UKF-Based Vehicle Pose Estimation under Randomly Occurring Deception Attacks

Considering various cyberattacks aiming at the Internet of Vehicles (IoV), secure pose estimation has become an essential problem for ground vehicles. )is paper proposes a pose estimation approach for ground vehicles under randomly occurring deception attacks. By modeling attacks as signals added to measurements with a certain probability, the attack model has been presented and incorporated into the existing process and measurement equations of ground vehicle pose estimation based on multisensor fusion. An unscented Kalman filter-based secure pose estimator is then proposed to generate a stable estimate of the vehicle pose states; i.e., an upper bound for the estimation error covariance is guaranteed. Finally, the simulation and experiments are conducted on a simple but effective single-input-single-output dynamic system and the ground vehicle model to show the effectiveness of UKF-based secure pose estimation. Particularly, the proposed scheme outperforms the conventional Kalman filter, not only by resulting in more accurate estimation but also by providing a theoretically proved upper bound of error covariance matrices that could be used as an indication of the estimator’s status.


Introduction
With the continuous development of Artificial Intelligence (AI), Internet of ings (IoT), and high-performance computing devices in intelligent transportation systems [1], autonomous vehicles (AVs) have become one of the focus research topics in the last decade. Implemented with AV technologies, transportation safety and efficiency have been greatly improved by reducing drivers' workload, optimizing resource allocation, alleviating traffic congestion, and minimizing vehicle energy consumption. For AVs, it is essential to accurately measure their pose (namely, translation and rotation) and speed in real time for accurate monitoring, path planning, behavioral decision-making, and control [2,3]. However, the inherent and tight connection between AVs and networks makes AVs vulnerable targets of cyberattacks. erefore, secure pose estimation under attacks has become a crucial problem worth studying.
Vehicle pose estimation is a complex and challenging task, which has attracted much attention in recent years. Particularly, for a small Unmanned Aerial Vehicle (UAV), a 3D local pose estimation system has been presented in [4] where the system is realized by fusing 3D position estimations using a loosely coupled extended Kalman filter (EKF) architecture. e data come from an ultra-wideband transceiver network, an inertial measurement unit sensor, and a barometric pressure sensor. Pose estimation with state or measurement constraints has been frequent in AV navigation. In view of the inherent constraints, a formulation based on the dynamic potential field has been proposed in [5] to express states, measurements, and constraints on connected Riemannian manifolds, and then, an information fusion scheme of dynamic potential field system based on multisensor measurement and constraints is designed. It is worth noting that in recent years, due to the fusion of multiple sensors, estimation results are more vulnerable to frequent attacks. Liu et al. [6] discussed the AV secure pose estimation problem under cyberattacks to deal with the possible sensor attacks, and an EKF reconfiguration scheme has been designed to mitigate the influence of sensor attacks.
In the existing research, sensor attacks mainly include Denial of Service (DoS) attacks [7] and deception attacks [8]. DoS attacks are one of the common attack methods used by hackers, who try to make the target machine stop providing services. Deception attacks mean that the attacker can rearrange the data in the system to make the sensor or controller receive false data, thus causing the system to fail to function normally. By using a set of random variables of Bernoulli distribution to describe randomly deception attacks, a coupled unscented Kalman filter (UKF) has been proposed [9] to propagate the sigma points of the UKF by introducing the coupled terms, and the recursive filtering problem of a class of complex discrete time networks with random deception attacks has been studied. In [10], the position sensor deception attack detection and estimation problem is investigated for a local vehicle in a vehicle platoon. A linearized model has been presented to describe the longitudinal dynamics of a local vehicle. In [7], it is proposed that the attacker behavior is limited only by the frequency and duration of DoS attacks. If the communication links used by the sensor to receive neighbor information lose packet due to DoS attacks, the sensor will give up location estimation. In our paper, we further assume that the sensor is subject to random deception attacks with a given probability.
is paper focuses on modeling the AV pose estimation problem with attacks and secure estimation of vehicles' poses in a 2D plane. Distinguished from the conventional Kalman filter, an unscented Kalman filter-inspired secure recursive estimator is designed to provide estimation, allowing for possible attacks on sensors. By solving several matrix difference equations, the upper bound of estimation error covariance is guaranteed and correctly updated during the recursive process. e contributions are summarized as follows: (1) e modeling of the system takes the occurrence of random deception attacks into account, such that the secure dynamic pose estimation problem has been formulated for autonomous vehicles (2) e proposed unscented Kalman-type secure recursive estimator provides a theoretically proved upper bound for error covariance matrices with stable and efficient state estimation (3) e feasibility and effectiveness of the proposed approach are verified in both a simulated model and the practical AV system, where single and multiple attacks have been considered in experimental design Notation 1. e following notations are used throughout this paper. We use R n to denote the n dimensional Euclidean space, and R m×n represents the set of all m × n matrices. E denotes the mathematical expectation operator of an underlying probability space, which will be clear from the context. A > B implies that both A and B are symmetric and A − B is positive definite. We let I be the identity matrix with proper dimensions. Let ‖X‖ and ‖A‖ be the Euclidean norm of a vector x and a matrix A, respectively. e superscripts Τ and − 1 denote matrix transposition and matrix inverse, respectively. e remainder of this paper is organized as follows: Section 2 summarizes related work in secure state estimation in cyberphysical systems. Section 3 presents the system model and attack model for ground autonomous vehicle pose estimation problem. e estimator design and mathematical proof are presented in Section 4, followed by Section 5 that shows simulation results for an illustrative Single-Input and Single-Output (SISO) system. Experimental validation and results are shown in Section 6. Finally, Section 7 concludes the paper.

Related Work
Cyberphysical System (CPS) is a complex system with integrated computing, networking, and physical environment. As the interaction between physical and network systems increases, CPS becomes more vulnerable to network attacks. Some achievements have been made in secure dynamic state estimation under sensor attacks [11,12]. In [12], the state estimation problem of a linear dynamic system is considered when the measurement data of some sensors are damaged by attackers. In [13], when the unknown subset of the sensor is destroyed by the enemy arbitrarily, a secure state estimation algorithm is proposed, and the upper bound of the reachable state estimation error of the is given.
CPS plays an important role in many fields. In intelligent transportation, regarding AV pose estimation, the relative pose of AV when driving in a highly dynamic and possibly chaotic environment was studied in [14], where a relative pose estimation algorithm based on multiple nonoverlapping cameras is proposed, and the algorithm is robust even when the number of outliers is overwhelming. In [15], an enabling multisensor fusion-based longitudinal vehicle speed estimator was proposed for four-wheel-independently actuated electric vehicles using a Global Positioning System and BeiDou Navigation Positioning (GPS-BD) module and a low-cost inertial measurement unit (IMU). Liu et al. [16] presented a comprehensive evaluation of state-of-the-art sideslip angle estimation methods, with the primary goal of quantitatively revealing their strengths and limitations. Wang et al. [17] focused on providing an LTR evaluation system that adopts an IMU as the signal input. Unfortunately, there is less attention on the AV secure pose estimation problem. In our previous work [18], a secure dynamic pose estimation method based on the filter has been proposed to make the vehicle pose resilient to possible sensor attacks. When all sensors on autonomous vehicles are benign, the proposed estimator is consistent with the conventional Kalman filtering. On this basis, a vehicle pose estimation based on an unscented Kalman filter under sensor attacks is proposed in this paper. Compared with other estimators, the proposed estimator in this paper still follows the framework of KF, but the next state prediction becomes the expansion and nonlinear mapping of the sigma point set. is method has two advantages: (1) the possible complex operation during Jacobian matrix computation for the nonlinear process equation could be avoided; (2) the approach has better generality in advanced nonlinear systems, including those without explicit Jacobian formulation.
In our paper, we consider the impact of randomly occurring deception attacks (possible sensor attacks) in the design of a secure dynamic pose estimator for AV. By utilizing the unscented Kalman filter algorithm combined with matrix inequality techniques, we propose a secure recursive estimation algorithm and derive an upper bound of estimation error covariance by selected optimal estimator parameters. Moreover, the proposed approach can be implemented efficiently in real time and is suitable for recursive computation in applications with limited computational capability.

Pose Estimation Problem for Ground Vehicles under Attacks
In this section, we present the process model, measurement model, and attack model such that the ground vehicle pose estimation problem can be formulated. Although the problem has been modeled in our previous work [18], we still formulate it here for completeness and readers' convenience.

System Model.
Consider the following discrete state space model for generality: where k denotes time index; f(·) and g(·) are nonlinear process and measurement functions, respectively; and h(u k ) is a stochastic function satisfying E h(u k )|x k � 0 for all x k . w k ∼ N(0, Q) and v ∼ N(0, R) denote independent and identically distributed (i.i.d.) Gaussian process and measurement noises with zero mean and covariance matrices Q > 0 and R > 0, respectively. Two 3D reference frames are used in system modeling: the global frame and the local frame. e global frame (sometimes called the "world frame") plays the role of a map, on which the vehicle needs to be localized; the local frame (or "body frame") moves along the vehicle, which is usually the reference of local sensors such as wheel encoder and inertial measurement unit (IMU). e pose estimation problem aims to estimate the translation and rotation of the local frame with respect to the global frame. As we focus on ground vehicles, projections from 3D to 2D could be applied to reduce the complexity of the model, by following certain assumptions [19]. Particularly, the states are defined as where x, y, and ψ are coordinates of vehicle position and the heading on global x − y plane; v denotes the projection of vehicle translational velocity onto the local y axis; and _ β represents the rotational velocity with respect to the local z axis. In other words, v and _ β indicate the forward and rotating velocities that correspond to the vehicle's two manipulating modes: throttle and steering. We further define the control input u � [u v , u _ β ] ⊤ that feeds throttle and steering into the system motion model.
By incorporating the above state definition into the vehicle's motion model (1), we have As for the specific formulation of the measurement equation (2), we consider a common configuration of sensors [19] that measure (translational and rotational) pose x, y, ψ, forward velocity v, and steering angle α as follows: where L denotes the wheelbase between the front and rear wheels of the vehicle. e measurement can be obtained from the combination of global pose estimation sensors such as satellite navigation systems, visual odometry, or Attitude and Heading Reference Systems (AHRS), and local sensors including wheel encoders and steering angle sensors.
In the circumstance where the linear approximation of measurement equation is required, the Jacobian matrix G k � zg(x)/zx| x�x k , which needs to be computed at each iteration, can be used for linearization: Note that only the measurement of α is nonlinear, and α is mostly zero with small fluctuations. By selecting x 0 � 0 as the point of interest where g(x 0 ) � 0, we have the approximated linear time-varying form of measurement equation as 3.2. Attack Model. In this paper, we assume that the sensors are subject to randomly occurring deception attacks with a given probability. e attack model is described as follows:

Security and Communication Networks
where z k denotes the measurement with possible attacks, a k denotes the information sent by attacks, and c k is a stochastic variable. Before giving the deception attack model, we make some further assumptions on the system knowledge that are possessed by the adversary for implementing a successful attack. In this paper, it is assumed that the adversary has sufficient resources and adequate knowledge to arrange a successful attack a k . e information a k caused by deception attacks can be regarded as a k � − z k + ξ k where the nonzero ξ k satisfying ‖ξ k ‖ ≤ δ is an arbitrary energy-bounded signal.
e stochastic variable c k is a Bernoulli distributed white sequence taking values on 0, 1 where c ∈ (0, 1] is a known constant. More detailed explanations can be found in [20].

Remark 1.
e attack model has the ability to describe the randomly occurring deception attacks; that is, the stochastic variable c k is utilized to govern the random nature of sensor attacks on autonomous vehicles. e false data sent by deception attackers could be identified by using some algorithms and some hardware and software tools. According to the definition of frequentist probability, we may deduce the value of c in applications. Hence, the given Bernoulli distribution can properly reveal the random nature of deception attacks.
To derive the main result of this paper, we will employ the following lemma.

Design of the Unscented Kalman
Filter. e UKF uses unscented transformation (UT) to represent a random variable by using a number of deterministically selected sample points (called sigma points). ese points capture the mean and covariance of the random variable and, when propagated through the true nonlinear system, capture the posterior mean and covariance accurately.
Denote the one-step prediction error and the estimation error as e k+1|k � x k+1 − x k+1|k and e k � x k − x k , respectively. e one-step prediction error covariance matrix P k+1|k and the estimation error covariance matrix P k+1 can be obtained as follows: We are now ready to conduct the one-step prediction error matrix in terms of the solvability of recursive Riccati difference equations and obtain the parameter gain matrix of the unscented Kalman filter, which is developed in the following theorem. Theorem 1. Consider the discrete kinematic equation (1) suffering from attacks as (8). For any given positive constants ε k , k � 0, 1, 2, . . ., and the initial condition we can derive that the parameter gain matrix of unscented Kalman filter is given as follows: where Proof.
Step 1: initialization. To calculate the statistics of a random variable that undergoes a nonlinear transformation, a matrix χ is generated using 2n + 1 weighted sigma points. e computation algorithm begins with the initial conditions: Step 2: generation of sigma points. We calculate UT sampling as follows: where λ � α 2 (n + κ) − n, α is the proportion factor, and the distribution distance of particles can be adjusted by changing the value of α to reduce the error. Parameters κ and β can be tuned and are generally set to 0 and 2, respectively. i is the weighted covariance.
Step 3: one-step prediction is made for sigma sampling points to get the state prediction value and prediction covariance of each particle. First, we calculated the state prediction value as follows: And from (11a), we know that en, we have Step 4: posterior error.
Since e k � x k − x k , and if we plug in Step 5 : posterior covariance. From (11b), we know that en, we can obtain that By Lemma 1 and applying the property of matrix trace, we have that Security and Communication Networks 5 where Define Taking the partial derivation of the trace of the matrix Π k+1 with respect to K k+1 and letting the derivative be zero, we can obtain that It follows that Since α 1 G k P k+1|k G ⊤ k + α 2 G k Σ k+1 G ⊤ k + α 3 I + R is a positive definite matrix, we know (10) holds and the proof is complete.

□
As we can see in equations (10) and (16), one needs O(n 3 ) operations to compute the Kalman gain and the covariance matrix P k+1|k , where n � 5 in this paper. It indicates that the secure recursive estimator can be treated in a short time without a high-performance computer. (23), it can be seen that the larger δ leads to a bigger upper bound of the estimation error covariance, which means that the estimation performance deteriorates with increased δ. Remark 3. According to the matrix inequality technique of Lemma 1, one can arbitrarily choose the positive constant ε k in eorem 1 from the theoretical point of view. However, a too large or too small value of ε k may influence the estimation performance. In practice or experimental validation, we select the appropriate positive constant ε k based on experience to achieve better estimation performance.

Remark 2. From
As a matter of fact, for autonomous vehicles in the presence of deception attacks (sensor attacks), how to obtain Step 1. Initialization: (1) Set the values of initial pose state x 0 , initial estimate state x 0 , initial estimation error covariance matrix P 0 , and initial state covariance matrix Σ 0 (2) Set the value of c and determine the value of δ (the norm bound of arbitrary signal ξ k ) (3) Set the control input signal u k , i.e., translational and rotational acceleration for the autonomous vehicle (4) Let Π 0 � P 0 and choose the proper ε k for all k to calculate α 1 , α 2 , α 3 , and α 4 (5) Set discrete time index k � 0 Step 2. State covariance matrix Σ k+1 is updated as follows: Step 3. e secure recursive estimator gain K k+1 and Π k+1 are calculated as follows: Step 4. Set k � k + 1 and go to Step 2.    a secure pose estimation of discrete kinematic equation (1) remains an open problem till now. e goal of this paper is to propose an algorithm that enables to estimate the pose states of the autonomous vehicle in such a way that (1) If no sensors are comprised, i.e., c � 1 and c k � 0 with probability 1 for all k, the estimate coincides with the standard Kalman filter (2) If less than half of the pose states are compromised by randomly occurring deception attacks, it still gives a stable estimate of the pose states; i.e., an upper bound for the estimation error covariance is guaranteed According to eorem 1, the calculation framework can be summarized as in Algorithm 1.

Numeric Simulation
We first run the proposed approach based on a simple but effective Single-Input and Single-Output (SISO) system. Consider where the control u k � 1 and the attack a k � 30. e attackrelated parameters are set as δ � 30 and ϵ k � 0.001. e process and measurement noise levels are Q � 1 and R � 0.01, respectively. UKF parameters are α � 1e − 3 , κ � 0, and β � 2. e system is initialized as x 0 � 50.
We select this nonlinear process model and the identical measurement model because the proposed approach does not apply to nonlinear measurements directly. In other words, a linear approximation of measurement equation is always required, similar to [18]. e identical measurement equation allows direct comparison between the proposed approach and [18] and avoids unnecessary bias from measurement equation linearization. Although a simple model is used in simulation, experiments in the next section present algorithm performance based on a nonlinear measurement model. Figure 1 shows the simulation performance under different attack intensities. Legends "UKF," "EKF," and "KF" denote the performance of the proposed approach, the method in [18], and the conventional Kalman filter. We select EKF and KF for comparison because these two methods are classical filters that have been widely used in practice. e comparison to classical methods gives readers a more intuitive illustration of the gain from the proposed approach. e first column illustrates the ground truth state and the measurement with attacks. As c increases, the probability of attacks decreases, and the measurements are less interfered. e second column shows estimation error, where EKF and UKF result in similar and stable estimation errors that are less influenced by attack intensity c. e KF leads to large estimation error when c is small but the estimation becomes much more accurate when there is a small chance of being attacked. However, as the KF does not consider the attack issue, estimation accuracy may deteriorate suddenly, at a discrete time around 620 with c � 0.999. e third column presents the norm of the estimator covariance matrix, which is a number in the SISO system. It is found that the KF gives a completely wrong estimation error covariance matrix by comparing the second and the third columns in Figure 1: KF outputs nearly zero estimation error covariance matrix, but the estimation errors are quite large under attacks. On the contrary, the proposed approach and [18] both provide reliable error upper bound covariance matrices.
To test the stability and robustness under random noises and attacks, we repeat the simulation 500 times and compute the error as e � 1/N N (x − x) 2 where N denotes the total number of discrete time indexes. e mean and standard deviation of error e with respect to nonattack probabilities are illustrated in Figure 2. From the results, it is noted that UKF performs slightly better than EKF for the simulated dynamic system. Moreover, both UKF and EKF estimation errors stay almost unchanged with c from 0.1 to 0.9, but the errors drop dramatically with c from 0.99 to 1.
In practice, the process and measurement noises of the filtering algorithms are unknown and need to be estimated using modeling or statistical approaches. In this paper, the process and measurement noises are identical to the ground truth, which is an optimal selection. All other shared parameters are kept the same for all the methods for a fair comparison.

General Performance.
e pose estimation errors for selected states under different nonattack probabilities can be found in Figure 3. Note that we do not show EKF performance [18] in this section since EKF and UKF do not share the same parameters; thus, it is hard to compare these two methods fairly with different configurations. From the results, it is noted that the proposed estimation may perform worse when there is less attack, as shown in the last row of the figure, where c � 0.999 indicates that the chance of an attack is extremely low. In such case, the conventional Kalman filter performs well. If there are frequent attacks, the proposed estimator generally has more stable results than the Kalman filter with less sudden fluctuations. However, unlike the Kalman filter, the proposed approach does not guarantee the best linear estimation performance in the minimum mean-square-error sense, since we have only derived an upper bound of the estimation error covariance matrix. In this case, it is not a surprise to have poor estimation accuracy on some states, for example, y and ψ. e diagonal elements in the estimation error covariance matrices with respect to various nonattack probabilities (c � 0.3, 0.7, and 0.999) have been illustrated in Figure 4, where we could monitor the estimation quality on different states in real time. e results show that lower upper bounds are derived with larger c. Note that a larger c does not ensure a higher estimation accuracy but only gives a narrower range of estimation errors.

Influence of Parameters.
It is observed during the experiments that the parameters of the estimator have a great influence on the performance. ere are three configurable parameters in the proposed approach, namely δ, ϵ, and c.
eoretically, δ should be set according to the attacks. However, attack signal is unknown in practice and δ is set based on our experience and prediction of attacks. A conservative and large δ may lead to a large Π, while a small δ may get the violation of inequality (20) and invalidate the error covariance matrix Π. A large ϵ usually leads to divergence of the estimation; thus, it is set to a small value in all experiments. Finally, c is set as the nonattack probability of attack signal. Practically c is unknown and could be configured according to the threat level of attacks. Besides, UKF parameters influence the algorithm's performance. An appropriate selection of α, κ, and β is required to adjust the distribution of sigma points for the dynamic system. Still, tuning is necessary during experiments, since there is no direct guidance on UKF parameter selection.

Conclusion
In this work, a recursive pose estimator inspired by the unscented Kalman filter has been designed to tackle the secure vehicle pose estimation problem under random deception attacks. e estimator minimizes the upper bound of the estimation error covariance, which can be solved very efficiently in real time and is suitable for recursive computation in online applications. Simulations and experiments have been designed to validate the effectiveness of the proposed estimation approach. In the future, a particle filterbased estimator could be proposed for generalized dynamic systems.

Data Availability
e data used to support the findings of this study were supplied by the Xi'an University of Technology under license and so cannot be made freely available. Requests for access to these data should be made to Xinghua Liu.

Conflicts of Interest
e authors declare that they have no conflicts of interest.