一种网络攻击下网联自动车的改进换道模型

吴新开; 何山; 张少伟; 贺晓征; 王斯奋; WU Xinkai; HE Shan; ZHANG Shaowei; HE Xiaozheng; WANG Sifen

网刊加载中。。。

使用Chrome浏览器效果最佳，继续浏览，你可能不会看到最佳的展示效果，

确定继续浏览么?

复制成功，请在其他浏览器进行阅读

An Improved Lane-changing Model for Connected Automated Vehicles Under Cyberattacks PDF

- ORCID：
WU Xinkai ¹
✉
- ORCID：
HE Shan ¹
- ORCID：
ZHANG Shaowei ¹
- ORCID：
HE Xiaozheng ²
- ORCID：
WANG Sifen ¹

1. School of Transportation Science and Engineer Beihang University， Beijing 100191， China； 2. Department of Civil and Environmental Engineering， Rensselaer Polytechnic Institute， Troy， NY 12180， United States

CLC： U461.6

Updated：2022-12-22

DOI：10.11908/j.issn.0253-374x.22406

Abstract

The connected automated vehicle （CAV） is promising to enhance traffic efficiency， traveling safety， and energy savings. However， due to the open wireless communication， the CAV is vulnerable to cyber threats. Existing studies mainly focus on surveying related cyberattacks and evaluating the impact of attacks on vehicular longitudinal behaviors on a single lane. This paper aims to investigate the effects of cyberattacks on vehicular lateral behaviors on a two-lane highway， i.e.， the lane-changing （LC） behaviors under cyberattacks. Based on a classical lane-changing model--minimizing overall braking induced by lane changes （MOBIL） model， and a classical car-following model--Intelligent Driver Model （IDM）， this study proposes an extended lane-changing model （ELC） which can model CAV's lane-changing behaviors under cyberattacks. At the end， simulations are conducted to illustrate the impact of different malicious attacks on vehicles' LC movements. Results show that cyberattacks can imperil the LC maneuvers and lead to abnormal driving behaviors.

Keywords

connected automated vehicles; lane-changing; cyberattacks; MOBIL model; intelligent driver model

Connected automated vehicles （CAVs）， which integrate vehicle-to-vehicle （V2V） communication and autonomous vehicles （AV） technologies， are expected to greatly improve traffic safety and efficiency ^［

1-2］. Through wireless communication， CAVs can share and exchange information such as velocity， position， acceleration， and road conditions ^{［Reference 3

Baidu Scholar}3］. However， due to open wireless communication， CAVs are vulnerable to various kinds of attacks， such as man-in-the-middle attack， impersonation attack， forging attack， replay attack， and Sybil attack ^{［Reference 4-5}4-5］. These cyberattacks have shown severe risks to CAV traffic. To prevent these risks， a fundamental task is to research the impacts of cyberattacks on CAVs' driving behaviors ^{［Reference 6-7}6-7］.

Lopez et al. ^［

8］ developed attack models as functions of tampered traffic control settings （e.g.， green time raios， cycle length， retaining ratios） with outputs equivalent to mobility impacts on the traffic network. Feng et al. ^{［Reference 9

Baidu Scholar}9］ investigated the vulnerability of traffic control systems in a connected environment and summarized four attack surfaces， including signal controllers， vehicle detectors， roadside units， and onboard units. Khan et al. ^{［Reference 10

Baidu Scholar}10］ developed a conceptual system dynamics （SD） model to analyze cybersecurity in the complex， uncertain deployment of CAVs. The SD model consists of six critical avenues and maps their respective parameters that either trigger or mitigate cyber-attacks in the operation of CAVs using a systematic theoretical approach. Maglaras et al. ^{［Reference 11

Baidu Scholar}11］ present main threats to critical infrastructures along with protective measures that one nation can take， and which are classified according to legal， technical， organizational， capacity building， and cooperation aspects. Dong et al. ^{［Reference 12

Baidu Scholar}12］ designed an evaluation framework for cyberattacks on CAVs， and analyzed the impact of cyberattacks on vehicles and the transportation system. Li et al. ^{［Reference 13

Baidu Scholar}13］ investigated the influence of slight cyber-attacks on the longitudinal safety of CAVs， and considered the communicated position and speed data from preceding CAVs under attacks. Hu et al. ^{［Reference 14

Baidu Scholar}14］ proposed a method to detect cyberattacks by cross-checking Signal Phase and Timing （SPaT） information and connected vehicle trajectories data.

However， the existing work aims to investigate the impact of cyberattacks on CF behaviors. To the best of our knowledge， only a few previous studies have considered the impact of cyberattacks on LC behaviors. For instance， Khattak et al. ^［

15］ utilized an infrastructure-based communication platform consisting of cooperative adaptive cruise control and lane control to perform cyber risk assessments of CAVs. Kashyap et al. ^{［Reference 16

Baidu Scholar}16］ found that the malicious vehicles may perform subtle speed and/or lane changes and modeled the mix of malicious and normal vehicles in the traffic system by using the Lighthill-Whitham-Richards （LWR） model. The authors aimed to use Gaussian Processes to detect the presence of such malicious vehicles in such a mixed traffic scenario. Zhao et al. ^{［Reference 17

Baidu Scholar}17］ used the default lane-changing algorithm in Simulation of Urban Mobility （SUMO） and presented the traffic behavior under cyberattacks.

Although these studies present the influence of cyberattacks on LC behaviors using simulation experiments， they have not developed new lane-changing model with cyberattacks. In this research， we aim to construct an improved LC model associated with cyberattacks， through which we could better understand how the cyberattacks impact the LC maneuver and how to quantify this impact. The detailed description will be presented in the following sections.

This study improves a classic LC model， i.e.， MOBIL （Minimizing Overall Braking Induced by Lane changes） model ^［

18］ to describe the lane-changing behavior. In the proposed ELC （Extended Lane Change） model， an improved IDM （Intelligent Driver Model）， a most widely used CF model ^{［Reference 19

Baidu Scholar}19］， is adopted to derive neighbor vehicles' accelerations based on their own and their nearest leaders’ velocities and positions when the LC happens. Numerical simulations are conducted to verify the effectiveness of our proposed ELC models and illustrate the impact of cyberattacks including velocity， position and acceleration attacks on LC behaviors.

The main contributions are described as below. （i） Cyberattacks on vehicles are formulized and integrated into the classical LC and CF models. （ii） The extended LC model and the improved IDM are used to describe the process of LC in two lanes. （iii） Various cyberattacks are classified into three types， i.e.， velocity， position and acceleration attacks， and numerical simulations illustrate the changes of malicious attacks on vehicles' LC movements.

1 An extended lane-changing model for CAVs under cyberattacks

1.1　Lane-changing model

In general， a LC process consists of three phases， i.e.， before， during， and after the lane change ^［

20］. In the phases of before and after the lane change， vehicles follow the CF rules. Also， before the lane change， the subject vehicle requires to consider neighbor vehicles' dynamical parameters such as velocity， space gap， and acceleration. If the LC condition is satisfied， then the subject vehicle performs a lane change. This section presents how to derive an extended lane-changing （ELC） model with cyberattacks.

To describe CAVs' LC behaviors under cyberattacks， we adopt the MOBIL model， which has many advantages ^［

21-22］ compared to other LC models. The most evident one is that MOBIL uses acceleration as a model control variable， which allows perfect integration with other CF models to simulate both CF and LC behaviors at a microscopic level. Also， MOBIL integrates the LC demand generation and the feasibility judgment， which can better describe CAVs' LC behaviors.

In this study， the MOBIL LC model is implemented to model a two-lane highway traffic. A simple diagram of a lane change on two-lane traffic is first provided in Fig. 1. As shown in the figure， the subject vehicle， indexed as $m$ ， plans to change to its neighbor lane. Before the LC， its nearest preceding and following vehicles are indexed as $m - 1$ and $m + 1$ ， respectively. The neighbor vehicles on the LC target lane are indicated by $n$ and $n - 1$ ， respectively. When the LC condition is satisfied， the subject vehicle $m$ will change its current lane to the neighbor target lane， as shown by the virtual vehicle in Fig. 1. After the lane change， the subject vehicle $m$ follows its new preceding vehicle $n - 1$ based on the CF theory. Meanwhile， the new follower of the subject vehicle turns to be vehicle $n$ .

Fig. 1 A typical lane-changing scene

The MOBIL model has a comprehensive consideration of both LC safety and gain. Therefore， it needs to meet the following two essential conditions：

（1） The safety criterion： This condition aims to ensure the safety after the LC， i.e. both the accelerations of the subject vehicle $m$ and its new follower vehicle $n$ need to fit the following conditions：

a_{m}^{p r e} \geq - b_{s a f e} a n d a_{n}^{p r e} \geq - b_{s a f e}

（1）

where $a_{m}^{p r e}$ and $a_{n}^{p r e}$ represent the predicted accelerations of the subject vehicle $m$ and its new follower vehicle $n$ after the subject vehicle $m$ changes the lane， respectively； and $b_{s a f e}$ represents a maximum safe deceleration.

（2） The incentive condition： This criterion is used to decide whether a lane change improves the local traffic status. The incentive criterion is formalized as below：

\underset{s u b j e c t v e h i c l e}{\underset{︸}{a_{m}^{p r e} - a_{m}}} + p (\underset{n e w f o l l o w e r}{\underset{︸}{a_{n}^{p r e} - a_{n}}} + \underset{o l d f o l l o w e r}{\underset{︸}{a_{m + 1}^{p r e} - a_{m + 1}}}) > Δ a_{t h}

（2）

where $a_{m}$ indicates the acceleration of vehicle $m$ on the current lane， $p$ denotes the politeness factor， $a_{m + 1}^{p r e}$ indicates the predicated acceleration of vehicle $m + 1$ after the subject vehicle $m$ changes the lane， and $Δ a_{t h}$ is the LC threshold. The politeness factor $p$ can be interpreted as the degree of altruism， which is a variable that determines the impact of nearby vehicles on the LC decision of the subject vehicle. It can vary from $p = 0$ for completely selfish lane-changers to $p > 1$ for altruistic drivers who do not change lane if LC would deteriorate the traffic situation considering these followers. Furthermore， $p > 0$ represents considering the benefits of other vehicles.

1.2　Car-following model

There are two different car-following models， linear and the other nonlinear model， to demonstrate the CAVs' following behaviors. Car-following models are used to formulate vehicle interactions and uncover CAV platoon dynamics. Linear car-following models include Pipes model， Helly's model， and Gazis–Herman–Rothery model. Nonlinear car-following models include Newell's model， optimal velocity model， and intelligent driver model （IDM）. The critical difference between these two types of car-following models is that the nonlinear models capture a nonlinear relationship with deviation from the desired space gap and the relative velocity.

Compared to the linear car-following model， the nonlinear car-following is more suitable for describing the real traffic flow due to its nonlinearity and sophistication in capturing complex vehicle dynamics. This research adopts the IDM due to its advantages as follows. First， the IDM is a multi-regime model， which presents a greater realism than other nonlinear models when characterizing the congested traffic flow ^［

2］. Second， the IDM ensures collision-free vehicle movements， which would not cause unrealistic acceleration/deceleration shown in some linear car following models ^{［Reference 23

Baidu Scholar}23］. The formulation of this model is expressed as follows ^{［Reference 19

Baidu Scholar}19］：

\begin{array}{l} a_{m} (t) = a (1 - {(\frac{v_{m}}{v_{0}})}^{4} - {(\frac{s * (v_{m}, Δ v_{m})}{s_{m}})}^{2}) \\ w i t h s * (v_{m}, Δ v_{m}) = s_{0} + v_{m} T + \frac{v_{m} Δ v_{m}}{2 \sqrt[]{a b}} \end{array}

（3）

where $a_{m}$ indicates the acceleration of vehicle m； $v_{0}$ indicates the desired velocity in free flow； $s *$ indicates the desired safe gap； $s_{0}$ denotes the space gap in completely stopped traffic； $s_{m} = x_{m - 1} - x_{m} - l$ is the space gap between the preceding vehicle $m - 1$ and vehicle $n$ ； $l$ is the length of vehicle； $x_{m}$ is the position of the vehicle m； $v_{m}$ is the velocity of vehicle m； and $Δ v_{m} = v_{m} - v_{m - 1}$ is the relative velocity between vehicle $m$ and its preceding vehicle $m - 1$ . In addition， $T$ is the desired time gap between successive vehicles； and $a$ and $b$ indicate the vehicle's maximum acceleration and deceleration， respectively. Note if all vehicles travel uniformly， i.e.， each vehicle's acceleration is equal to zero， each vehicle keeps the same velocity and space gap between consecutive vehicles.

In a normal CAV environment， each vehicle can receive dynamic information such as velocity， position， and acceleration from the surrounding vehicles. Vehicles' information will be accurately sent to the target vehicle on time. However， when an attack happens， the information transmission between vehicles could be interrupted， delayed， lost， or even falsified. Then， the vehicle's LC and CF behaviors can also be influenced. Note that this study only the V2V communication.

1.3　Cyberattacks

Much research has demonstrated that cyberattacks have an impact on the effective use of vehicles ^［

24］. If without any influence of cyberattacks， vehicle dynamics information， including speed， acceleration， headway， etc.， will be accurate and timely disseminated to other vehicles. The cyberattacks can be classified into three main categories： DoS attacks， replay attacks and false data injection attacks. When an attack such as spoofing， replay， and impersonation occurs， the information transmission among vehicles could be interrupted and/or falsified. A detailed description of these attacks is listed below ^{［Reference 25-26}25-26］.

（1） Spoofing attack： An adversary can compromise a vehicle and send fake messages such as fake location， velocity， and acceleration. For instance， GPS is responsible for delivering the real-time location message to the surrounding vehicles. When the spoofing attack happens， the spoofed GPS can send a fake location to the subject vehicle by releasing a strong-power signal from the GPS satellite simulator.

（2） Replay attack： An attacker captures the packets and replays them at a later time to disguise that they were sent by the true sender. Thus， the repeated message， which is sent after a while， could be accepted as a new message. Mathematically， the position， velocity， and position of vehicle may be unchanged during the attacking period.

（3） Impersonation attacks： In vehicular networks， an attacker could impersonate a roadside infrastructure or vehicle to trick others by applying their authentication details. For example， an attacker might impersonate an emergency vehicle， which would give them a higher priority within the vehicular network and result in less congestion. The position， velocity， and position of vehicle can be altered.

The above cyberattacks could affect vehicles' behaviors in their own manners. Essentially， all these attacks can release bogus messages which falsify the vehicle's dynamic information such as velocity， position， and acceleration. Hence， for simplicity， this research considers all these attacks as bogus attacks ^［

25］.

1.4　Extended LC model with cyberattacks

To describe CAVs' dynamic traffic behaviors under cyberattack， we present the following two representative attacking cases. In the first case， we assume that the velocity and/or the position of the preceding vehicle $m - 1$ of the subject vehicle $m$ is attacked， and vehicle $m - 1$ sends falsified velocity and/or position messages to the subject vehicle $m$ . Then the subject vehicle's acceleration will be influenced. In this case， the influenced acceleration in MOBIL needs to be updated by the following extended IDM model：

a_{m} (t) = a (1 - {(\frac{v_{m}}{v_{0}})}^{4} - {(\frac{s * (v_{m}, v_{m} - β v_{m - 1})}{γ x_{m - 1} - x_{m} - l_{m}})}^{2})

（4）

where $β$ and $γ$ are the weight parameters to describe the impacts of cyberattacks on velocity and position of the subject vehicle’s nearest leader， respectively. If $β \neq 0$ or $γ \neq 0$ ， Eq. （4） means that the velocity or the position of vehicle $m - 1$ is attacked. If $β = γ = 0$ ， Eq. （4） is transformed to the classical IDM model.

In the second case， we assume that the acceleration of the following vehicle $n$ after LC of the subject vehicle $m$ is falsified. In this situation， the weighting parameters $α, δ$ are introduced to capture the change of acceleration influenced by attacks. An improved incentive criterion in the MOBIL model under cyberattacks can be formulated below：

\underset{s u b j e c t v e h i c l e}{\underset{︸}{a_{m}^{p r e} - a_{m}}} + p (\underset{n e w f o l l o w e r}{\underset{︸}{a_{n}^{p r e} - α a_{n}}} + \underset{o l d f o l l o w e r}{\underset{︸}{a_{m + 1}^{p r e} - δ a_{m + 1}}}) > Δ a_{t h}

（5）

where $α$ and $δ$ are the weighting parameters to describe the impacts of cyberattacks on the new follower vehicle $n$ after LC and the old follower vehicle $m + 1$ before LC. Here， $α$ and $δ$ have clear physical meanings. If $α = δ = 1$ ， it indicates the CAV is moving without cyberattacks. While $α \neq 1$ and/or $δ \neq 1$ ， it denotes the CAV is influenced by cyberattacks. Specifically， if $α > 1$ （ $δ > 1$ ）， it represents that the subject vehicle receives overestimated acceleration messages of the following vehicle after （or before） LC； and if $α < 1$ （ $δ < 1$ ）， it represents that the subject vehicle receives an underestimated acceleration message from the following vehicle after （or before） LC.

Overall， these falsified messages could cause the vehicle to make the wrong decision， leading to potential collisions. To fully capture these impacts， based on above Eqs. （1），（4） and （5）， we can derive an ELC model， i.e.， an improved MOBIL model， as described in the following equation：

\{\begin{matrix} \begin{array}{l} a_{m}^{p r e} \geq - b_{s a f e} \\ a_{n}^{p r e} \geq - b_{s a f e} \end{array} \\ \underset{s u b j e c t v e h i c l e}{\underset{︸}{a_{m}^{p r e} - a_{m}}} + p (\underset{n e w f o l l o w e r}{\underset{︸}{a_{n}^{p r e} - α a_{n}}} + \underset{o l d f o l l o w e r}{\underset{︸}{a_{m + 1}^{p r e} - δ a_{m + 1}}}) > Δ a_{t h} \\ a_{n} (t) = a (1 - {(\frac{v_{n}}{v_{0}})}^{4} - {(\frac{s * (v_{n}, v_{n} - β v_{n - 1})}{γ x_{n - 1} - x_{n} - l_{n}})}^{2}) \end{matrix}

（6）

Note that Eq. （6） essentially integrates the CF IDM model and the LC MOBIL model for the CAVs under attacks. The following section will verify the effectiveness of our proposed model.

2 Numerical Simulation

This section presents a series of simulations to verify the effectiveness of the proposed ELC model and illustrate the impact of cyberattacks on vehicles' LC behaviors. In this study， we use Python to show the change in vehicles' behaviors under cyberattacks. We select a two-lane highway whose length is long enough to conduct our simulation. The total simulation time is 30 s， and each sampling time is 0.01 s. For the convenience of investigation， we put forward the following assumptions （see Fig. 2）：（i） 12 CAVs are grouped as two platoons and are traveling on a straight two-lane highway；（ii） Without LC， each vehicle updates its dynamical parameters based on the IDM model and adopts a simple predecessor-following communication protocol， i.e.， one vehicle only receives beacon messages from its directly preceding vehicle； and （iii） The subject vehicle （3^rd vehicle） changes to the neighbor lane based on the proposed ELC Eq. （6）.

Fig. 2 Numerical simulation scenarios

To illustrate the impact of cyberattacks on the vehicle's lateral behaviors， we design five scenarios： without attacks， velocity attack， position attack， velocity and position attacks， and acceleration attack.

In all scenarios， each vehicle's initial space headway in the platoon is 35 m， and the initial velocity is set as 14 $m \cdot s^{- 1}$ . As shown in Fig. 2， the velocity of the first vehicle （i.e.， vehicle 1） in the current lane （i.e.， lane A） remains unchanged at 14 $m \cdot s^{- 1}$ ， and the first vehicle （i.e.， vehicle 2） in the target lane （i.e.， lane B） is 18 $m \cdot s^{- 1}$ . Other vehicles in the platoon obey the IDM to follow their preceding vehicles. The initial values of all parameters for simulation are presented in Tab. 1.

Tab. 1 Simulation parameters

Parameter	Value	Description
$N$	12	Number of vehicles
$v_{0}$ /（ $m \cdot s^{- 1}$ ）	33.33	Desired free-flow velocity
$T$ / $s$	1.6	Safety time headway
$s_{0}$ / $m$	2	Jam distance
$a_{i}$ /（ $m \cdot s^{- 2}$ ）	0.73	Maximum acceleration
$b_{i}$ /（ $m \cdot s^{- 2}$ ）	1.67	Desired deceleration
$b_{s a f e}$ /（ $m \cdot s^{- 2}$ ）	4	Maximum safety deceleration
$Δ a_{t h}$ /（ $m \cdot s^{- 2}$ ）	0.1	Switching threshold
$p$	0.1	Politeness factor

（1）　Without cyberattacks

As a reference， Fig. 3 shows the changes in the dynamic parameters of the platoon without cyberattacks. When the LC model does not meet the safety constraint and the incentive condition， there is no LC.

Fig. 3 Plots of position, velocity, acceleration, and space headway without attacks

Before the LC， each vehicle is traveling uniformly in the current lane. We can see that the 3^rd vehicle changes its lane at 6.23 s according to the classical MOBIL model. At this time， the 3^rd vehicle's velocity is 14.44 $m \cdot s^{- 1}$ ， and the 4^th vehicle's velocity is 17.63 $m \cdot s^{- 1}$ . As shown in this figure， after the LC， the following vehicles of the 3^rd vehicle in lane A （e.g.， 5^th and 7^th vehicles） accelerates to shrink the space headway. Meanwhile， the following vehicles of the 3^rd vehicle in lane B （e.g.， 4^th and 6^th vehicles） have to decelerate to keep the safe space headway.

（2）　Velocity attacks

Fig. 4 and Fig. 5 show the dynamic parameters of the platoon when the 1^st vehicle's velocity is underestimated （ $β = 0.9$ ） and overestimated （ $β = 1.1$ ）， respectively. It can be seen that the 3^rd vehicle plans to change its lane at 4.87 s and 7.80 s， respectively. According to the extended IDM model Eq. （4）， when the 1^st vehicle's velocity is underestimated， the 3^rd vehicle is forced to slow down to achieve safe space headway. Based on Eq. （2）， the incentive value in the MOBIL model turns large. Hence， the subject vehicle （i.e.， 3^rd vehicle） will change to the neighbor lane in advance. Compared with Fig. 3， under underestimated velocity attack， the LC time is advanced by 1.36 s.

Fig. 4 Plots of position, velocity, acceleration, and space headway under underestimated velocity attacks when $β = 0.9$

Fig. 5 Plots of position, velocity, acceleration, and space headway under overestimated velocity attacks when $β = 1.1$

Fig. 5 shows the impact of an overdamped velocity attack on the LC of the subject vehicle. If the released messages of the 1^st vehicle's velocity are falsified and amplified， the subject vehicle （i.e.， 3^rd vehicle） who receives the falsified messages has to accelerate to keep the same velocity as the first vehicle. Based on Eq. （2）， the incentive value in the MOBIL model turns small. In this case， the LC time is delayed by 1.57 s. It should be noted that the real velocity of the first vehicle does not change. It is not difficult to imagine that this attack could lead to a potential collision.

（3）　Position attacks

Fig. 6 and Fig. 7 show changes in the dynamic parameters of the platoon when the space headway between the 1^st vehicle and the 3^rd vehicle is underestimated and overestimated， respectively. It can be seen that the 3^rd vehicle chooses to change lanes at 5.76 s and 6.67 s， respectively. Intuitively， when the space headway is underestimated， the 3^rd vehicle has to decrease its velocity to keep a safe space headway. The smaller acceleration of the subject vehicle leads to a larger incentive value based on Eq. （2）. Hence， based on the MOBIL model， the subject vehicle should change its lane in advance. As shown in Fig. 6， the LC time is advanced by 0.47 s. By contrast， when the space headway is overestimated， the 3^rd vehicle accelerates to shorten the space headway. Based on Eq. （2）， the larger acceleration of the subject vehicle leads to a smaller incentive value. Hence， based on the MOBIL model， the LC time of the subject vehicle should be postponed. As shown in Fig. 7， the lane-changing time is delayed by 0.44 s.

Fig. 6 Plots of position, velocity, acceleration, and space headway under underestimated position attacks when $γ = 0.9$

Fig. 7 Plots of position, velocity, acceleration, and space headway under overestimated position attacks when $γ = 1.1$

（4）　Velocity and position attacks

In this case， we discuss the effects of modification of both velocity and position on LC behaviors. Fig. 8 and Fig. 9 show that changes in position， velocity， acceleration， and space headway of the vehicle platoon under velocity and position attacks. The 3^rd vehicle changes lanes at 4.42 s and 8.20 s， respectively. It can be seen that when the velocity and headway are both underestimated by 10%， i.e.， $β = γ = 0.9$ ， the LC time will be greatly advanced by 1.81 s. Underestimated velocity and space headway lead to an increase in the incentive value of lane-changing. Thus the 3^rd vehicle changes its lane quickly. When the velocity and headway are both overestimated by 10%， i.e.， $β = γ = 1.1$ ， the 3^rd vehicle first increases its velocity to follow the 1^st vehicle and reduce the space headway， resulting in a decrease in the incentive value of LC based on Eq. （2）. Hence， the LC time is put off. In this case， the LC time is delayed by 1.97 s. Compared with the velocity or position attacks， the influence of both velocity and position is much severer.

Fig. 8 Plots of position, velocity, acceleration, and space headway under underestimated velocity and position when $β = γ = 0.9$

Fig. 9 Plots of position, velocity, acceleration, and space headway under overestimated velocity and position when $β = γ = 1.1$

（5）　Acceleration attack

To be consistent with the proposed ELC model， we assume that the accelerations of the new follower after LC （the 6^th vehicle） and the old follower before LC （the 5^th vehicle） are falsified. In detail， Fig. 10 and Fig. 11 show the changes in the dynamics parameters of the platoon when the acceleration is underestimated （i.e.， $α = δ = 0.5$ ） and overestimated （i.e.， $α = δ = 1.5$ ）， respectively. These figures show that the 3^rd vehicle changes its lane at 6.21 s and 6.25 s， respectively. In fact， the new or old followers cannot influence the subject vehicle's longitudinal behaviors but the lateral LC behaviors based on the MOBIL model. Compared with no attack scenarios scenario， whether underestimated or overestimated acceleration attacks could result in a slight change in LC time. The reason is that the politeness factor （ $p = 0.1$ ） in Eq. （6） weakens the influence of the accelerations of the new and old followers. Hence， acceleration attacks only lead to slight time changes.

Fig. 10 Plots of position, velocity, acceleration, and space headway under underestimated acceleration attacks when $α = δ = 0.5$

Fig. 11 Plots of position, velocity, acceleration, and space headway under overestimated acceleration attacks when $α = δ = 1.5$

The above five simulation experiments show that falsification of acceleration， velocity， and position will cause abnormal LC behavior， such as LC time in advance or delay and vehicles' oscillation amplitudes. These results demonstrated that cyberattacks could influence traffic efficiency and cause potential rear-end collisions.

3 Conclusions

With the advent of intelligent and connected technology， the impacts of cyberattacks on vehicles have drawn many scholars' attention. This research focuses on modeling LC behaviors under cyberattacks. To this end， based on the MOBIL and IDM models， this study proposes an extended LC （ELC） model with cyberattacks to describe the LC decision-making behavior. Through the numerical simulation， we found that cyberattacks could imperil the LC maneuvers and different attacks are able to result in different consequences such as LC time in advance or delay， and even potential rear-end collisions.

By studying the lane-changing behavior of connected vehicles under cyberattacks， the impact of cyberattacks on vehicle lane-changing behaviors is revealed. Attackers can attack with different parameters on vehicles according to different attack purposes and real-time traffic conditions to accomplish specific attack goals， such as causing collisions and increasing traffic congestion.

The research in this paper allows us to have a deeper understanding of the impact mechanism of cyberattacks， so that we can actively defend against attacks. By analyzing the manifestations and results of cyberattacks， the detection and defense of cyberattacks can be completed in time， so as to avoid personal and property hazards.

In actual vehicle applications， relevant algorithms can be installed to detect the dynamic information of the own vehicle and other vehicles， so as to quickly and timely find abnormal dynamic updates and communication information. At the same time， the detection method can also be used in combination with other cyberattacks detection methods to improve the detection rate of cyberattacks， and provide response strategies in time.

Vehicles have multiple strategies to defend against cyberattacks. In addition to cryptographic methods， communication information can also be verified by methods such as multi-sensor data fusion. At this time， the attacker needs more sophisticated attack strategies， such as performing compound attacks and attacking acceleration， speed， and position information at the same time， which also puts forward higher requirements for vehicle information security protection.

There are several directions for future study. First， it is expected that this research could help counter the detrimental effects caused by cyberattacks. By understanding the impacts on traffic dynamics caused by different cyberattacks， some possible traffic control， and management strategies could be developed and applied to resolve these impacts. Second， in this study， for the convenience of analysis， we just adopt two lane framework in our simulation studies， the framework will be extended to a multi-lane with thousands of vehicles. Third， it will be interesting to explore to assess the impact on more parameters like traffic flow， safety etc. At last， security work against malicious attacks such as detection of cyberattacks， privacy-preserving scheme between V2X and human driver intervention， etc. will be investigated in nearly future.

Contributions Statement

吴新开：构建框架，起草论文；

何山：调研文献，提出模型；

张少伟：调试参数，设计实验；

贺晓征：实验仿真，验证模型；

王斯奋：评阅论文，提供指导。

参考文献

TIAN D， WU G， BORIBOONSOMSIN K， et al. Performance measurement evaluation framework and co-benefit/tradeoff analysis for connected and automated vehicles （cav） applications： a survey［J］. IEEE Intelligent Transportation Systems Magazine， 2018，10（3）： 110. [Baidu Scholar]

SARKER A， SHEN H， RAHMAN M， et al. A review of sensing and communication， human factors， and controller aspects for information-aware connected and automated vehicles［J］. IEEE Transactions on Intelligent Transportation Systems， 2019，21（1）： 7. [Baidu Scholar]

PAPADOULIS A， QUDDUS M， IMPRIALOU M. Evaluating the safety impact of connected and autonomous vehicles on motorways［J］. Accident Analysis & Prevention， 2019，124： 12. [Baidu Scholar]

FERRAG M A， MAGLARAS L A， JANICKE H， et al. Authentication protocols for internet of things： a comprehensive survey［J］. Security and Communication Networks， 2017，2017： 1. [Baidu Scholar]

ALNASSER A， SUN H， JIANG J. Cyber security challenges and solutions for v2x communications： a survey［J］. Computer Networks， 2019，151： 52. [Baidu Scholar]

KHATTAK Z H， SMITH B L， FONTAINE M D. Impact of cyberattacks on safety and stability of connected and automated vehicle platoons under lane changes［J］. Accident Analysis & Prevention， 2021，150： 105861. [Baidu Scholar]

HADDAD J， MIRKIN B. Resilient perimeter control of macroscopic fundamental diagram networks under cyberattacks［J］. Transportation research part B： methodological， 2020，132： 44. [Baidu Scholar]

LOPEZ A， JIN W， AL FARUQUE M A . Security analysis for fixed-time traffic control systems［J］. Transportation Research Part B： Methodological， 2020，139： 473. [Baidu Scholar]

FENG Y， HUANG S， CHEN Q A， et al. Vulnerability of traffic control system under cyberattacks with falsified data［J］. Transportation research record， 2018， 2672（1）： 1. [Baidu Scholar]

KHALID KHAN S， SHIWAKOTI N， STASINOPOULOS P. A conceptual system dynamics model for cybersecurity assessment of connected and autonomous vehicles［J］. Accident Analysis & Prevention， 2022，165： 106515. [Baidu Scholar]

MAGLARAS L， FERRAG M， DERHAB A， et al. Threats， countermeasures and attribution of cyber attacks on critical infrastructures［J］. EAI Endorsed Transactions on Security and Safety， 2018，5（16）： 1. [Baidu Scholar]

DONG C， WANG H， NI D， et al. Impact evaluation of cyber-attacks on traffic flow of connected and automated vehicles［J］. IEEE Access， 2020（8）： 86824. [Baidu Scholar]

LI Y， TU Y， FAN Q， et al. Influence of cyber-attacks on longitudinal safety of connected and automated vehicles［J］. Accident Analysis & Prevention， 2018，121： 148. [Baidu Scholar]

HU J， QI L， ZHANG Z， et al. A detection method for cyber-attack on connected signal phase and timing information［J］. Transportmetrica B： Transport Dynamics， 2022，10（1）： 731. [Baidu Scholar]

KASHYAP A， CHAKRAVARTHY A， MENON P P. Detection of cyber-attacks in automotive traffic using macroscopic models and gaussian processes［J］. IEEE Control Systems Letters， 2022，6： 1688. [Baidu Scholar]

ZHAO X， ABDO A， LIAO X， et al. Evaluating Cybersecurity Risks of Cooperative Ramp Merging in Mixed Traffic Environments［J］. IEEE Intelligent Transportation Systems Magazine， 2022，14（6）：52. [Baidu Scholar]

KESTING A， TREIBER M， HELBING D. General lane-changing model mobil for car-following models［J］. Transportation Research Record， 2007，1999（1）： 86. [Baidu Scholar]

TREIBER M， HENNECKE A， HELBING D. Congested traffic states in empirical observations and microscopic simulations［J］. Physical Review E， 2000，62（2）： 1805. [Baidu Scholar]

SALVUCCI D D， LIU A. The time course of a lane change： driver control and eye-movement behavior［J］. Transportation Research Part F： Traffic Psychology and Behaviour， 2002，5（2）： 123. [Baidu Scholar]

KESTING A， TREIBER M， SCHÖNHOF M， et al. Adaptive cruise control design for active congestion avoidance［J］. Transportation Research Part C： Emerging Technologies， 2008，16（6）： 668. [Baidu Scholar]

ZHENG Y， RAN B， QU X， et al. Cooperative lane changing strategies to improve traffic operation and safety nearby freeway off-ramps in a connected and automated vehicles environment［J］. IEEE Transactions on Intelligent Transportation Systems， 2019，21（11）： 4605. [Baidu Scholar]

ZHENG Y， ZHANG G， LI Y， et al. Optimal jam-absorption driving strategy for mitigating rear-end collision risks with oscillations on freeway straight segments［J］. Accident Analysis & Prevention， 2020，135： 105367. [Baidu Scholar]

ALIWA E， RANA O， PERERA C， et al. Cyberattacks and countermeasures for in-vehicle networks［J］. ACM Computing Surveys， 2021，54（1）： 1. [Baidu Scholar]

WANG P， WU X， HE X. Modeling and analyzing cyberattack effects on connected automated vehicular platoons［J］. Transportation Research Part C： Emerging Technologies， 2020，115： 102625. [Baidu Scholar]

ZHANG T， YE D. False data injection attacks with complete stealthiness in cyber–physical systems： a self-generated approach［J］. Automatica， 2020，120： 109117. [Baidu Scholar]

An Improved Lane-changing Model for Connected Automated Vehicles Under Cyberattacks PDF

Abstract

Keywords

1 An extended lane-changing model for CAVs under cyberattacks

1.1 Lane-changing model

1.2 Car-following model

1.3 Cyberattacks

1.4 Extended LC model with cyberattacks