A control mode switching apparatus switches a control mode of a robot. The control mode includes at least two of a remote control mode, a manual control mode, and an autonomous control mode. The control mode switching apparatus includes: an anomaly detector that, based on a communication message on a control network in the robot and the control mode, obtains a detection result of at least one anomaly among a user anomaly caused by user control, a robot anomaly caused by the control network, an operating environment anomaly caused by an operating environment of the robot, and an application anomaly caused by an application; and a switcher that calculates, for each type of anomaly detected, a score indicating a likelihood that the type is a cause of the anomaly in the robot, and switches the control mode based on the score calculated.

A method of mitigating jamming of a reflected energy ranging system for an autonomous vehicle is presented. The system comprises at least one transmission antenna, at least two receiving antennas, and a controller comprising a processor and a non-transitory computer-readable medium. The method comprises emitting an energy signal with the transmitter antenna, contacting a target with the energy signal, and reflecting the energy signal off the target and back towards the receiving antennas as a reflected energy signal. The method further comprises receiving a composite energy signal comprising at least the reflected energy signal and a jamming energy signal with the at least two receiving antennas, analyzing the composite energy signal with the processor to blindly extract at least the reflected energy signal and the jamming energy signal, and identifying which of at least the reflected energy signal and the jamming energy signal corresponds to the target with the processor.

An onboard security system for an autonomous vehicle (AV) can detect and respond to anomalies in the AV. The onboard security system may include one or more network anomaly detectors to detect unexpected changes to traffic on a local network of the AV, and one or more process anomaly detectors to detect unexpected changes to software processes running on the AV. If an anomaly is detected, an anomaly response system may classify the anomaly and determine a maneuver for the AV to perform, e.g., to pull over and stop the AV.

An on-vehicle control apparatus (130) switches an operating state of an on-vehicle control system (100) from a regular state to a partially checking state in a case where a cyber-attack has been detected in a part of a plurality of driving control apparatuses (110 and 120). The regular state is an operating state in which autonomous driving is performed by using at least one of the plurality of driving control apparatuses. The partially checking state is an operating state in which the autonomous driving is performed by using at least one of normal driving control apparatuses where the cyber-attack has not been detected, and security of each of the driving control apparatuses where the cyber-attack has been detected is checked.

The present disclosure provides a method and apparatus of monitoring a sensor of a driverless vehicle, a device and a storage medium, wherein the method comprises: monitoring a physical state of a to-be-monitored sensor; monitoring a data transmission state of the to-be-monitored sensor; monitoring output data of the to-be-monitored sensor, and using predetermined data to perform cross-validation for the output data; when any monitoring result gets abnormal, determining the to-be-monitored sensor as getting abnormal, and giving an alarm. The solution of the present disclosure may be applied to improve safety of the driverless vehicle.

In one example, a method for resolving sensor conflicts in autonomous vehicles includes monitoring conditions around the autonomous vehicle by analyzing data received from a plurality of sensors, detecting a conflict in the data received from two sensors of the plurality of sensors, sending a first instruction to an auxiliary sensor of the autonomous vehicle that is not one of the plurality of sensors, wherein the first instruction instructs the auxiliary sensor to gather additional data about the conditions around the autonomous vehicle, receiving the additional data from the auxiliary sensor, and making a decision regarding operation of the autonomous vehicle, wherein the decision is based at least in part on the additional data.

In various embodiments, methods, systems, and vehicle apparatuses are provided. A method for determining a trusted context of operation by an in-vehicle Network Intrusion Detection System (NIDS) for learning of a vehicle platform, including executing the NIDS to monitor a set of Electronic Control Units (ECUs) and vehicle state elements by receiving a set of vehicle derived inputs about a vehicle's operating state; in response to a determination about the vehicle's operating state, identifying the trusted window during which learning about network topology and whitelisted messages contained in a vehicle platform is allowable; creating a vehicle-specific configuration containing a list of networks of topologies and whitelisted messages in use by the ECUs in the vehicle platform, and preventing misconfiguring of at least one network in the list of network topologies and whitelisted messages of the vehicle-specific configuration in the vehicle platform outside the trusted window.

An anomaly detection electronic control unit connected to an in-vehicle network includes: a communicator that receives a first communication message indicating speed information of a vehicle including the in-vehicle network and a second communication message indicating peripheral information of the vehicle; a processor; and a memory including at least one set of instructions that, when executed by the processor causes the processor to perform operations including: (A) determining a first traveling state of the vehicle based on the speed information and a second traveling state of the vehicle based on the peripheral information; (B) determining, by comparing the first traveling state with the second traveling state, that the first communication message is anomalous when the first traveling state is different from the second traveling state; and (C) executing processing to handle an anomaly when the first communication message is determined to be anomalous.

Methods and systems for controlling a vehicle. The system includes a localization system, a memory storing a digital map, at least one sensor, and an electronic processor. The electronic processor is configured to receive, from the localization system, a current location of the vehicle and determine a future driving segment of the vehicle based on the current location of the vehicle. The electronic processor is further configured to determine at least one performance limitation based on the future driving segment of the vehicle and artificially falsify data of the at least one sensor to initiate a safety action for the vehicle.

One embodiment provides a method, including: receiving, at an information handling device positioned within a vehicle, a command from a vehicle occupant to initiate a function; transmitting, responsive to the receiving and prior to initiation of the function, an authorization request to a secondary device designated as an authorization authority; determining, using a processor, whether confirmation of the authorization request is received from the secondary device; and initiating, responsive to determining that confirmation of the authorization request is received from the secondary device, the function. Other aspects are described and claimed.