VehiGAN: Generative Adversarial Networks for Adversarially Robust V2X Misbehavior Detection Systems

Abstract

Vehicle-to-Everything (V2X) communication enables vehicles to communicate with other vehicles and roadside infrastructure, enhancing traffic management and improving road safety. However, the open and decentralized nature of V2X networks exposes them to various security threats, especially misbehaviors, necessitating a robust misbehavior detection system (MBDS). While machine learning (ML) has proved effective in different anomaly detection applications, the existing ML-based MBDSs have shown limitations in generalizing due to the dynamic nature of V2X and insufficient and imbalanced training data. Moreover, they are known to be vulnerable to adversarial ML attacks. On the other hand, generative adversarial networks (GAN) possess the potential to mitigate the aforementioned issues and improve detection performance by synthesizing unseen samples of minority classes and utilizing them during their model training. Therefore, we propose the first application of GAN to design an MBDS that detects any misbehavior and ensures robustness against adversarial perturbation. In this paper, we present several key contributions. First, we propose an advanced threat model for stealthy V2X misbehavior, in which an attacker can transmit malicious data and use adversarial attacks to mask it, thereby evading detection by ML-based MBDS. We formulate two categories of adversarial attacks against the anomaly-based MBDS. Later, in the pursuit of a generalized and robust GAN-based MBDS, we train and evaluate a diverse set of Wasserstein GAN (WGAN) models and present Vehicular GAN or VehiGAN, an ensemble of multiple top-performing WGANs, which transcends the limitations of individual models and improves detection performance and adversarial robustness. We present a physics-guided data preprocessing technique that generates effective features for ML-based MBDS. In the evaluation, we leverage the state-of-the-art V2X attack simulation tool VASP to create a comprehensive dataset of V2X messages with diverse misbehaviors. Evaluation results show that in 20 out of 35 misbehaviors, \sysname outperforms the baselines and exhibits comparable detection performance in other scenarios. Particularly, VehiGAN excels in detecting advanced misbehaviors that manipulate multiple fields in V2X messages simultaneously, replicating unique maneuvers. Moreover, \sysname provides approximately 92% improvement in false positive rates under powerful adaptive adversarial attacks and possesses intrinsic robustness against other adversarial attacks that target false negative rates. Finally, we make the data and code available for reproducibility and future benchmarking, available at https://github.com/shahriar0651/VehiGAN.