Skip to main content

Cybersecurity Threats in Connected and Automated Vehicles based Federated Learning Systems

 

Ranwa Al Mallah , Godwin Badu-Marfo , Bilal Farooq

image Courtesy: Comparitech

Abstract

Federated learning (FL) is a machine learning technique that aims at training an algorithm across decentralized entities holding their local data private. Wireless mobile networks allow users to communicate with other fixed or mobile users. The road traffic network represents an infrastructure-based configuration of a wireless mobile network where the Connected and Automated Vehicles (CAV) represent the communicating entities. Applying FL in a wireless mobile network setting gives rise to a new threat in the mobile environment that is very different from the traditional fixed networks. The threat is due to the intrinsic characteristics of the wireless medium and is caused by the characteristics of the vehicular networks such as high node-mobility and rapidly changing topology.

Most cyber defense techniques depend on highly reliable and connected networks. This paper explores falsified information attacks, which target the FL process that is ongoing at the RSU. We identified a number of attack strategies conducted by the malicious CAVs to disrupt the training of the global model in vehicular networks.



The road traffic network represents an infrastructure-based configuration of a mobile and wireless network on which CAVs travel, use regulated frequencies and have access to the bandwidth to communicate. Unlike mobile phones that communicate through a high-speed network, CAVs exchange V2X messages with unknown moving vehicles, Road Side Units (RSU), pedestrians, and cyclists with no prior association. V2V messages enable vehicles to exchange information about their velocity, heading angle, or position with other surrounding vehicles in order to prevent incidents or traffic conditions. Vehicle-to-Infrastructure (V2I) complements Vehicle-to-Vehicle (V2V) communications and enable RSUs to exchange information with the vehicle about traffic, work zones, bridges, and road incidents. Vehicle-to-Pedestrian (V2P) enables the exchange of alerts from pedestrians to approaching vehicles. These technologies exchange packets called Basic Safety Messages (BSM) designed to contain no personally identifiable information since the Anonymity of the sender must always be maintained. Vehicles and their drivers should remain untraceable in order to ensure privacy in ITS. 


Recent reports identified highly practical wireless attacks on CAVs. Some attacks target in-vehicle security and others target security of inter-vehicle communications. For instance, cyber-attacks on CAVs include impersonation, eavesdropping, stealing user private data, spoofing sensors, coordinated attacks on road side infrastructure or malware injection. Security mechanisms to protect CAVs from unauthorized access, control and tampering are important to strengthen the ITS. However, currently, there is no security mechanism in place to validate and authenticate basic safety messages and ensure trusted communication among the random moving entities. The United States Department of Transportation proposed a system where authorized participating vehicles use digital certificates issued by a certain authority to validate and authenticate basic safety messages by attaching these certificates with each message to ensure integrity, confidentiality and privacy of the communication. However, although the system ensures who signed the certificate, among its many challenges is the fact that it is difficult to prove how correct or true the information sent from the vehicle is. A corrupted device in the vehicle can result in false BSM exchanged even though the sender is trusted. Consequently, awareness of the potential threats and developing mitigation methods to proactively mitigate attacks are required in the vehicular networks Unfortunately, a direct application of existing FL protocols without any consideration of the underlying communication infrastructure of the CAVs will expose the FL process to cyberattacks. For instance, malicious entities may exploit vulnerabilities in the vehicular network in order to poison the training of the model with false inputs. The existing defense algorithms are more suitable to cloud assisted applications or data centers.


Federated Learning plays a critical role in supporting the privacy-sensitive applications, where the training data are distributed at the edge. Nikman et al. discussed several applications of FL in the wireless networks, especially in the context of 5G networks. Content caching and data computing at the edge of the wireless network is an approach to reduce back-haul traffic load. FL uses locally trained models rather than directly accessing the user data for content popularity prediction in proactive caching in wireless networks. Another application in wireless mobile networks is the task of learning the activities of mobile phone users. The application can then expose a search mechanism for information retrieval or in-app navigation. Bonawitz et al. proposed a production-level FL implementation, focusing primarily on the averaging algorithm running on mobile phones. Their system is conceived for mobile devices that have much lower bandwidth and reliability compared to data center nodes. Nishio et al. focused on applying the FL in different environmental conditions, such as cases where the server can reach any subset of devices to initiate a round, but receives updates sequentially due to cellular bandwidth limit.

  • FL in wireless mobile networks 

In the context of vehicular networks, a potential application of FL includes adapting in real-time to the traffic conditions with connected and automated vehicles. For instance, a fleet of CAVs may require an up-to-date prediction model of traffic, construction zone delays, or pedestrian behavior to safely operate. FL can help to train models that efficiently adapt to changes in these situations, while maintaining user privacy

  • Cybersecurity of FL in wireless mobile networks 

Wi-Fi, WiMAX, Long-Term Evolution (LTE), Near-Field Communication (NFC), and Dedicated Short-Range Communications (DSRC) are among the communication technologies available for vehicular data communications. In reviewing the literature, several attacks on the communication network involving ITS were found. In terms of privacy, there are various types of inference attacks, for instance, parameter inference, input inference, and attribute inference attacks, which can jeopardize the privacy of the vehicles. While privacy is an important aspect for many machine learning applications, FL is also vulnerable to cyberattacks that target the security of the system.



In this paper, They consider a vehicular network where a the roadside unit can take the role of the chief and the vehicles act as workers, as can be seen in Figure 1.

FL Protocol for a vehicular network: 

  • The RSU identifies an application and its learning problem and broadcasts the FL task to the vehicles in its coverage area. An FL task is a specific computation such as training to be performed with given hyperparameters e.g. learning rate, batch size and number of epochs to run. 
  • Since some vehicles may be unwilling to participate in the training, vehicles that want to participate reply to the chief that they are ready to run the FL task. 
  • Vehicles must stay connected to the chief for the duration of the round. The chief can either consider all the vehicles announcing their availability as workers or he can select a subset and invite them to work on the FL task. 
  • The chief sends out instructions for how to execute the training task and the timing plan. 
  • Once a round is established, the chief then broadcasts the current global model parameters. 
  • Each selected worker then performs a local computation based on the global model and its local dataset, and sends a local model update back to the chief. A notable advantage of FL in this setting is that it does not rely on synchronization among the workers. Hence, even during a loss of connectivity between the vehicles and the RSU, vehicles can still build their local models and navigate; this is crucial in a very dynamic environment as long as the worker adhere to the time window in the timing plan. 
  • The chief waits for the participating workers to report their updates. As local model updates are received, the chief aggregate them using federated averaging. If enough workers report in time, the round will be successfully completed and the chief will update its global model, otherwise, the round is abandoned. The chief incorporates the updates into its global model, and the process repeats.
 THREAT MODEL 

The reliability of the applications of ITS is highly dependent on the quality of the data collected across the traffic network. In this paper, They describe a yet unexplored threat model that targets data integrity in federated learning.

Attack1. Standard falsified information attack 


In the falsified information attack, compromised information is sent out by a malicious vehicle that is moving in and out of the zone under study very rapidly and thus continuously providing falsified real-time updates to the RSU. The zone under study represents the area where the RSU can receive messages. In this scenario, a single attacker designs malicious local model updates and sends them to the RSU to target the training of the model that is ongoing at the RSU.
Algorithm 1 is implemented at the CAV and aims at conducting an untargeted model poisoning attack on a federated learning task that is ongoing at the RSU. 


Attack2. Sybil attack 


The Sybil attack can be seen as a variant of the falsified information attack, an evolved version of it. A Sybil attack consists of one vehicle creating fake vehicle identities and using them to broadcast local model updates that may compromise the FL process. In this scenario, the vehicle transmits multiple messages each with a different ID. The IDs could have been spoofed or stolen from compromised vehicles. This will enable the attacker to fabricate false messages and have a greater influence on the FL process. Each round, the FL protocol randomly selects vehicles to participate in the training, a Sybil attack would allow the attacker to increase it chances to be selected in the process. The increase in the number of malicious vehicles will potentially impact the training and shift the global model away from convergence. The attacker may perform a critical attack via model replacement at convergence time by simultaneously sending falsified local model updates.
Algorithm 2 is implemented at the CAV and aims at conducting a sybil attack on a federated learning task that is ongoing at the RSU.



 Simulation outline 

Our experiments utilize downtown Toronto’s road network as it experiences high levels of congestion, specifically during the morning peak period. The road network covers 76 intersections and 223 links. The vehicular demand is provided by the Transportation Tomorrow Survey (TTS) for the 7:45am and 8:00am peak period for the year 2014. To extract realistic measurements at every second, we deployed a microscopic traffic simulator. Vehicular characteristics are captured and used to estimate space mean link indicators.


Aimed at training an LSTM network to predict the average link speed. The LSTM network consists of five hidden layers in a set of three sequences of speed, density, and in-links speed. We tuned several hyper-parameters such as the learning rate, epochs, learning rate drop factor, momentum, and the number of hidden units of the different layers.



CONCLUSION 

Paper explored the vulnerability of FL in the vehicular networks, where CAVs can take advantage of their mobility, the wireless medium, and the privacy that FL is designed to provide to corrupt the global training of a model. Our attacks demonstrate that FL in its standard form is vulnerable to mobile attackers exploiting the medium to perform model poisoning. Demonstrating robustness to attackers of the type considered in this paper is yet to be achieved. In future work, we plan to explore sophisticated defense strategies which can provide guarantees against the CAV attackers. In particular, encryption, localization, behavioral analysis, and clustering may be promising detection mechanisms in this context. 


Labels:

Comments

Post a Comment

Popular posts from this blog

ABOD and its PyOD python module

Angle based detection By  Hans-Peter Kriegel, Matthias Schubert, Arthur Zimek  Ludwig-Maximilians-Universität München  Oettingenstr. 67, 80538 München, Germany Ref Link PyOD By  Yue Zhao   Zain Nasrullah   Department of Computer Science, University of Toronto, Toronto, ON M5S 2E4, Canada  Zheng Li jk  Northeastern University Toronto, Toronto, ON M5X 1E2, Canada I am combining two papers to summarize Anomaly detection. First one is Angle Based Outlier Detection (ABOD) and other one is python module that  uses ABOD along with over 20 other apis (PyOD) . This is third part in the series of Anomaly detection. First article exhibits survey that covered length and breadth of subject, Second article highlighted on data preparation and pre-processing.  Angle Based Outlier Detection. Angles are more stable than distances in high dimensional spaces for example the popularity of cosine-based similarity measures for text data. Object o is an out
Post a Comment
Read more

TableSense: Spreadsheet Table Detection with Convolutional Neural Networks

 - By Haoyu Dong, Shijie Liu, Shi Han, Zhouyu Fu, Dongmei Zhang Microsoft Research, Beijing 100080, China. Beihang University, Beijing 100191, China Paper Link Abstract Spreadsheet table detection is the task of detecting all tables on a given sheet and locating their respective ranges. Automatic table detection is a key enabling technique and an initial step in spreadsheet data intelligence. However, the detection task is challenged by the diversity of table structures and table layouts on the spreadsheet. Considering the analogy between a cell matrix as spreadsheet and a pixel matrix as image, and encouraged by the successful application of Convolutional Neural Networks (CNN) in computer vision, we have developed TableSense, a novel end-to-end framework for spreadsheet table detection. First, we devise an effective cell featurization scheme to better leverage the rich information in each cell; second, we develop an enhanced convolutional neural network model for tab
2 comments
Read more

DEEP LEARNING FOR ANOMALY DETECTION: A SURVEY

-By  Raghavendra Chalapathy  University of Sydney,  Capital Markets Co-operative Research Centre (CMCRC)  Sanjay Chawla  Qatar Computing Research Institute (QCRI),  HBKU  Paper Link Anomaly detection also known as outlier detection is the identification of rare items, events or observations which raise suspicions by differing significantly from the majority of the data. Typically the anomalous items will translate to some kind of problem such as bank fraud, a structural defect, medical problems or errors in a text. Anomalies are also referred to as outliers, novelties, noise, deviations and exceptions Hawkins defines an outlier as an observation that deviates so significantly from other observations as to arouse suspicion that it was generated by a different mechanism. Aim of this paper is two-fold, First is a structured and comprehensive overview of research methods in deep learning-based anomaly detection. Furthermore the adoption of these methods
1 comment
Read more