Assessing Safety of Adaptive Cruise Control Systems under CAN Denial−of−Service Attacks
Yucheng Ruan‚ Chengcheng Zhao‚ Zeyu Yang‚ Peng Cheng‚ Jiming Chen and Kasper Rasmussen
Abstract
Denial-of-service (DoS) attacks on the Controller Area Network (CAN) of a car can disrupt in-vehicle communication, posing a subtle yet critical threat to adaptive cruise control (ACC) systems whose operation is tightly coupled with real-time vehicle safety. While there is extensive prior work on CAN bus security and ACC safety, the safety impact of DoS attacks on closed-loop vehicle control under dynamic conditions remains insufficiently understood. In this paper, we present a systematic safety analysis of ACC closed-loop control under CAN bus DoS attacks. First, we introduce a virtual CAN bus with explicit arbitration on a closed-loop experimental test bed that integrates OpenPilot and CARLA, enabling a configurable CAN DoS message injector under diverse dynamic scenarios. Under CAN DoS attacks, closed-loop experiments reveal two distinct ACC responses: bounded regulation under near-steady lead-vehicle motion and transient safety degradation under time-varying lead-vehicle motion. To understand the former observation, we analyze the local stability of the OpenPilot-based ACC system under abstracted constant delay. The model-based analysis derives a theoretical upper bound on the admissible sensing delay that preserves asymptotic stability around the nominal car-following equilibrium. To assess the latter safety-critical transient behavior at runtime, we propose SaferCAN, a state-aware safety monitor that dynamically evaluates safety degradation using a reachable tube computation. Extensive experiments demonstrate that SaferCAN enables timely and reliable detection of safety-critical conditions under DoS attacks, achieving negligible false-positive rates and reducing DoS-induced alarm delays to approximately 50 ms across different driving scenarios and attack intensities.