Autonomous Vehicles & UAVs.
security, privacy, and connectivity for ground and aerial autonomy
in plain terms

Autonomous and connected vehicles, and the UAVs that fly alongside them, run on three things that can fail or be attacked: the in-vehicle network, the position estimate, and the communication link. This line builds and stress-tests defenses for each, intrusion detection for the CAN bus, the real detectability limit of GPS spoofing, the privacy exposure of vehicle telemetry, rural V2X connectivity, and safe UAV control over lossy links. Most of it is co-advised with my students.

projects
01

Hybrid Clustering-Transformer IDS for Rural CAVs

under submissionco-advised · Mahsa Tavasoli (lead)

An edge-first intrusion detection system for connected and automated vehicles in rural areas, where intermittent connectivity makes cloud-based defense unreliable. It runs fast per-CAN-ID unsupervised clustering for local screening, then a compact transformer for byte-sequence context, fused with confidence-weighted, per-ID adaptive thresholds so alert sensitivity adapts to each message identifier.

100% recall and 98.9% accuracy on flooding attacks, connectivity-independent, false positives concentrated on one CAN ID for targeted calibration
keywords: CAN bus, intrusion detection, connected vehicles, edge AI, rural ITS
separate payload semantics from temporal structureCAN buspayload branchattackabletemporal branchrobustdetectdisentangled representation holds F1 under perturbation
02

On the Fundamental Limits of GPS Spoofing Detection

VehicleSec 2026under reviewco-advised research

A theory result for autonomous-vehicle localization security. Every position-domain spoofing detector compares the GPS fix to an IMU dead-reckoning estimate and flags disagreement. This work derives a closed-form lower bound showing reliable detection requires the accumulated spoofing displacement over a window to exceed roughly three times the baseline noise. Published 90%+ F1 numbers turn out to be artifacts of favorable test conditions.

A $223 software-defined radio steers a vehicle off-lane in 20 s; on highways with consumer GPS a gradual 0.5 m/s attack falls below the detectable limit
keywords: GPS spoofing, GNSS security, autonomous vehicle localization, detection limits
judge GPS spoofing by safety, not detection aloneGPS spoofconfirm + DRintendedspoofed driftdead-reckoning / safe-stop policy, deviation cut 88-96%
04

Data Communication Challenges of CAVs in Rural Areas

IEEE Access 2025co-advised · Mahsa Tavasoli (lead)

A published review of the data-communication barriers that block connected and automated vehicles in infrastructure-limited rural settings. It evaluates vehicular communication technologies and their limits, examines V2X architectures and protocols for coverage, reliability, and security, and uses text mining and topic modeling to surface current trends and research gaps for rural intelligent transportation systems.

Published in IEEE Access 2025; maps the rural V2X landscape and the connectivity, reliability, and security gaps that remain
keywords: V2X, DSRC, C-V2X, rural connectivity, vehicular networks
keep CAVs connected where infrastructure is sparseCAVego vehiclevehicleV2Vroadsideunit (V2I)cellularweaksatellitebackupone V2X stack over V2V, V2I, cellular, and satellite, rural-first
05

Agentic-UAV Control over Lossy Links

DroneComUAV / aerial autonomy

Moves the autonomy story from the ground to the air. It measures the network and safety cost of controlling a UAV with an LLM agent over a lossy communication link, where command drops and delay are the norm, and applies BlackWidow-style action masking so unsafe commands are filtered before they reach the aircraft.

Quantifies how link loss degrades agentic control, and keeps a hard safety gate between the planner and the vehicle
keywords: UAV, drone command and control, 5G, link loss, safe autonomy
control a UAV safely over a lossy linkLLM agentplans controllossy linkdrops + delaymasksafetyUAVsafe cmdunsafe command blocked
Mentoring. This line is where my co-advising sits: Mahsa Tavasoli leads the rural-CAV intrusion-detection and communication work, Mohammad Sepahi co-authored the VIN privacy work, and several pieces are joint with the cybersecurity group at North Carolina A&T and Old Dominion University.