Change Point Models for Real-time V2I Cyber Attack Detection in a Connected Vehicle Environment

Connected vehicle (CV) systems are cognizant of potential cyber attacks because of increasing connectivity between its different components such as vehicles, roadside infrastructure and traffic management centers. However, it is a challenge to detect security threats in real-time and develop appropriate/effective countermeasures for a CV system because of the dynamic behavior of such attacks, high computational power requirement and a historical data requirement for training detection models. To address these challenges, statistical models, especially change point models, have potentials for real-time anomaly detections. Thus, the objective of this study is to investigate the efficacy of two change point models, Expectation Maximization (EM) and Cumulative Sum (CUSUM), for real-time V2I cyber attack detection in a CV Environment. To prove the efficacy of these models, we evaluated these two models for three different type of cyber attack, denial of service (DOS), impersonation, and false information, using basic safety messages (BSMs) generated from CVs through simulation. Results from numerical analysis revealed that EM and CUSUM could detect these cyber attacks, DOS, impersonation, and false information, with an accuracy of 99\%, 100\%, and 98\%, and 100\%, 100\% and 98\%, respectively.