Defending Autonomous CPS Against Adaptive and Stealthy Cyber Attacks

Trustworthy ML-based intrusion detection systems for autonomous cyber-physical systems

Thrust I: Defending Autonomous CPS Against Adaptive and Stealthy Cyber Attacks

Autonomous cyber-physical systems (CPS)—such as connected and autonomous vehicles—combine heterogeneous sensors, actuators, controllers, and communication interfaces that continuously exchange safety-critical information. While this connectivity enables advanced autonomy, it also expands the attack surface, creating new opportunities for stealthy and adaptive cyber threats. To secure these systems, intrusion detection must go beyond fixed, signature-based rules and instead learn normal behavior, detect deviations, and remain resilient even when adversaries attempt to deceive the detector itself.

My research addresses this challenge by developing trustworthy ML-based intrusion detection systems (IDS) that are both effective in identifying subtle malicious behaviors and robust against adversarial manipulation. I pursue a unified approach that integrates CPS domain knowledge, time-series modeling, and adversarial resilience to safeguard the communication and control pipelines of autonomous systems.

My initial work focused on securing in-vehicle communication over the Controller Area Network (CAN). I developed CANShield (Shahriar et al., 2023), an ML-based IDS that leverages the physical and temporal semantics of CAN traffic to detect a broad range of intrusions. CANShield ensembles autoencoders across multiple temporal and spatial scales, achieving high accuracy and low latency across benchmark datasets and real attacks generated with Oak Ridge National Laboratory.

Expanding this vision to vehicle-to-everything (V2X) communication, I designed VehiGAN (Shahriar et al., 2024; Shahriar et al., 2025), a generative-model–based misbehavior detection framework built on Wasserstein GANs. VehiGAN learns normal V2X communication patterns and detects deviations with inherent robustness to adversarial attempts to bypass detection. Through collaboration with Qualcomm, I constructed a large-scale V2X dataset and demonstrated that VehiGAN substantially improves detection performance and robustness under adaptive attacks.

Together, these efforts contribute to a principled foundation for adaptive, resilient, and domain-informed ML-based defense mechanisms for next-generation autonomous CPS.

References

2025

  1. ACM TCPS
    Vehigan: generative adversarial networks for adversarially robust v2x misbehavior detection systems
    Md Hasan Shahriar, Mohammad Raashid Ansari, Jean-Philippe Monteuuis, and 5 more authors
    ACM Transactions on Cyber-Physical Systems, 2025
    PDF Code

2024

  1. ICDCS
    VehiGAN: Generative Adversarial Networks for Adversarially Robust V2X Misbehavior Detection Systems
    Md Hasan Shahriar, Mohammad Raashid Ansari, Jean-Philippe Monteuuis, and 4 more authors
    In 2024 IEEE 44th International Conference on Distributed Computing Systems (ICDCS), 2024
    PDF Code

2023

  1. IEEE IoT-J
    CANShield: deep-learning-based intrusion detection framework for controller area networks at the signal level
    Md Hasan Shahriar, Yang Xiao, Pablo Moriano, and 2 more authors
    IEEE Internet of Things Journal, 2023
    arXiv PDF Code