Toward Trustworthy Autonomous Cyber-Physical Systems: Robust Machine Learning for Secure Sensing, Perception, and Control

Abstract

The integration of cyber-physical systems (CPS) with artificial intelligence (AI)/ machine learning (ML) has enabled next-generation autonomous systems capable of advanced perception and real-time decision-making in complex and dynamic environments. Such systems, especially in safety-critical domains like connected and autonomous vehicles (CAVs), are increasingly vulnerable to sophisticated and adaptive attacks due to the tight coupling of their sensing, communication, and AI/ML components. At the communication level, in-vehicle networks such as the controller area network (CAN) lack intrinsic security, enabling both high-rate injection attacks and subtle signal-level manipulations that preserve timing characteristics. At the system level, Vehicle-to-Everything (V2X) communication introduces additional challenges stemming from decentralization and dynamic environments, which adversaries can exploit through coordinated misbehavior and adversarial perturbations. At the autonomy level, AI/ML models are vulnerable to adversarial and backdoor attacks that maintain perceptual similarity while altering model behavior. Furthermore, multimodal fusion-based perception systems rely on strict temporal synchronization across heterogeneous sensors, which can be exploited through imperceptible delays that degrade downstream perception tasks. A unifying challenge across these domains is that malicious behaviors often appear statistically, temporally, or semantically consistent at the surface level, while violating deeper structural dependencies, making them difficult to detect using existing rule-based defenses. To tackle these challenges, we propose a unified, cross-layer framework for securing autonomous CPS. Central to our approach is the introduction of a body–brain–interface abstraction, where the body represents sensing and actuation, the brain captures AI-enabled perception and decision-making, and the interface encompasses the middleware, clock synchronization, etc. This abstraction serves as both an analytical lens to understand how attacks propagate across layers and a design principle for building robust, layer-aware defenses. Guided by this abstraction, we propose defenses that model intrinsic temporal, statistical, and cross-modal relationships to detect subtle and adaptive malicious behaviors across diverse CPS components. The key contributions of this work are threefold. First, to secure the body, we develop CANtropy, a lightweight feature-driven intrusion detection framework for CAN traffic that leverages temporal and statistical signal dependencies; CANShield, a deep multi-scale autoencoder architecture capable of detecting stealthy signal-level CAN attacks; and VehiGAN, a generative adversarial network (GAN)-based approach for V2X misbehavior detection with enhanced generalization and robustness against adversarial manipulation. Second, to secure the brain, we introduce NoiSec, a unified noise-based detection framework that identifies both adversarial and backdoor attacks across multiple data modalities. Finally, to secure the interface, we uncover a novel threat, DejaVu, a temporal misalignment attack that exploits synchronization vulnerabilities in multimodal perception systems, and propose Aion, a lightweight defense mechanism that leverages cross-modal temporal consistency and dynamic time warping to effectively detect and mitigate such misalignment attacks. Collectively, these contributions advance both AI and CPS security by enabling practical defense against cross-layer adaptive threats and establishing a foundation for secure, resilient autonomous systems through unified abstractions.