Driving State-aware Anomaly Detection for Autonomous Vehicles

With the increasing popularity of autonomous driving systems (ADS) in autonomous vehicles (AV), in recent years, there have been many attacks targeting AVs and ADSs. Meanwhile, recent studies have attempted to improve the safety and security of AVs from different perspectives, and they mainly focus on the spoofing attacks against the sensors and the injection attacks against the vehicle chassis and actuators. However, direct attacks on ADSs (i.e., communication hijacking and malicious codes) remain inadequately addressed, and even worse, such attacks can cause AVs to make unsafe driving decisions rapidly. In this paper, we introduce DSAD, a driving state-aware anomaly detection framework designed to enhance AV safety and security by identifying ADS attacks, such as communication hijacking and malicious codes, through chassis states. First, DSAD models ADS operations (i.e., driving states) as a two-layer state machine, utilizing real-time chassis data to infer driving states and detect anomalies in ADS outputs. This reduces false positives and negatives by aligning detection with the diverse operational modes of AVs. To achieve this, we develop a prototype system, DSAD, incorporating a Detection Policy Update mechanism that dynamically adjusts detection policies based on the vehicle’s driving states, such as lane changing and obstacle avoidance. Second, DSAD considers both collision avoidance and control stability, addressing potential conflicts through hard and soft requirements. Furthermore, DSAD integrates a fault handling module compatible with existing autonomous driving fault handling mechanisms, ensuring timely response to detected anomalies. We develop a prototype anomaly detection system called DSAD and deploy it on four ADSs. We evaluate DSAD using various attack scenarios, and the results show that DSAD can identify over 90% of attacks on ADSs.