Top > JRM > Directed Poisoning Attacks on FRIT in Adaptive Cruise Control

single-rb.php

JRM Vol.37 No.6 pp. 1392-1399
doi: 10.20965/jrm.2025.p1392
(2025)

Paper:

Views over last 60 days: 32

Directed Poisoning Attacks on FRIT in Adaptive Cruise Control

Taichi Ikezaki*, Kenji Sawada**, and Osamu Kaneko***

*Faculty of Environmental, Life, Natural Science and Technology, Okayama University
3-1-1 Tsushima-naka, Kita-ku, Okayama 700-8530, Japan

**Graduate school of Mechanical Engineering, The University of Osaka
2-1 Yamadaoka, Suita, Osaka 565-0871, Japan

***Graduate School of Informatics and Engineering, The University of Electro-Communications
1-5-1 Chofugaoka, Chofu, Tokyo 182-8585, Japan

Received:
April 4, 2025
Accepted:
July 26, 2025
Published:
December 20, 2025
Creative Commons License
Keywords:
cyberattack, data-driven control, cruise control, FRIT, poisoning attack
Abstract

Recent advances in connected-vehicle technologies have enabled the large-scale collection of driving data, facilitating the deployment of data-driven control schemes. Although these methods offer advantages by eliminating the need for explicit modeling, they also introduce vulnerabilities due to their reliance on stored data. This study investigates a class of targeted data poisoning attacks on fictitious reference iterative tuning, a widely used data-driven controller tuning approach. We present a method that allows an adversary to influence closed-loop dynamics by manipulating the training data so that the resulting controller behavior matches a maliciously defined reference response. This strategy differs from conventional poisoning attacks, which aim only to the degrade control performance. Instead, it enables deliberate alteration of control characteristics such as overshoot and convergence time. The proposed attack is formulated as a constrained optimization problem under bounded tampering signals. Through a numerical study involving adaptive cruise control with stop functionality, we show that minor data modifications, indistinguishable from sensor noise, can cause significant degradation in control behavior. These findings highlight the need for robust security mechanisms in data-driven control implementation.

Conceptual diagram of a poisoning attack against DDC with connected ACC system

Conceptual diagram of a poisoning attack against DDC with connected ACC system

Cite this article as:
T. Ikezaki, K. Sawada, and O. Kaneko, “Directed Poisoning Attacks on FRIT in Adaptive Cruise Control,” J. Robot. Mechatron., Vol.37 No.6, pp. 1392-1399, 2025.
Data files:
References
  1. [1] D. Bhamare, M. Zolanvaric, A. Erbad, R. Jain, K. Khan, and N. Meskin, “Cybersecurity for industrial control systems: A survey,” Computers & Security, Vol.89, Article No.101677, 2020. https://doi.org/10.1016/j.cose.2019.101677
  2. [2] K. Sawada, “Model-based cybersecurity for control systems: Modeling, design and control,” Proc. of the 2017 56th Annual Conf. of the Society of Instrument and Control Engineers of Japan (SICE), pp. 724-727, 2017. https://doi.org/10.23919/SICE.2017.8105750
  3. [3] O. Kaneko, “Introduction to Data-Driven Control,” Corona Publishing Co., 2024 (in Japanese).
  4. [4] H. Hjalmarsson, M. Gevers, S. Gunnarsson, and O. Lequin, “Iterative Feedback Tuning: Theory and Applications,” IEEE Control Systems Magazine, Vol.18, No.4, pp. 26-41, 1998. https://doi.org/10.1109/37.710876
  5. [5] M. C. Campi, A. Lecchini, and S. M. Savaresi, “Virtual Reference Feedback Tuning: A Direct Method for the Design of Feedback Controllers,” Automatica, Vol.38, No.8, pp. 1337-1346, 2002. https://doi.org/10.1016/S0005-1098(02)00032-8
  6. [6] T. Ikezaki and O. Kaneko, “A New Approach of Data-Driven Controller Tuning Method by Using Virtual IMC Structure—Virtual Internal Model Tuning—,” Proc. of the 13th IFAC Workshop on Adaptive and Learning Control Systems (ALCOS 2019), pp. 344-349, 2019. https://doi.org/10.1016/j.ifacol.2019.12.699
  7. [7] R. Yamamoto and O. Kaneko, “Application and experimental verification of FRIT to vehicle steering systems,” Proc. of the IEEJ Conf. on Electronics, Information and Systems, pp. 1192-1195, 2022 (in Japanese).
  8. [8] M. Kozui, T. Yamamoto, M. Akiyama, K. Koiwai, and Y. Yamazaki, “Application of a MIMO-PID Controller for a Hydraulic Excavator Considering the Velocity of CoM,” J. Robot. Mechatron., Vol.32, No.3, pp. 643-651, 2020. https://doi.org/10.20965/jrm.2020.p0643
  9. [9] H. Si and O. Kaneko, “FRIT of Internal Model Controllers for Poorly Damped Linear Time Invariant Systems: Kautz Expansion Approach,” J. Robot. Mechatron., Vol.28, No.5, pp. 745-751, 2016. https://doi.org/10.20965/jrm.2016.p0745
  10. [10] A. Russo and A. Proutiere, “Poisoning attack against data-driven control methods,” Proc. of the American Control Conf. (ACC), pp. 3234-3241, 2021. https://doi.org/10.23919/ACC50511.2021.9482992
  11. [11] T. Ikezaki, O. Kaneko, K. Sawada, and J. Fujita, “Poisoning attack on VIMT and its adverse effect,” Artificial Life and Robotics, Vol.29, pp. 168-176, 2024. https://doi.org/10.1007/s10015-023-00914-7
  12. [12] T. Ikezaki, K. Sawada, and O. Kaneko, “A Study of Data-Driven Control and Poisoning Attack for Vehicle Cruise Control Systems,” Proc. of the 11th Multi-Symp. on Control Systems (MSCS2024), 3A6-2, 2024 (in Japanese).
  13. [13] M. Barreno, B. Nelson, R. Sears, A. D. Joseph, and J. D. Tygar, “Can machine learning be secure?,” Proc. of the 2006 ACM Symp. on Information, Computer and Communications Security, pp. 16-25, 2006. https://doi.org/10.1145/1128817.1128824
  14. [14] B. Biggio, B. Nelson, and P. Laskov, “Poisoning attacks against support vector machines,” Proc. of the 29th Int. Conf. on Machine Learning (ICML), pp. 1467-1474, 2012.
  15. [15] A. Russo, M. Molinari, and A. Proutiere, “Data-driven control and data-poisoning attacks in buildings: The KTH Live-In Lab case study,” Proc. of the 29th Mediterranean Conf. on Control and Automation (MED), pp. 53-58, 2021. https://doi.org/10.1109/MED51440.2021.9480238
  16. [16] H. Sasahara, “Adversarial attacks to direct data-driven control for destabilization,” Proc. of the IEEE Conf. on Decision and Control (CDC), pp. 7094-7099, 2023. https://doi.org/10.1109/CDC49753.2023.10383531
  17. [17] P. Raksincharoensak, K. Tsuchiya, A. Yamasaki, H. Mouri, and M. Nagai, “Study on automated driving system for two-stage stop and start operation for intersection collision avoidance in unsignalized intersections,” Trans. of the JSME, Vol.82, No.834, Article No.15-00475, 2016 (in Japanese). https://doi.org/10.1299/transjsme.15-00475
  18. [18] T. Fujimoto, K. Sawada, Y. Minami, and K. Sando, “Filtering Function to Mitigate the Impact of Cyber Attacks in Cooperative Adaptive Cruise Control,” J. Robot. Mechatron., Vol.36, No.3, pp. 669-679, 2024. https://doi.org/10.20965/jrm.2024.p0669
  19. [19] T. Fujimoto, H. Matsushita, K. Sawada, and K. Yamafuji, “Design of ACC considering sensor error using predictive governor,” Proc. of the 66th Annual Conf. of the Institute of Systems, Control and Information Engineers (SCI’22), Article No.342-4, 2022 (in Japanese).
  20. [20] A. Teixeira, K. C. Sou, H. Sandberg, and K. H. Johansson, “Secure control systems: A quantitative risk management approach,” IEEE Control Systems Magazine, Vol.35, No.1, pp. 24-45, 2015. https://doi.org/10.1109/MCS.2014.2364709
  21. [21] Sudhakar and S. Kumar, “An emerging threat: Fileless malware-a survey and research challenges,” Cybersecurity, Vol.3, Article No.1, 2020. https://doi.org/10.1186/s42400-019-0043-x
  22. [22] S. Liu, G. Peng, H. Zeng, and J. Fu, “A survey on the evolution of fileless attacks and detection techniques,” Computers & Security, Vol.137, Article No.103653, 2024. https://doi.org/10.1016/j.cose.2023.103653
  23. [23] J. Lee and S. Hong, “Host-Oriented Approach to Cyber Security for the SCADA Systems,” Proc. of the 2020 6th IEEE Congress on Information Science and Technology (CiSt), pp. 151-155, 2020. https://doi.org/10.1109/CiSt49399.2021.9357299

Creative Commons License  This article is published under a Creative Commons Attribution-NoDerivatives 4.0 Internationa License.

*This site is desgined based on HTML5 and CSS3 for modern browsers, e.g. Chrome, Firefox, Safari, Edge, Opera.

Last updated on Dec. 19, 2025