pith. sign in

arxiv: 2604.15996 · v1 · submitted 2026-04-17 · 📡 eess.SY · cs.SY

Stealthy Cyber-Attacks on Vehicle Lateral Dynamics: A System-Theoretic Analysis

Ali Eslami , Jiangbo Yu , Mohammad Pirani This is my paper

Pith reviewed 2026-05-10 08:34 UTC · model grok-4.3

classification 📡 eess.SY cs.SY
keywords cyber attacksvehicle lateral dynamicsbicycle modelreplay attackszero dynamics attackscovert attacksstealthy attackssystem-theoretic analysis
0
0 comments X

The pith

Covert cyber attacks can sustain hidden deviations in vehicle lateral motion when sensors and actuators are coordinated.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper analyzes three stealthy attack types on the bicycle model of vehicle side-to-side dynamics: replay attacks that reuse past data, zero-dynamics attacks that exploit internal system modes, and covert attacks that fake both commands and measurements together. It shows how choosing different sensors, such as yaw rate or lateral acceleration, changes whether an attack can stay hidden or affect the vehicle's path. A sympathetic reader cares because cars increasingly rely on electronic stability controls, so undetected tampering could lead to unexpected steering behavior. If correct, the work indicates that some attacks can be made harder by sensor selection while others require monitoring for command-measurement mismatches.

Core claim

Using a system-theoretic approach on the bicycle model, the analysis establishes that replay attacks require little model knowledge yet produce limited sustained effects, zero-dynamics attacks are blocked or weakened when output selection removes unstable zeros, and covert attacks permit ongoing stealthy shifts in lateral states provided the attacker has both actuator and sensor access plus system knowledge. Saturation effects in actuators and tires further alter detectability in an attack-specific manner, with CarSim-Simulink cases confirming the distinctions across measurement configurations.

What carries the argument

The distinction among replay, zero-dynamics, and covert attack classes, each defined by required knowledge, access, and impact, applied to the bicycle model with varying outputs to constrain unstable zero dynamics.

If this is right

  • Replay attacks remain feasible with minimal model information but struggle to produce long-term undetected path changes.
  • Output selection that removes unstable zero dynamics directly reduces the reachable impact of zero-dynamics attacks.
  • Covert attacks can maintain stealthy lateral deviations indefinitely when actuator-sensor coordination is possible.
  • Actuator and tire saturation limits stealth and effectiveness differently for each attack class.
  • Measurement configurations using yaw rate or acceleration outputs alter vulnerability profiles across all three attacks.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Vehicle stability systems could incorporate output choices that avoid unstable zeros as a low-cost first layer of defense.
  • Additional consistency checks between commanded and measured signals would be needed to catch coordinated covert attacks in practice.
  • Extending the same analysis to full six-degree-of-freedom vehicle models might reveal new attack surfaces involving combined lateral-longitudinal motion.
  • Security requirements for autonomous or assisted-driving vehicles could include simulation tests for these specific attack classes before deployment.

Load-bearing premise

The bicycle model captures the relevant lateral dynamics, and attackers possess the assumed level of system knowledge and access.

What would settle it

A high-fidelity vehicle test or simulation in which a covert attack with full knowledge fails to produce sustained lateral state deviation without triggering detection, or a zero-dynamics attack succeeds despite output choices that should eliminate unstable modes.

Figures

Figures reproduced from arXiv: 2604.15996 by Ali Eslami, Jiangbo Yu, Mohammad Pirani.

Figure 1
Figure 1. Figure 1: The stealthy attacks in the 3D resources space [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Zero Dynamics Attack (ZDA). the attacker com [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Covert attack architecture with linear output. Note [PITH_FULL_IMAGE:figures/full_fig_p006_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Covert attack when the output is nonlinear (lon [PITH_FULL_IMAGE:figures/full_fig_p006_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Replay Attack procedure with both linear and non [PITH_FULL_IMAGE:figures/full_fig_p007_5.png] view at source ↗
Figure 7
Figure 7. Figure 7: Replayed Outputs received at the control unit. [PITH_FULL_IMAGE:figures/full_fig_p009_7.png] view at source ↗
Figure 6
Figure 6. Figure 6: Outputs of a class-C 2017 hatchback vehicle in [PITH_FULL_IMAGE:figures/full_fig_p009_6.png] view at source ↗
Figure 8
Figure 8. Figure 8: True outputs under replay attack, demonstrating [PITH_FULL_IMAGE:figures/full_fig_p009_8.png] view at source ↗
Figure 10
Figure 10. Figure 10: The outputs of the system (top figure), gener [PITH_FULL_IMAGE:figures/full_fig_p010_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Nonlinear output (i.e., longitudinal acceleration [PITH_FULL_IMAGE:figures/full_fig_p010_11.png] view at source ↗
read the original abstract

This paper studies the vehicle bicycle model under three classes of stealthy cyber-attacks: replay attacks, zero dynamics attacks, and covert attacks. Using a system-theoretic framework, we analyze the feasibility and impact of these attacks on vehicle lateral dynamics. The investigation considers different measurement configurations, including yaw rate, lateral acceleration, and longitudinal acceleration outputs, to evaluate how sensor selection influences attack detectability and system vulnerability. Each attack class is characterized in terms of required system knowledge, communication access, and impact. The analysis shows that replay attacks remain largely model-agnostic, while zero dynamics attacks are fundamentally constrained by control-oriented design choices, particularly output selection, which can eliminate unstable zero dynamics and limit the attack impact. In contrast, covert attacks, enabled by coordinated actuator and sensor manipulation, allow sustained and stealthy deviation of lateral states when sufficient access and system knowledge are available. The effects of actuator and tire saturation are also examined, revealing attack-dependent impacts on stealthiness and effectiveness. Finally, simulation case studies are conducted by using CarSim-Simulink co-simulation to validate and verify the theoretical results.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. This manuscript analyzes stealthy cyber-attacks on vehicle lateral dynamics using the bicycle model. It considers replay attacks, zero-dynamics attacks, and covert attacks under various sensor configurations (yaw rate, lateral acceleration, longitudinal acceleration). The key findings are that replay attacks are model-agnostic, zero-dynamics attacks are limited by output selection which can remove unstable zeros, and covert attacks can achieve sustained deviations with coordinated access. Saturation effects are examined, and CarSim-Simulink co-simulations are used to validate the theoretical analysis.

Significance. If the central claims are substantiated, this paper offers important insights for securing autonomous vehicle lateral control systems against cyber threats by informing sensor selection and control design. The system-theoretic approach allows for clear characterization of attack requirements and impacts, which is valuable for the field. The inclusion of high-fidelity simulations adds credibility, though the linear-to-nonlinear transition requires careful handling as noted in the comments.

major comments (2)
  1. The CarSim-Simulink co-simulation is presented as validation for the linear model-based conclusions on zero-dynamics attacks (see the simulation case studies section). However, when tire saturation occurs, the effective system dynamics become nonlinear, which can change the zero dynamics and the detection residuals. The manuscript does not provide a direct comparison or sensitivity analysis showing that the attack feasibility and limited impact conclusions transfer to the saturated nonlinear trajectories. This is load-bearing for the claim that output selection can limit attack impact.
  2. The description of covert attacks enabling sustained deviation assumes sufficient system knowledge and access. The simulation results should include explicit metrics (e.g., how close the residuals stay to zero under saturation) to confirm stealthiness, as actuator saturation could affect the coordinated injection's effectiveness.
minor comments (2)
  1. The abstract mentions 'different measurement configurations' but could specify the exact outputs considered (yaw rate, lateral acceleration, longitudinal acceleration) for clarity.
  2. Ensure consistent use of symbols for the state-space matrices across the attack models.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and detailed comments on our manuscript. We address each major comment point by point below, clarifying the scope of our linear analysis while committing to strengthen the simulation validation as suggested.

read point-by-point responses

  1. Referee: The CarSim-Simulink co-simulation is presented as validation for the linear model-based conclusions on zero-dynamics attacks (see the simulation case studies section). However, when tire saturation occurs, the effective system dynamics become nonlinear, which can change the zero dynamics and the detection residuals. The manuscript does not provide a direct comparison or sensitivity analysis showing that the attack feasibility and limited impact conclusions transfer to the saturated nonlinear trajectories. This is load-bearing for the claim that output selection can limit attack impact.

    Authors: We agree that the transition from linear zero-dynamics analysis to nonlinear saturated regimes requires explicit attention to fully support the claim. Our theoretical results are derived for the linear bicycle model, where output selection can eliminate unstable zeros. The CarSim co-simulations already incorporate saturation cases and show qualitatively similar limited attack impact, but we acknowledge the absence of a direct side-by-side sensitivity comparison of residuals and attack trajectories. In the revised manuscript we add a new subsection with additional figures comparing residual evolution and state deviation under linear, mildly saturated, and heavily saturated conditions for the different output choices. These results confirm that the benefit of output selection persists, although the margin narrows under severe saturation. revision: yes

  2. Referee: The description of covert attacks enabling sustained deviation assumes sufficient system knowledge and access. The simulation results should include explicit metrics (e.g., how close the residuals stay to zero under saturation) to confirm stealthiness, as actuator saturation could affect the coordinated injection's effectiveness.

    Authors: We accept that quantitative stealthiness metrics under saturation would improve clarity. The manuscript already examines saturation effects on covert attacks and notes that coordinated injection maintains low residuals, yet explicit numerical values were not tabulated. We have revised the simulation section to include tables reporting the 2-norm and infinity-norm of the detection residuals throughout the attack interval, both with and without actuator/tire saturation. The added data show that residuals remain below typical detection thresholds even when saturation occurs, with only modest increases attributable to the nonlinear mismatch. revision: yes

Circularity Check

0 steps flagged

No circularity: standard system-theoretic analysis of attack classes on bicycle model

full rationale

The derivation applies established linear system theory (zero dynamics, output selection, attack models) directly to the vehicle bicycle model equations. Attack feasibility and impact statements follow from the state-space representation and chosen measurements without any parameter fitting, self-referential definitions, or load-bearing self-citations. CarSim co-simulation is used only for numerical validation of the linear predictions, not to close any derivation loop. No step reduces to its own inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The work rests on standard assumptions from vehicle dynamics and control theory; no free parameters or invented entities are evident from the abstract.

axioms (2)
  • domain assumption The vehicle bicycle model is a valid representation of lateral dynamics for the attack analysis.
    Implicitly used as the base model for all attack characterizations.
  • domain assumption Attack models (replay, zero-dynamics, covert) can be analyzed using standard system-theoretic tools without additional unstated constraints.
    Framework for feasibility and impact evaluation.

pith-pipeline@v0.9.0 · 5497 in / 1211 out tokens · 31214 ms · 2026-05-10T08:34:44.732327+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

26 extracted references · 26 canonical work pages

  1. [1]

    Defense of cyber-physical sys- tems against covert-switching-based attacks: A switching multi- instantaneous gain-scheduling mechanism,

    Y. Shan, X. Xie, and Y. Liu, “Defense of cyber-physical sys- tems against covert-switching-based attacks: A switching multi- instantaneous gain-scheduling mechanism,” IEEE Transactions on Control Systems Technology, 2025

    work page 2025

  2. [2]

    Detection of event-based covert attacks in cyber-physical systems,

    A. Eslami and K. Khorasani, “Detection of event-based covert attacks in cyber-physical systems,” in 2023 9th International Conference on Control, Decision and Information Technologies (CoDIT). IEEE, 2023, pp. 920–925

    work page 2023

  3. [3]

    Dynamic drifting control for general path tracking of autonomous vehicles,

    G. Chen, X. Zhao, Z. Gao, and M. Hua, “Dynamic drifting control for general path tracking of autonomous vehicles,” IEEE Transactions on Intelligent Vehicles, vol. 8, no. 3, pp. 2527–2537, 2023

    work page 2023

  4. [4]

    Toward robust cooperative localization for intelligent con- nected vehicles under zero-trust vehicular networks,

    D. Huang, X. Fang, Z. Zhang, Y. Na, H. Qin, and C. Sun, “Toward robust cooperative localization for intelligent con- nected vehicles under zero-trust vehicular networks,” IEEE Transactions on Control Systems Technology, 2025

    work page 2025

  5. [5]

    Actuator anomaly detection in linear parabolic distributed parameter cyber-physical systems,

    T. Roy and S. Dey, “Actuator anomaly detection in linear parabolic distributed parameter cyber-physical systems,” IEEE Transactions on Control Systems Technology, vol. 31, no. 6, pp. 2437–2448, 2023

    work page 2023

  6. [6]

    Event-triggered protocol-based con- trol for cyber–physical systems vulnerable to dual-channel dos attacks,

    X. Li, Z. Tian, and D. Lu, “Event-triggered protocol-based con- trol for cyber–physical systems vulnerable to dual-channel dos attacks,” IEEE Transactions on Control Systems Technology, 2024

    work page 2024

  7. [7]

    Attack models and scenarios for networked control systems,

    A. Teixeira, D. Pérez, H. Sandberg, and K. H. Johansson, “Attack models and scenarios for networked control systems,” in Proceedings of the 1st international conference on High Confidence Networked Systems, 2012, pp. 55–64

    work page 2012

  8. [8]

    Replay attack detection for cyber-physical control systems: A dynamical delay estima- tion method,

    D. Zhao, B. Yang, Y. Li, and H. Zhang, “Replay attack detection for cyber-physical control systems: A dynamical delay estima- tion method,” IEEE Transactions on Industrial Electronics, vol. 72, no. 1, pp. 867–875, 2024

    work page 2024

  9. [9]

    Zero dynamics attack detection and isolation in cyber-physical systems with event-triggered communication,

    A. Eslami and K. Khorasani, “Zero dynamics attack detection and isolation in cyber-physical systems with event-triggered communication,” IEEE Control Systems Letters, 2025

    work page 2025

  10. [10]

    Event-triggered resilient control design in cyber-physical systems subject to covert attacks,

    ——, “Event-triggered resilient control design in cyber-physical systems subject to covert attacks,” in 2024 IEEE 63rd Confer- ence on Decision and Control (CDC). IEEE, 2024, pp. 3075– 3082

    work page 2024

  11. [11]

    Optimization and control of cyber-physical vehicle systems,

    J. M. Bradley and E. M. Atkins, “Optimization and control of cyber-physical vehicle systems,” Sensors, vol. 15, no. 9, pp. 23 020–23 049, 2015

    work page 2015

  12. [12]

    A cyber security evaluation framework for in-vehicle electrical control units,

    H. Zhang, Y. Pan, Z. Lu, J. Wang, and Z. Liu, “A cyber security evaluation framework for in-vehicle electrical control units,” IEEE Access, vol. 9, pp. 149 690–149 706, 2021

    work page 2021

  13. [13]

    A sensor fusion-based gnss spoofing attack detection framework for autonomous vehicles,

    S. Dasgupta, M. Rahman, M. Islam, and M. Chowdhury, “A sensor fusion-based gnss spoofing attack detection framework for autonomous vehicles,” IEEE Transactions on Intelligent Transportation Systems, vol. 23, no. 12, pp. 23 559–23 572, 2022

    work page 2022

  14. [14]

    Vehicular intrusion detection sys- tem for controller area network: A comprehensive survey and evaluation,

    Y. Liu, L. Xue, S. Wang, X. Luo, K. Zhao, P. Jing, X. Ma, Y. Tang, and H. Zhou, “Vehicular intrusion detection sys- tem for controller area network: A comprehensive survey and evaluation,” IEEE Transactions on Intelligent Transportation Systems, 2025

    work page 2025

  15. [15]

    Cybersecurity at- tacks on can bus based vehicles: a review and open challenges,

    F. Fakhfakh, M. Tounsi, and M. Mosbah, “Cybersecurity at- tacks on can bus based vehicles: a review and open challenges,” Library hi tech, vol. 40, no. 5, pp. 1179–1203, 2022

    work page 2022

  16. [16]

    Secure pose estimation for autonomous vehicles under cyber attacks,

    Q. Liu, Y. Mo, X. Mo, C. Lv, E. Mihankhah, and D. Wang, “Secure pose estimation for autonomous vehicles under cyber attacks,” in 2019 IEEE Intelligent Vehicles Symposium (IV). IEEE, 2019, pp. 1583–1588

    work page 2019

  17. [17]

    Lateral control of an autonomous vehicle,

    J. Jiang and A. Astolfi, “Lateral control of an autonomous vehicle,” IEEE Transactions on Intelligent Vehicles, vol. 3, no. 2, pp. 228–237, 2018

    work page 2018

  18. [18]

    Vehicles swarm intelligence: Cooperation in both longitudinal and lateral dimensions,

    J. Hu, N. Zhang, H. Wang, B. Gao, T. Jiang, J. Zheng, and F. Liu, “Vehicles swarm intelligence: Cooperation in both longitudinal and lateral dimensions,” IEEE Transactions on Intelligent Vehicles, 2024

    work page 2024

  19. [19]

    Lat- eral and longitudinal coordinated control of intelligent vehicle based on high-precision dynamics model under high-speed limit condition,

    Z. He, L. Gong, E. Zhou, B. Wei, E. Li, and J. Huang, “Lat- eral and longitudinal coordinated control of intelligent vehicle based on high-precision dynamics model under high-speed limit condition,” IEEE Transactions on Intelligent Vehicles, 2024

    work page 2024

  20. [20]

    Lateral control for autonomous vehicles: A robust bounded back-stepping technique,

    A. Selman, “Lateral control for autonomous vehicles: A robust bounded back-stepping technique,” IEEE Transactions on In- telligent Vehicles, 2025

    work page 2025

  21. [21]

    Cyber-physical security of vehicles: Zero dynamics attacks against vehicle’s lateral dynamics,

    G. Shaaban, H. Fourati, A. Kibangou, C. Prieur, and M. Pirani, “Cyber-physical security of vehicles: Zero dynamics attacks against vehicle’s lateral dynamics,” European Journal of Con- trol, 2025, available online

    work page 2025

  22. [22]

    Covert attacks through adversarial learning: Study of lane keeping attacks on the safety of autonomous vehicles,

    F. Farivar, M. S. Haghighi, A. Jolfaei, and S. Wen, “Covert attacks through adversarial learning: Study of lane keeping attacks on the safety of autonomous vehicles,” IEEE/ASME Transactions on Mechatronics, vol. 26, no. 3, pp. 1350–1357, 2021

    work page 2021

  23. [23]

    Robust mirror attacks on cyber-physical systems,

    D. Mikhaylenko and P. Zhang, “Robust mirror attacks on cyber-physical systems,” in 2024 10th International Conference on Control, Decision and Information Technologies (CoDIT). IEEE, 2024, pp. 724–729

    work page 2024

  24. [24]

    Replay attack detection using switching multi-sine watermarking,

    A. Ghamarilangroudi, S. H. Zad, and Y. Zhang, “Replay attack detection using switching multi-sine watermarking,” in 2025 33rd Mediterranean Conference on Control and Automation (MED). IEEE, 2025, pp. 381–386

    work page 2025

  25. [25]

    Matrix coding enabled impact mitigation against primary false data injection attacks in cyber-physical microgrids,

    M. Liu, X. Zhang, C. Zhao, and R. Deng, “Matrix coding enabled impact mitigation against primary false data injection attacks in cyber-physical microgrids,” IEEE Transactions on Power Systems, 2025

    work page 2025

  26. [26]

    Eslami and J

    A. Eslami and J. Yu, “Security risks of agentic vehicles: A systematic analysis of cognitive and cross-layer threats,” arXiv preprint arXiv:2512.17041, 2025. Ali Eslami is a Postdoctoral Researcher at McGill University, Montreal, Canada. He holds a Ph.D. in Electrical Engineering from Concordia University, an M.Sc. from Amirkabir University of Technology,...

    work page arXiv 2025