Digital twin-boosted autonomous attack detection for vehicular ad-HOC networks
The integration of digital twin and AI models in the autonomous attack detection system addresses the inefficiencies of existing VANET networks by optimizing RSU load and energy consumption, enabling real-time, scalable, and sustainable cyber threat detection.
Patent Information
- Authority / Receiving Office
- WO · WO
- Patent Type
- Applications
- Current Assignee / Owner
- BTS KURUMSAL BİLİŞİM TEKNOLOJİLERİ ANONİM ŞİRKETİ
- Filing Date
- 2024-12-31
- Publication Date
- 2026-07-09
AI Technical Summary
Existing systems fail to effectively detect and manage dynamic cyber threats such as DDoS and RF jamming in large-scale VANET networks, leading to high energy consumption, reduced hardware lifespan, and inefficiencies in real-time attack detection due to high processing loads and data transmission delays.
An autonomous attack detection system integrating digital twin technology and AI models, utilizing Recursive Feature Elimination, Chi-Square, K-means, Expectation-Maximization algorithms, and a Multilayer Perceptron for precise attack detection, combined with a data layer for real-time data communication, a twinning layer for digital twin simulation, and an M/M/m Queuing Model to optimize RSU load, ensuring energy efficiency and hardware longevity.
The system provides real-time, efficient, and sustainable cyber threat detection in VANET networks, reducing energy consumption and extending hardware lifespan by optimizing RSU load and processing, while maintaining high detection sensitivity and scalability.
Smart Images

Figure 00000012_0000 
Figure 00000013_0000 
Figure 00000014_0000
Abstract
Description
[0001] DIGITAL TWIN-BOOSTED AUTONOMOUS ATTACK DETECTION FOR VEHICULAR AD-HOC NETWORKS
[0002] Technical Field of the Invention
[0003] The invention relates to an autonomous attack detection system to be used to detect and prevent cyber threats in vehicle-to-roadside units (RSU) communications by integrating digital twin (cyber-twin) technology and artificial intelligence (Al) models to ensure vehicle-to-infrastructure communication security. The system of the invention aims to provide environmentally friendly solutions by providing safer and more sustainable communication systems in the transportation infrastructure of smart cities, reducing energy consumption and extending hardware lifespan. However, cyber security is ensured by protecting the integrity of VANET (Vehicular Ad-Hoc network) networks through the detection and management of threats such as DDoS (Distributed denial of service attack) attacks and RF (Radio frequency) jamming.
[0004] State of the Art
[0005] Intelligent transportation is Information and Communication Technologies supported and integrated transportation systems. We can call the intelligent transportation all kinds of infrastructure that meet all the 360-degree needs of people trying to go from one point to another, providing easier, more efficient and more comfortable transportation. Intelligent Transportation Vehicles, which have been developed for purposes such as reducing travel times, increasing traffic safety, optimum use of the existing road capacities, increasing mobility, contributing to the country's economy by providing energy efficiency and reducing the damage to the environment and are defined as systems including monitoring, measurement, analysis and control via multidirectional data exchange between a user, a vehicle, an infrastructure and a passenger, contribute to sectors that concern many sectors from the automotive sector to the transportation sector, from health to the environment and from communication to informatics and software sector.
[0006] Today, the number of intelligent transportation vehicles is increasing rapidly and is starting to gain an important place in our lives. Intelligent transportation vehicles have asignificant effect in the field of comfort and safety. These vehicles already offer us a safe and enjoyable connected drive with Wi-Fi access points and Bluetooth devices. The intelligent transportation vehicles, the use of which is increasing due to these advantages, are becoming a target for malicious attackers. While increasing autonomy and connectivity in vehicles brings with it many improvements in terms of functionality and convenience, it also brings with it a new cyber threat [1]. Attacks targeting intelligent transportation vehicles may lead to vehicle immobility, road accidents, financial losses, disclosure of sensitive and / or personal data, and even endanger the safety of users on the highway. Cyberattacks on these vehicles often target in-vehicle networks, cloud-based services, mobile applications, and sensor systems.
[0007] Control of vehicle functions may be taken over by manipulating the data over the in-vehicle communication network (CAN bus). For example, it may interfere with the braking, acceleration or steering system, or it is aimed to stop the functions of in-vehicle systems by filling them with multiple fake messages (DoS (Denial of Service attacks)). An unauthorized access may be provided through the wireless connections of the vehicles. For example, data theft may take place by using vulnerabilities in the Bluetooth protocol, or an unauthorized access to the vehicle may be achieved by intercepting the signals of remote-controlled key systems. The vehicle's GPS system may be deceived into thinking that it is in a wrong location. This may lead to serious routing problems, especially in autonomous vehicles, or the signals of the sensors used for autonomous driving (a Lidar, a camera, a radar, etc.) may be interfered and the vehicle may be prevented from perceiving the environment. In addition, artificial intelligence systems of autonomous vehicles, especially image recognition algorithms, may be manipulated with misleading data. Applications and algorithms in the state of the art offer a variety of approaches for vehicle-to-infrastructure communication security. Machine learning-based algorithms, Random Forest (RF) and Gradient-Boosted Trees, provide real-time attack detection with low energy consumption, but they are insufficient in dynamic and large-scale networks. Support Vector Machines (SVM), on the other hand, are used for attack detection in software-defined networkbased VANETs, but they show shortcomings due to their high processing load and limited generalization capability. Identity-based encryption, one of the special security frameworks, is used against DDoS attacks in 6G VANET systems, but it causes problems such as high processing delay and low efficiency in large-scale networks. Although digital twin-based solutions have found use in loT and smart cities, they donot find a widespread application area in the case of VANET and fail to strike a balance between attack detection and energy efficiency. These current approaches have significant shortcomings. Detection of dynamic attacks, especially types such as DDoS and RF jamming, cannot be done effectively by the existing algorithms. Such attacks cannot be detected instantly by traditional systems due to the fast-moving structure of the network and high data volume. In terms of efficiency, high processing load and data transmission delay make it difficult to implement solutions at a large scale. Overloading roadside units (RSUs) increases energy consumption and shortens the hardware lifespan. Furthermore, energy efficiency is ignored by most algorithms, resulting in solutions that are not suitable for sustainable smart city infrastructures. Real-time performance problems are manifested by the inability of machine learning-based systems to process dynamic data flow at a sufficient speed. These shortcomings result in systems that consume high levels of energy, are vulnerable to cyber threats, and are not scalable. In particular, the processing load on RSUs reduces real-time attack detection performance and shortens the lifespan of devices. DDoS and RF jamming attacks cannot be effectively managed due to the low detection sensitivity of the existing solutions.
[0008] It has been necessary to make a development in the relevant technical field as the solutions in the state of the art are limited and insufficient, some machine learningbased algorithms are insufficient in dynamic and large-scale networks, although they provide real-time attack detection with low energy consumption, the processing load is high and the generalization capability is limited, the processing delay is high and the efficiency in large-scale networks is low, no balance is provided between attack detection and energy efficiency, the roadside units (RSU) are overloaded, accordingly, the hardware lifespan shortens due to the increasing energy consumption, as well as the inability to detect the varying and complex attack scenarios in real time, the shortening of the hardware lifespan due to the inadequacy of resource management, operational delays caused by low data transmission speeds, high energy consumption, and hardware wear.
[0009] Summary and Objectives of the Invention
[0010] The invention discloses an autonomous attack detection system to be used to detect and prevent cyber threats in vehicle-to-roadside units (RSU) communications byintegrating digital twin (cyber-twin) technology and artificial intelligence (Al) models to ensure vehicle-to-infrastructure communication security.
[0011] The object of the invention is to provide cyber security by protecting the integrity of VANET (Vehicular Ad-Hoc network) networks through the detection and management of threats such as DDoS (Distributed denial of service attack) attacks and RF (Radio frequency) jamming. The security layer uses methods such as Recursive Feature Elimination and Chi-Square by making dynamic feature selection by the AutoFS module. In addition, the labelling algorithm, which includes K-means and Expectation-Maximization algorithms, clusters data and detects the attacks more precisely. The Multilayer Perceptron (MLP) algorithm performs attack classification by performing continuous learning on dynamic network data.
[0012] An object of the invention is to provide environmentally friendly solutions by providing safer and more sustainable communication systems in the transportation infrastructure of smart cities, reducing energy consumption and extending hardware lifespan. The system model of the invention, which consists of three main layers, offers solutions to these technical problems. The data layer collects network traffic data between RSUs and vehicles in real time and securely transmits it to the upper layers. The twinning layer simulates the performance of physical systems by creating digital twins of RSUs and optimizes the RSU load using queuing theory (M / M / m model). In this way, energy efficiency is ensured, hardware lifespan is extended, and the waiting times are estimated and minimized.
[0013] Description of the Drawings
[0014] Fig. 1 is a schematic view of the autonomous attack detection system according to the invention.
[0015] Fig. 2 is a diagram of the operation of the autonomous attack detection system according to the invention (Low, High, False and True).
[0016] Fig. 3 is a diagram of the relationships between the subcomponents of the autonomous attack detection system according to the invention and its integration with the external systems (sensors).
[0017] Description of the References in the Drawings1. Data layer
[0018] 2. Twinning layer
[0019] 3. M / M / m queuing model
[0020] 4. Digital twins
[0021] 5. Security layer
[0022] 6. AutoFS module
[0023] 7. Labelling algorithm
[0024] 8. Multilayer Neural Network
[0025] 9. RSUs (Roadside units)
[0026] 10. Vehicles
[0027] 11. Yang Model
[0028] 12. Data
[0029] 13. Feature Selection
[0030] 14. Attack Detection
[0031] 15. Thresholds
[0032] 16. Data Interface
[0033] 17. Digital Twin Interface
[0034] 18. Sensors
[0035] 1001. Performing a simulation and safety analysis - data collection step through a data layer (1 ) via vehicles (10).
[0036] 1002. Creating digital twins (4) by the Twinning Layer (2).
[0037] 1003. Optimizing RSU loads by considering the incoming demands and the total number of communication channels by the M / M / m Queuing Model (3).
[0038] 1004. Performing a dynamic feature selection step by combining different feature selection methods which may adapt to the varying network conditions by the AutoFS Module (6).
[0039] 1005. Labeling and clustering the data using an expectation maximization method and K-Means algorithm by the Labelling algorithm (7).
[0040] 1006. Detecting attacks using a multilayer neural network (8).
[0041] 1007. Managing the detected attacks and ensuring the system security.
[0042] 1008. Optimizing energy consumption and processing load by reducing the computational demands of RSUs (9) and minimizing the average data transmission delay,1009. Real-time monitoring and updating of the performance of the system.
[0043] 1010. Ensuring sustainability by contributing to green communication targets if performance exceeds a threshold value.
[0044] Detailed Description of the Invention
[0045] The invention relates to an autonomous attack detection system to be used to detect and prevent cyber threats in vehicle-to-roadside units (RSU) communications by integrating digital twin (cyber-twin) technology and artificial intelligence (Al) models to ensure vehicle-to-infrastructure communication security. The system of the invention aims to provide environmentally friendly solutions by providing safer and more sustainable communication systems in the transportation infrastructure of smart cities, reducing energy consumption and extending hardware lifespan. However, cyber security is ensured by protecting the integrity of VANET (Vehicular Ad-Hoc network) networks through the detection and management of threats such as DDoS (Distributed denial of service attack) attacks and RF (Radio frequency) jamming.
[0046] The invention enables real-time data communication between vehicles (10) and RSUs (9) through a data layer (1), allowing the collected data to be simulated using digital twins (4) within the Twinning layer (2) and the RSU performance to be optimized. The M / M / m Queuing Model (3) is used to optimize the load and wait times of the RSUs. The Security Layer (5) includes three main components to ensure the data security. The AutoFS module (6) increases the precision of attack detection by dynamically selecting the most effective features. The labelling algorithm (7) improves the analysis process by labeling and clustering the data. The multi-layered neural network (8) detects and classifies possible attacks using the continuous learning capacity thereof. Thanks to this structure, the system both effectively detects security threats and optimizes the energy consumption and processing load of the RSUs. Consequently, communication from a safe, efficient and sustainable vehicle to an infrastructure is provided in smart city infrastructures.
[0047] An autonomous attack detection system to be used to detect and prevent cyber threats according to the invention comprises:• a data layer (1) which enables real-time data communication between vehicles (10) and RSUs (9),
[0048] • a Twinning layer (2) for creating digital twins (4) and simulating RSU performance,
[0049] • an M / M / m Queuing Model (3) to optimize RSU load and predict wait times, • digital twins (4) to simulate performance by creating digital copies of RSUs, • a security layer (5) including artificial intelligence-based attack detection and prevention mechanisms,
[0050] • an AutoFS module (6) located in the security layer (5), which dynamically selects the most effective features and increases the sensitivity of attack detection,
[0051] • a Labelling algorithm (7) located in the security layer (5), which improves the analysis process by labeling and clustering the data,
[0052] • multi-layered neural network (8) in the security layer (5), which detects and classifies possible attacks with its continuous learning capacity,
[0053] • RSUs (9) which collect data from vehicles and communicate with infrastructure, • vehicles (10) which communicate with RSUs (9) to exchange data and are part of network traffic.
[0054] The operation principle of an autonomous attack detection system to be used to detect and prevent cyber threats according to the invention comprises the process steps of:
[0055] i. performing a simulation and safety analysis - data collection step (1001) through a data layer (1 ) via vehicles (10),
[0056] ii. collecting sufficient data and creating (1002) digital twins (4) by the Twinning layer (2)
[0057] iii. optimizing (1003) RSU loads by considering the incoming demands and the total number of communication channels by the M / M / m Queuing Model (3), iv. performing a dynamic feature selection step (1004) by combining different feature selection methods which may adapt to the varying network conditions by the AutoFS Module (6),
[0058] v. labeling and clustering (1005) the data using an expectation maximization method and K-Means algorithm by the Labelling Algorithm (7),
[0059] vi. Detecting (1006) the attacks using a multi-layer neural network (8),
[0060] vii. Managing the detected attacks and ensuring (1007) the system security,viii. Optimizing (1008) energy consumption and processing load by reducing the computational demands of RSUs (9) and minimizing the average data transmission delay,
[0061] ix. Real-time monitoring and updating (1009) of the performance of the system, x. Ensuring sustainability (1010) by contributing to green communication targets if performance exceeds a threshold value.REFERENCES
[0062] [1] Eiza, M. H., and Ni, Q., (2017). "Driving with Sharks: Rethinking Connected Vehicles with Vehicle Cybersecurity.” IEEE Vehicular Technology Magazine, 12(2): 45-51.
Claims
CLAIMS1. An autonomous attack detection system to be used to detect and prevent cyber threats, characterized in that it comprises:• a data layer (1) which enables real-time data communication between vehicles (10) and RSUs (9),• a Twinning layer (2) for creating digital twins (4) and simulating RSU performance,• an M / M / m Queuing Model (3) to optimize RSU load and predict wait times,• digital twins (4) to simulate performance by creating digital copies of RSUs,• a security layer (5) including artificial intelligence-based attack detection and prevention mechanisms,• an AutoFS module (6) located in the security layer (5), which dynamically selects the most effective features and increases the sensitivity of attack detection,• a Labelling algorithm (7) located in the security layer (5), which improves the analysis process by labeling and clustering the data,• Multi-layered neural network (8) in the security layer (5), which detects and classifies possible attacks with its continuous learning capacity,• RSUs (9) which collect data from vehicles and communicate with infrastructure,• vehicles (10) which communicate with RSUs (9) to exchange data and are part of network traffic.
2. An operation method of a system according to Claim 1, characterized in that it comprises the process steps of:i. performing a simulation and safety analysis - data collection step (1001) through a data layer (1 ) via vehicles (10),ii. collecting sufficient data and creating (1002) digital twins (4) by the Twinning layer (2),iii. optimizing (1003) RSU loads by considering the incoming demands and the total number of communication channels by the M / M / m Queuing Model (3),iv. performing a dynamic feature selection step (1004) by combining different feature selection methods which may adapt to the varying network conditions by the AutoFS Module (6),v. labeling and clustering (1005) the data using an expectation maximization method and K-Means algorithm by the Labelling Algorithm (7),vi. Detecting (1006) the attacks using a multi-layer neural network (8), vii. Managing the detected attacks and ensuring (1007) the system security, viii. Optimizing (1008) energy consumption and processing load by reducing the computational demands of RSUs (9) and minimizing the average data transmission delay,ix. Real-time monitoring and updating (1009) of the performance of the system, x. Ensuring sustainability (1010) by contributing to green communication targets if performance exceeds a threshold value.