Agenda

PhD defense Ayoub Wehby: Cyberattacks Detection in Cooperative Intelligent Transportation System (C-ITS)

Thursday 03 July 2025, at 14.00 (Paris time) at Télécom Paris

Télécom Paris, 19 place Marguerite Perey F-91120 Palaiseau [getting there], amphi 6 and in videoconferencing

Jury

  • Oyunchimeg SHAGDAR, Connectivity Innovation Project Manager, Renault Groupe (AMPERE), France (Reviewer)
  • Dominique GAITI, Professor, Université de Technologie de Troyes, France (Reviewer)
  • Houda LABIOD, Professor, HUAWEI, France (Examiner)
  • Sherali ZEADALLY, Professor, University of Kentucky, United States (Examiner)
  • Diogo Menezes FERRAZANI MATTOS, Professor, Fluminense Federal University, Brazil (Examiner)
  • Pierre GACHON, Expert Leader Cyber Security, Renault Groupe (AMPERE), France (Invited)
  • Rida KHATOUN, Professor, Télécom Paris, France (Thesis Director)
  • Ahmad FADLALLAH, Professor, University of Sciences and Arts in Lebanon (USAL), Lebanon (Thesis Co-supervisor)

Abstract

Modern vehicles are becoming smarter, communicating with each other to enhance traffic flow and improve safety. However, this connectivity also exposes them to cyberattacks, particularly Distributed Denial of Service (DDoS) attacks where malicious actors overwhelm vehicular networks with fake messages, disrupting real-time communication between cars. This can lead to issues ranging from navigation failures to serious accidents.

This research focuses on a specific type of DDoS attack...
… that exploits Cooperative Awareness Messages (CAMs), which cars use to share their location and speed. We propose an approach for a distributed Intrusion Detection System (IDS) designed to mitigate DDoS attacks in a connected car environment. Initially, we assessed the impact of CAM-DDoS attacks on connected cars through various simulation scenarios. These scenarios revealed a decrease in the CAM broadcast rate from legitimate cars and an accumulation of invalid data. Subsequently, we proposed a distributed architecture for an IDS and assessed the effectiveness of three supervised ensemble learning algorithms against these attacks. Given the challenge of generalizability in machine learning models, we also evaluated the robustness of our DDoS detection approach against other types of DDoS attacks, such as JamDDoS. The results show that all DDoS messages were processed uniformly, which explains the models’ robust performance against studied DDoS attacks. Additionally, we demonstrated how a DDoS attack can be transformed into a Sybil DDoS attack that avoids DDoS detectors in a safety-critical connected car environment. To address this, we developed and evaluated an optimized data-handling approach that serves as the foundation for our proposed ensemble hard voting detection model. The results obtained demonstrate an effective attack detection with reduced false alarms against Sybil DDoS attacks.