Adversarial Robustness Evaluation of ML-Based Misbehavior Detection in VANETs
MSc Thesis Proposal by:
Hashim Tayyab Shah
Date: Thursday, 28 May 2026
Time: 12:00 PM
Location: Teams Meeting
Abstract:
Vehicular Ad-hoc Networks (VANETs) rely on Misbehavior Detection Systems (MDSs) to identify falsified Basic Safety Messages (BSMs) that cryptographic authentication mechanisms cannot validate. Recent machine-learning-based MDSs report detection accuracies exceeding 95% on standardized benchmarks such as the VeReMi dataset, with several approaches reporting scores above 99%. These evaluations universally assume a non-adaptive adversary who does not attempt to evade the detector. We propose a constrained adversarial perturbation framework that evaluates the robustness of ML-based VANET misbehavior detectors under realistic threat models by enforcing the kinematic and geometric plausibility constraints on BSM modifications and ensuring that all generated attacks correspond to physically plausible vehicle behaviors. We instantiate the framework with two attacks: a centroid-directed perturbation representing a data-aware adversary, and the HopSkipJump, a query-based attack representing a more sophisticated query-capable adversary. We systematically evaluate two state-of-the art detection approaches from the recent literature. These findings demonstrate that reported accuracies on standardized benchmarks overestimate the true robustness of ML-based VANET misbehavior detection and motivate the inclusion of constrained adversarial evaluation in future VANET security research.
Keywords: VANETs, V2V, Misbehavior Detection
Thesis Committee:
Internal Reader: Dr. Jessica Chen
External Reader: Dr. Boubakeur Boufama
Advisor: Dr. Ikjot Saini
