isolated.

According to the above Step 1–Step 3, one can isolate the injected multiple FDI attacks on an intelligent vehicle networking system. Of note, if an FDI attack is detected in the first subset, then the isolation range is immediately reduced by half. Through continuous iteration of dichotomy, the proposed isolation method can accelerate the isolation of attacked vehicle networking sensor nodes. The attack isolation process can be seen in Algorithm 2.

Algorithm 2: Robust state observer bank-based isolation of FDI attacks.

1. Input: All the state residuals and adaptive detection threshold;

2. Divided vehicle networking system $\left(\vartheta \right)$ outputs into two subsets $({\vartheta }_1$ and ${\vartheta }_2$);

3. for ${\vartheta }_1$ and ${\vartheta }_2$

if $‖R_{{\vartheta }_1}\left(t\right)‖>J_{th}{}_{{\vartheta }_1}$ or $‖R_{{\vartheta }_2}\left(t\right)‖>J_{th}{}_{{\vartheta }_2}$ then

Continue 2 until the attacked vehicle networking sensor nodes are isolated;

else

No isolated FDI attacks;

end if

4. end for

5. Output: The attacked vehicles.

4. Results

In this section, simulation results of an intelligent vehicle networking system are applied to show the performance of the proposed detection and isolation method against FDI attacks. It is assumed that two vehicles are driving longitudinally on the road, and each vehicle is equipped with a cruise control system, as shown in Figure 1. The related simulation parameters are given as follows: ${\zeta }_i=0.25$, $h_d=2 \mathrm{m}$, $h_{i+1}-h_i=20 \mathrm{m}$, $v_1=40 \mathrm{k}\mathrm{m}/\mathrm{h}$. Adaptive gain of cruise for each controller is taken from [26]. Under the above parameters, two cases are considered as follows:

Case 1 is to show the detection performance of the proposed detection method by comparing the work in [28,29]. Case 2 is to demonstrate the effectiveness of the developed detection and isolation method.

4.1. Case 1 Detection of Single FDI Attack in Intelligent Vehicle Networking System

4.1.1. Effectiveness of the Proposed Detection Method

It is assumed that an intelligent vehicle networking system ($n=2$) is attacked by a hacker. Namely, the 2nd intelligent vehicle is injected with FDI attacks at t = 50 s. By using the proposed detection Algorithm 1, one can obtain the corresponding change of state residuals under FDI attacks, as shown in Figure 2.

The simulation results in Figure 2a indicate that although the injected FDI attack can cause small changes in state residuals, it can spoof the Chi-square-based detection method in [29]. However, the proposed robust state observer-based detection method depends on the impact of the attack on the internal state change of the intelligent vehicle networking system. For this reason, the injected FDI attack can be detected effectively by the developed detection Algorithm 1, as shown in Figure 2b.

4.1.2. Performance of the Proposed Detection Method

To shorten the detection time of an FDI attack, an adaptive threshold is designed. As shown in Figure 3a, one can find the detection time (t = 58.7 s) under the adaptive threshold is smaller than that (t = 65.9 s) under the precomputed threshold. In contrast to the work in [28], one can find that the developed detection method can reduce attack detection time. In addition, the detection rate analysis method under a certain attack intensity is used to evaluate the performance of the proposed detection method in [29]. The simulation analysis of Figure 3b demonstrates that the developed adaptive threshold can enhance the detection performance of FDI attacks.

4.2. Case 2 Detection and Isolation of Multiple FDI Attacks in Intelligent Vehicle Networking System

Assuming that the hacker can inject multiple FDI attacks in the 4th (t = 70 s) and 8th (t = 95 s) intelligent vehicle networking system ($n=8$), applying the proposed isolation Algorithm 2, we can obtain the corresponding state residuals change of ${\vartheta }_1$ and ${\vartheta }_2$, as shown in Figure 4.

The simulation results in Figure 4 indicate that there exist multiple FDI attacks. In other words, the injected FDI attacks are detected at t = 81.7 s in the vehicle networking system ${\vartheta }_1$ and at t = 107.5 s in the vehicle networking system ${\vartheta }_2$. Continuing to apply Algorithm 2, we can obtain the change of state residuals of the vehicle networking system ${\vartheta }_3$, ${\vartheta }_4$, ${\vartheta }_5$ and ${\vartheta }_6$, as shown in Figure 5.

As shown in Figure 5a,b, one can find that the injected FDI attacks can be isolated in the vehicle networking system ${\vartheta }_4$. Meanwhile, the change of state residuals in the vehicle networking system ${\vartheta }_3$ is subject to small fluctuations caused by ${\vartheta }_4$. The same as the problem above, we can isolate the injected FDI attacks in the vehicle networking system ${\vartheta }_6$. Then, we can use the proposed Algorithm 2 and detection Algorithm 1 to isolate the injected FDI attacks. The corresponding change of state residuals in the vehicle networking system ${\vartheta }_7$, ${\vartheta }_8$, ${\vartheta }_9$ and ${\vartheta }_{10}$, as shown in Figure 6.

By using the proposed Algorithm 1, one can find that the injected FDI attacks are detected at t = 82.2 s in the vehicle networking system ${\vartheta }_8$ and t = 104.7 s in the vehicle networking system ${\vartheta }_{10}$, as shown in Figure 6b,d. Thus, the injected FDI attacks are isolated in the vehicle networking system ${\vartheta }_8$ and ${\vartheta }_{10}$ based on Algorithm 2. Namely, the injected FDI attacks on the 4th and 8th vehicles are isolated.

To sum up, the simulation results in Figure 4, Figure 5 and Figure 6 demonstrate the effectiveness of the developed robust state observer-based detection and isolation method against multiple FDI attacks in the vehicle networking system.

5. Conclusions and Discussion

In this paper, a robust state observer-based detection and isolation method against multiple FDI attacks in the vehicle networking system is proposed. Based on the change of internal physical state, a state residual-based detection criterion is developed to address the problem of existing detection methods being cheated. Considering the influence of model error and disturbance, an adaptive is given to improve the detection performance caused by the precomputed threshold. In addition, a robust state observer bank is constructed to cut down the time of the isolation of multiple FDI attacks. Finally, simulations show the performance of the developed security mechanism on the vehicle networking system.

Although a model-based for attack detection is proposed by using a robust state observer, there is still much work to be considered in the future as follows.

A well-calibrated model with low uncertainty: As shown in [22], the model-based for attack detection task is extremely challenging to accomplish in large-scale urban traffic networks due to phenomena such as scattering and hysteresis that increase the uncertainty of the MFD. Additionally, traffic demands are highly uncertain and difficult to predict. Thus, how to reduce the influence of the uncertainty on model-based detection methods need to be further considered.

The effect of communication delay on system model: Due to intermittencies and packet drops in the communication channels, there exists a time delay in [31]. For this reason, we need to study the model by taking into account the communication delay that appears in the interchange of information through the communication channel.

The detection of mixed attacks: In [21], Mercader, P. et al. have presented a bibliographical review of definitions, classifications and applications concerning cyber attacks in networked control systems and cyber–physical systems. Based on the proposed detection method, we need further consider the detection and defense against multiple mixed attacks, such as Dos, replay attacks and FDI attacks in the intelligent Internet of vehicles system.