Impact Evaluation of Cyber-Attacks on Traffic Flow of Connected and Automated Vehicles

Connected and automated vehicles (CAVs) can improve transportation safety and efﬁciency based on vehicle-to-vehicle (V2V) or vehicle-to-infrastructure (V2I) communications. However, there are potential cyber threats to the communication systems via on-board unit equipped in CAVs and road-side unit. Based on existing trafﬁc ﬂow models, we design an evaluation framework for cyber-attacks on CAVs, and further investigate the impact of proportion of cyber-attacked vehicles, cyber-attack severity, cyber-attack range and trafﬁc demand. Moreover, performance of the transportation system is analysed based on four indicators, including efﬁciency, safety, emissions and fuel consumption. The numerical simulation results show that with the increase of cyber-attacked vehicles and higher cyber-attack severity, the negative impact on trafﬁc ﬂow gradually becomes notable with lower capacity, higher risk of rear-end collision, more air pollutants and fuel consumption. In addition, it may lead to accidents and inefﬁcient trafﬁc operations if cyber-attacks occur on position rather than speed, and thus the position-attacked trafﬁc system consumes more energy and emits more pollutants. The ﬁndings of this study provide useful information for the prediction of future cyber-attacked trafﬁc, comprehensive evaluation of transportation systems, as well as management of automated highway systems from the perspective of network security.


I. INTRODUCTION
In recent years, connected and automated vehicles (CAVs) has been one of prospective applications within the field of intelligent transportation systems (ITS) in the future [1]- [3].
To predict potential emergencies about CAVs, simulation experiments designed for different traffic scenarios are a fundamental step before launching mature products into the market. To date, many car-following models have been proposed to describe characteristics of traffic flow from microscopic perspective [4]- [8]. The adaptive cruise control (ACC) system is one of the most popular applications designed for the control of longitudinal behaviors [9]- [12]. In addition, as an enhanced version of ACC, the cooperative adaptive The associate editor coordinating the review of this manuscript and approving it for publication was Yue Cao . cruise control (CACC) system can notably smooth hazardous traffic flow and improve traffic efficiency [4], [11], [13]- [19]. Li et al. developed an infrastructure-to-vehicle integrated system that incorporated both ACC and variable speed limit (VSL) to reduce rear-end collision risks on freeways [20]. Shladover et al. analyzed the advantages of CACC based on vehicle-to-vehicle (V2V) communication, including higher accuracy, faster response, and shorter gaps, resulting in enhanced traffic flow stability and possibly improved safety [17], [18], [21], [22]. In field test, several projects have been conducted for the system designs as well as empirical data analysis [18], [21], [23]. For example, the California Program on Advanced Technology for the Highway (PATH) attempted to design longitudinal controllers, providing an ideal basis for the following studies [11], [13], [14], [21], [24]- [28].
However, advanced technologies always bring both opportunities and challenges. In the transportation field, the opportunities mean improvement of travel efficiency and traffic safety, while the challenges represent risk of cyberattack, cost increase and moral issues when crashes happen [29]- [33]. In this paper, we focus on the cyber-attack via communications between on-board units and road-side units. In the previous theoretical researches, simulations have been extensively conducted to demonstrate the safety and stability of the cyber-attacked system [3], [12], [14], [31]- [41]. Particularly, Li et al. evaluated the influence of slight cyber-attacks on longitudinal safety of CAVs based on nine-vehicle experiments [14]. Wang et al. proposed an extended car-following model and analyzed the linear and nonlinear stability of the traffic flow under cyber-attack [40]. Amoozadeh et al. demonstrated that insider cyber-attacks could cause significant instability of CACC vehicle stream based on simulation, and then put forward several countermeasures [34]. In the aforementioned works, CACC is chosen as the only longitudinally automation control system for CAV simulations. Besides, Petit and Shladover did the first investigation of the potential cyber-attacks specific to automated vehicles with their special needs and vulnerabilities [3]. Jia et al. systematically conducted a survey on platoon-based vehicular cyberphysical systems [42]. Reilly et al. presented a controllability analysis of freeways with coordinated metering to evaluate impact of control system cyber-physical attacks [43]. Generally, much attention has been paid to the communication system and safety analysis, and thus the inherent characteristics of cyber-attack need further explorations. Also, more investigations should be conducted on its impact on traffic flow stability, efficiency, emissions and fuel consumption.
In this paper, we differentiate from the previous studies and emphatically address the following questions: (1) What factors influence the traffic system under cyber-attack?
(2) What is the difference between cyber-attacks on position and speed?
(3) How sensitive is the traffic system to different cyber-attacked scenarios?
The remainder of this paper is structured as follows: Section II describes the methodology, including the evaluation framework for cyber-attacked traffic and simulation experiment designs. In Section III, the impact of important factors is analyzed, such as object of cyber-attack, proportion of cyber-attacked vehicles, cyber-attack severity. Section IV presents numerical simulation results to indicate the characteristics of the traffic flow under cyber-attack. Sensitivity analysis of cyber-attack range and traffic demand is conducted in Section V. Finally, some conclusions are summarized in Section VI.

A. FRAMEWORK
The framework for evaluation of cyber-attack on traffic flow is shown in Fig. 1. It consists of four steps: • Step 1: Model the cyber-attacked traffic flow. To simulate longitude control on CAVs, CACC model is used to characterize the car-following behaviors. Moreover, cyber-attack on traffic flow stability is analyzed from a theoretical prospective, and then traffic scenarios are designed to provide a basis for cyber-attack measurement.
• Step 2: Based on CACC model and analysis of traffic flow stability, the microscopic simulation testbed is established to imitate potential cyber-attacks on CAVs. Cyber-attacks on position and speed are respectively considered. Also, proportion of cyber-attacked vehicles and cyber-attack severity are selected as independent variables throughout the experiment.
• Step 3: Numerical simulations are conducted to display the performance of a basic freeway bottleneck in travel efficiency, traffic safety, emissions and fuel consumption.
• Step 4: Cyber-attack range and traffic demand are two important parameters, which the transportation system may be sensitive to. Therefore, sensitivity analysis is conducted to investigate their impact on simulation results.

B. TRAFFIC FLOW MODEL
It is well known that the technology of CACC is the most representative applied in CAVs' longitudinal control. The California Program on PATH developed a CACC car-following model and calibrated it using production cars equipped with PATH-Nissan High-Level Controller, which is one of few realistic models based on experimental data [13], [14], [17], [21], [22]. The CACC car-following model is expressed as follows: where v sv , a sv and x sv are speed, acceleration and position of the subject vehicle, respectively. t is the time step. k p and k d are the model coefficients and gains for adjusting the time gap between the subject vehicle and the preceding vehicle. e k is the time gap error andė k is the derivative. They are described by the following: where x p and v p are the position and speed of the preceding vehicle, respectively. L veh is the vehicle length. t hw is the desired time gap of the CACC controller. The units for distance, speed, acceleration and time are m, m/s, m/s 2 and s, respectively. According to the field tests, the parameters are calibrated as follows: t = 0.01 s, t hw = 0.6 s, k p = 0.45, k d = 0.25.

C. CYBER-ATTACK ON TRAFFIC FLOW STABILITY
CACC is considered as a key enabling technology to automatically regulate the inter-vehicle distances in a vehicle platooning while maintaining the string stability. However, potential cyber-attack may have negative impact on the traffic flow stability [10], [19], [39], [41], [44]. In this case, the stability is theoretically investigated in terms of cyber-attacked position and speed. Similarly, the CACC model can be written as: where h denotes the space headway. v is the speed difference between the subject vehicle and the preceding one. The other parameters have the same meanings defined above. (6) can be written for the cyber-attacked condition: where f represents the general expression of traffic flow model. α and β denote the severity of cyber-attack on position and speed, respectively. Then, the three partial differentials of the model with respect to v, v, and h at the equilibrium state are presented as follows: The value of stability condition F reflects the general instability condition of car-following model with the acceleration function, and it is calculated as (11). The proof follows the Lyapnuov stability theory and hence is omitted. The readers can refer to Wilsoon [44] for a complete proof. The traffic flow is instable if the following equation holds.
During numerical simulation, the value of α and β is set to range from 0 to 2, and the result of stability in cyber-attacked traffic is shown in Fig. 2.
In Fig. 2, the coordinate origin of x-axis denotes no cyberattack. Obviously, the distribution map is divided into three parts and the middle part represents stable region both for position-and speed-attacked scenarios. Specifically, the stability condition of the CACC model holds when the term of speed is cyber-attacked by 47.3%. In this case, the subject vehicle has little space to avoid rear-end collision because of fake information collected from the leading CAV. For the position, if it is overestimated by over 44.4%, the traffic flow starts to become unstable. Therefore, underestimation of speed or overestimation of position can lead to traffic flow instability, and the lower value 44.4% is taken as the threshold. This is the reason why the value of cyber-attack severity is below the threshold during following experiments.

D. SIMULATION EXPERIMENT DESIGN
The topology structure of communications between CAVs under or without cyber-attacks is expressed in Fig. 3(a). If one CAV is under cyber-attack, it will transmit imprecise data to the following vehicle. In this case, we need to answer three important problems: (1) How many CAVs are attacked?
(2) What is the quantitative index of cyber-attack severity? (3) When or where do the cyber-attacks on CAVs start and finish?
For the first issue, we test different proportions of vehicles under cyber-attack and evaluate their impacts on traffic flow. Besides, another relevant variable is traffic demand, which is analyzed at the end of Section V. To handle the second problem, we define the fluctuation ratio of position or speed as cyber-attack severity. For example, if the speed of the subject vehicle is 20 m/s and the received imprecise information by the following vehicle is 16 m/s, the current cyber-attack severity is 20%. Because each road-side unit is responsible for information transmission within a fixed area, a CAV which enters the cyber-attack area has a chance to be attacked, as shown in Fig. 3(b). Segment A and D are without cyber-attacks, while Segment B and C are cyber-attack areas. We assume that positions and speeds of CAVs in Segment A and D are iterated only by the car-following model. Correspondingly, those in Segment B and C fluctuate randomly at a certain severity, i.e. 0.1%, 0.5%, 1%, 2%, 4%, 8%, 16%, 32%. According to the findings in Fig. 2, the specific value of cyber-attack severity ranges from -44.4% to 44.4%, which ensures the traffic flow stability. For example, if the severity is set to 8%, the speed or position will be either over-or underestimated by 8%.
During simulations, Segment B and C are decided by x 1 , x 2 and x 3 . x 2 is the central position of attack range and it is a constant 1300 m. The interval of [x 1 , x 2 ] identically equals to [x 2 , x 3 ]. Therefore, we can easily control the attack range by changing radius of [x 1 , x 3 ] during each experiment. The radius of attack range is limited by technology development in communication. In this paper, 300 m, 500 m and 700 m are chosen to represent different levels of communication technology [13], [45]. The default value 300 m reflects the current level.
For the other parameter settings, the ranges of speed and acceleration are [0, 30 m/s] and [−4 m/s 2 , 2 m/s 2 ], respectively. In addition, the lengths of road and vehicle are L = 3000 m and L veh = 5 m. Each simulation period is 1 h, and we repeat 10 times for average results to reduce the random errors.

III. EVALUATION INDEX A. ROAD CAPACITY
The pipeline capacity is defined as the maximum 15-minute moving average flow rate observed upstream the cyberattacked flow. In this paper, the measurement point for road capacity is chosen at x = 2500 m in Fig. 3(b). The experiments begin with simulating a constant and relatively low traffic volume for one hour. If the freeway remains freeflowing, then subsequent simulations are conducted with slightly higher volume input (e.g., plus 1000 veh/h), until the highest observed 15-minute moving average flow no longer increases as the input became larger [21]. The capacity is finally determined based on 10 replications with different random seeds.
where C is road capacity and q 15min is the highest 15-minute flow.

B. SURROGATE SAFETY MEASURE
Rear-end collision risk indexes (RCRI) establish relation between longitudinal safety and vehicle dynamic trajectory data. Previously, various indexes have been proposed and extensively applied [15], [46]. In this study, we utilize a RCRI based on safe stopping distance, which has been widely used in previous researches [4], [11], [20], [47], [48]. Assume that the preceding vehicle takes an emergency stopping maneuver with the maximum deceleration rate. The subject vehicle has to react and brake to avoid a collision. If the stopping distance of the preceding vehicle is larger than that of the subject vehicle, it is safe; otherwise it is dangerous. Fig. 4 illustrates the safe stopping distance.
Specifically, the RCRI index based on safe stopping distances is calculated as follows:  where SSD p and SSD sv are safe stopping distances of the preceding and subject vehicles, respectively. d m is the deceleration rate and t d is the time delay. In this study, a deceleration rate of 3.4 m/s 2 is adopted and a time delay of 0.1 s is used for CAVs according to previous studies [6], [17]. T is the total time and N is the total vehicles. flag is used as the mark of number. M RCRI is the average RCRI of all space-time points. Rear-end collision risk criteria for freeway safety can be stated in terms of the average RCRI, as shown in Table 1 [46]. The clustering results are based on a tremendous amount of data investigated from freeways.
On the one hand, Level A is considered to be very safe traffic conditions with low M RCRI . On the other hand, Level F would describe the traffic at the highest risk on freeway when M RCRI exceeds 0.510. Besides, CAVs may choose continuous emergency braking operations under this level, and such unsafe traffic conditions can lead to the highest possibility of subsequent accident occurrences. Table 2 lists emission and fuel consumption rates for general cars under four typical traffic conditions [49]. There are relatively small differences between HC, NO X , CO 2 , and fuel consumption under three conditions, including free flow, transition and congestion. Compared with the other three conditions, work zone shows the lowest emission rates for HC, CO, and NO X . On the contrary, the lower speed in work zone brings about higher CO 2 emissions and fuel consumption.

C. EMISSION AND FUEL CONSUMPTION
The formula for calculating emissions and fuel consumption is as where M denotes the weight of a certain emission or fuel consumption. It is an integral of a function from the starting point to the ending of the road. L is the road length and f (v) is a function of speed, which can be obtained in Table 2. Because there are only four discrete values for estimation, a linear interpolation of the speed within the range is applied to calculate the total weight of emissions and fuel consumption. In addition, if the speed exceeds the maximum or minimum threshold, an effective and convenient solution is taking on the boundary value.

IV. NUMERICAL SIMULATION RESULTS
In this section, we design extensive numerical simulations to evaluate impacts of cyber-attacks on traffic flow composed of all CAVs. P, S, R and Q, which respectively stand for proportion of attacked vehicles, cyber-attack severity, cyber-attack range and traffic demand, are selected as study objects. Their influences on the traffic system are tested to predict potential cyber-attacked scenarios in the future, i.e., efficiency, safety, emission and fuel consumption.

A. TRAVEL EFFICIENCY
We first investigate the impacts of proportion of vehicles attacked on positions, as shown in Fig. 5. The proportion P varies from 0 to 100% with 20-percentage intervals. The other parameters are set as follows: S = 2%, R = 300 m and Q = 1000 vehicles per hour (vph). Obviously, with the increase of proportion of attacked vehicle, the average speed decreases gradually, especially in the cyber-attack area. When the proportion is less than 60%, CAVs travel along the road at almost free-flow speeds. The slight congestions caused by speed drop behaviors exist only in a short-range section from 1000 m to 1600 m. Such an oscillatory jam always lasts for several minutes until the next jam is observed. However, when the proportion increases to 60% or a higher percentage, CAVs in the cyber-attack area start to slow down, and this delay triggers heavier congestions caused by position fluctuations. Each oscillatory jam tends to be close to the next one and gather into a mass. Then, deceleration movements become more frequent. Meanwhile, the phenomenon of speed reduction is more and more evident, as presented in Fig. 5(d)-(f). It is worth noting that the congestions in Fig. 5(f) are much heavier than the others. On the one hand, the yellow and red color lumps indicate significant speed drops, which result in queues and delay. On the other hand, the severe congestions propagate upstream 86828 VOLUME 8, 2020 The similar experiments are conducted on the traffic scenario with speed attacked, as shown in Fig. 6. It is obvious that vehicles keep a high speed when the proportion of attacked vehicles is less than 80% during the whole simulations. Even though the proportion rises to 80%, the congestions caused by attacked speeds are still rare and dissipate quickly in a short time. When the proportion is 100%, the congestions form upstream of the cyber-attack area and have few negative effects on its downstream area. Notice that the average speeds of CAVs in the severest congestions are approximately 10 m/s, as shown in Fig. 6(f), which leads to relatively less delay than other conditions (Fig. 5(d)-(f)). Generally, from the perspective of influence area, the range of speed reduction by cyber-attack is around [1000 m, 1300 m]. Compared with the position-attacked traffic, the scenario with the same proportion of speed-attacked vehicles performs much better both in speed drops and influence area of congestions. Table 3 presents the impacts of cyber-attack severity and proportion of attacked vehicles on speeds. It is apparent that with the increase of severity, the average speeds decrease remarkably when the CAVs' positions are attacked. On the contrary, the amplitudes of oscillation in average speeds under speed-attacked conditions are much smaller, especially with small proportions of attacked vehicles. In terms of specific values, the speed ranges of the traffic attacked on speed are nearly between one-fourth and one-third of that under position-attacked conditions. For instance, the best case is the condition with the lowest severity and the smallest proportion of attacked vehicles. And then, the speed ranges for position-and speed-attacked traffic are −2.25% and −0.81%, where the latter is approximately one-third of the former. In addition, the biggest change of position-attacked traffic is over −55% while that is less than −20% with speed attacked among all conditions summarized in Table 3. So, it is a quantitative proof that the transport system controlled by CACC has an inherent function of defending cyber-attacks on speed. Fig. 7 shows the road capacity changes with proportion of cyber-attacked vehicles and cyber-attack severity. The severity level is 2% in Fig. 7(a) and 50% of vehicles on are considered to be cyber-attacked in Fig. 7(b). Basically, the capacity keeps dropping when more vehicles are cyber-attacked or the severity becomes higher. However, the difference in the traffic scenarios with cyber-attacked position and speed can be clearly observed. Specifically, the traffic reaches higher capacity if the speed is on cyber-attack, and the jerk tends to be zero when the proportion of cyber-attacked vehicles is over 60%, as shown in Fig. 7(a). However, during the investigation of cyber-attack severity in Fig. 7(b), two values of the jerk are both positive, which indicates that the transportation system   is more sensitive to the severity, especially when its value exceeds 4%.

B. SAFETY ANALYSIS
Taking the position-attacked scenario with 0.1% severity as reference group, changes of risky RCRI are summarized in Table 4. With the increase of severity, cyber-attack produces at least a 4-fold decrease in terms of RCRI when there is only 10% of vehicles are cyber-attacked. If all CAVs are on cyber-attack, changes of risky RCRI range from 27.5 to 79.4 times when cyber-attack severity increases from 0.1% to 32%. Generally, the higher the cyber-attack severity, the worse the traffic condition. Similarly, more attacked vehicles inevitably cause the serious deterioration of safety condition. For example, the cyber-attack severity increases to 0.5% or more and the proportion of cyber-attacked vehicles reaches 60%, the times of RCRI changes are all more than 50 in comparison with the reference group.
Based on RCRI values, the evaluation of safety level is distributed in Fig. 8. Cyber-attack severity is tested from 0 to 32%, as shown on the abscissa axis. The average safety levels of all CAVs with cyber-attacked position are summarized in Fig. 8(a), and Fig. 8(b) presents the traffic condition only under speed-attack. The most intuitive performance is that Level E/F is observed with high-proportion of cyberattack vehicles and high-level severity, since more attacked CAVs with high-level severity result in lower speeds. In this case, the following vehicles has less time to react in response to sudden deceleration of preceding vehicles. Fortunately, the traffic is still at lower risk, and safety level remains A in speed-attack scenarios, as shown in Fig. 8(b). Additionally, safety of the worst condition is assessed as Level C. It may be an acceptable result because of rare accidents under C-level driving conditions. Moreover, the critical value of cyber-attack severity for position is around 0.5% while 8% for speed. It is also directly proved that the transport system is much more sensitive to cyber-attacks on position than speed, which is consistent with the above findings. For example, when the proportion of attacked vehicles is 50% and the cyber-attack severity is 8%, average safety levels of the traffic under position and speed attacks are approximately C and A, respectively. In regard to the ordinate axis, boundary points for the two scenarios are P = 40% and P = 70%, which are similar to the phenomena drawn in Fig. 5 and Fig. 6. Moreover, the safety  levels in Fig. 8(b) rise rather less than that in Fig. 8(a) with the same amplitude in proportion of attacked vehicles.

C. RESULTS OF EMISSIONS AND FUEL CONSUMPTION
Nowadays, there is no doubt that traffic-related pollutants have direct impact on the globe climate and public health. Table 5 shows four main pollutants emitted by vehicles and fuel consumptions in 11 groups of traffic scenarios. Although tiny differences of emission rates are observed in Table 2, the total emission of four pollutants and fuel consumption keep monotonically decreasing during one type of experiments. The scenarios designed for various proportions of cyber-attack vehicles have a similar trend to that with different cyber-attack severities.
Specifically, emissions of HC and NO x are less than 1 g/veh while the mass CO 2 is always more than 520 g/veh. So, CO 2 is absolutely the main pollutant of vehicles. From the perspective of sum, the emission is increased by 70 g/veh when the proportion of cyber-attacked vehicles rises from 20% to 100%. The same phenomena can be observed in  the test for cyber-attack severity. However, only 10 g/veh fuel consumption compensates for cyber-attack. For example, the fuel consumption increases from 189.54 g/veh to 198.31 g/veh when the proportion of cyber-attacked vehicles is increased by 80%. The gap for fuel consumptions in two traffic scenarios is only 8.77 g/veh. Therefore, the transportation system still maintains relatively stable performance in total emissions and fuel consumption, although cyber-attack has negative but limited impact on these indexes.
To this end, further investigations are conducted to assess the changes of emissions and fuel consumption due to cyberattack. As shown in Fig. 9, whether the cyber-attack occurs on position or speed, the magnitudes of increase are generally VOLUME 8, 2020 below 20%. Obviously, changes of fuel consumption increase faster than emissions, meanwhile the gap widens gradually. Additionally, the maximum increases of fuel consumption exceed 16% both in the tests for two separate groups. In contrast, there is a 2%-13% increase during emission evaluation. Compared with the values of proportion of cyber-attacked vehicles P and cyber-attack severity S, the magnitudes of increase in emissions and fuel consumption are relatively smaller.

V. SENSITIVITY ANALYSIS
Sensitivity analysis is provided to study the effect of the parameters on simulation results. The parameters include cyber-attack range and traffic demand, which may affect both efficiency and safety of the transportation system. So, it needs a further exploration. Emissions and fuel consumption are not chosen as evaluation indexes in this section because the magnitude of changes caused by cyber-attack range and traffic demand is stably less than 20%, which is proved by the above experiments.

A. CYBER-ATTACK RANGE
Signal transmission is one of core technologies in the CAV industry, and the transmission range for communications between CAVs is the key performance indicator. We assume that if one road-side unit is cyber-attacked, there is a possibility of being attacked for all CAVs within the transmission range. On this basis, cyber-attack ranges are equal to the transmission distances. Three typical values are chosen to evaluate the impacts of cyber-attack range on average speeds, as shown in Fig. 10. They respectively represent the current, short-term and long-term levels in transmission technology.
Based on the above simulation results, we can draw several conclusions. Firstly, the longer the cyber-attack range, the lower the average speeds. It is interesting that improvement in transmission technology results in more negative effects on travel efficiency. Because long transmission distance leads to a large amount of CAVs under attack, it is reasonable that the average speeds decrease with the increase of cyber-attack range. Secondly, the traffic flow is more sensitive to the attacked position than speed, which is consistent with the above-mentioned experiments. Judging from the average level, CAVs in speed-attacked traffic are faster than that in position-attacked by 5 m/s-10 m/s. This is a big advantage in traffic efficiency and transport economy in terms of saving time. So, from a long-term perspective, improving the security of signal transmission becomes more vital in the future. Thirdly, the critical severity for distinguishing the speeds from the average is different from each other. Taking Fig. 10(a) as an example, we can easily find that the maximum severity of speeds below average for three traffic scenarios with different cyber-attack ranges is 2%, 2% and 4%, respectively. Therefore, avoiding severe cyber-attack on traffic flow becomes highly important when advanced communication technologies help more CAVs improve cooperation within a longer transmission range.
Identifying unsafe areas provides theoretical guidance for the management of automated highway systems in the foreseeable future. Fig. 11 shows the distribution of safety level along the influence area [800 m, 2000 m]. For each scenario, there is a noticeable difference between Level A and F. Specifically, safety level A is normally distributed upstream or downstream the bottleneck, while safety level F is centralized in the middle part with over 500-meter cyber-attack ranges ranged from 900 m to 1900 m. On the one hand, longer cyber-attack ranges directly lead to risky driving condition because it can bring about shorter time or space headway for the following vehicles and cause potential rear-end collisions in the same lane. On the other hand, it also avoids providing enough room for congestion dissipation and makes the driving situation worse over a longer period.
For each scenario with the same cyber-attack range, safety level shows a moderate decrease after a fast increase, and reaches the peak around x = 1500 m. From the perspective of location, the driving condition becomes more and more risky, and still maintains the momentum of worsening. Therefore, some control methods like VSL can be applied along the influence area for enough reaction time. Additionally, road-side units may send warning massages to CAVs and remind drivers to keep safe distance if allowed. From this point of view, traditional control technologies are a necessary complement for emergencies in the foreseeable transportation systems.

B. TRAFFIC DEMAND
With the popularity of CAVs, the increasing traffic demand will bring great pressure on transport system. In this section, we focus on the impact of traffic demand on travel efficiency and safety. For the sake of brevity, experiment results of position-attacked scenarios are only presented.
As shown in Fig. 12, with the increase of traffic demand from 1000 vph to 2000 vph, the average speeds decrease over 10 m/s under the same cyber-attack severity. The similar conclusion can be made if the cyber-attack severity is treated as independent variable. Specifically, all speeds in Fig. 12(a) are over 20 m/s while those are below 20 m/s in Fig. 12(c). Moreover, with the same increase of 500 vph, the 2000-vph  traffic performs much worse than the 1500-vph one according to the serious decline in speed. It explains that a large number of CAVs on the road are a big threat to traffic safety, and route guidance in advance is an effective measure to avoid the phenomenon. In addition, the trend of standard deviation of speed is same as the average. The maximum standard deviation reaches 18.6 m/s and is nearly equal to the average, as shown in Fig. 12(c). And thus, the big fluctuations in speed caused by cyber-attack appear frequently, which can reduce travel efficiency and traffic safety.
In order to imitate the real world, the experiments with consecutive traffic demand are conducted versus cyber-attack severity and range. As shown in Fig. 13, the lines for each scenario can be divided into three sections. First, the trend line of speed shows an approximately linear decreasing relationship with the flow before dropping, where the traffic still can be considered as the free flow. Second, the speeds drop sharply with the increase of traffic demand owing to the high-frequency cyber-attacks on CAVs. Ultimately, the average speeds all tend to reach a certain constant value. It's remarkable that the sensitive traffic demand always lies within the range [1000 vph, 2000 vph], where marginal utility is diminishing. What's more, the jam speeds in Fig. 13(a) range from 10 m/s to 18 m/s while the speed drop is only 4 m/s in Fig. 13(b). Therefore, compared with cyber-attack range, the severity should attract more attention from road administrators, and be controlled within a certain level if it happens.
The traffic demand is set to vary from 500 vph to 2500 vph with a 500-vph interval. Fig. 14 illustrates the safety level for five scenarios. The total and partial results respectively represent the whole road and the influence area [800 m, 2000 m]. Generally, the total road has at least two levels ahead of the partial. The safest level is A for the total while C for the partial. Moreover, the safety of the partial road is deteriorated to Level F when the traffic demand increases to 2500 vph. So, it should account for the high safety level of the total road, which indicates that solving local problems can improve safety the performance of overall situation.

VI. CONCLUSION
In this paper, we first design the traffic flow simulation experiment for cyber-attacks on CAVs, and then analyze impact of the proportion of attacked vehicles, cyber-attack severity, cyber-attack range and traffic demand. According to the performance on efficiency, safety, emissions and fuel consumption under different traffic conditions, the major results are concluded as follows: (1) Traffic congestions occur frequently and have significant negative effects on the cyber-attack area when the proportion of attacked vehicles are over 60% under positionattacked conditions. In contrast, the speed-attacked traffic is not sensitive to the proportion of attacked vehicles. The critical values of cyber-attack severity for the position-and speedattacked traffic are respectively 1% and 8%, from which the speeds decline dramatically. Compared with the stable traffic without cyber-attack, the decreases in average speed under speed-attacked conditions are nearly between one-fourth and one-third of that with attacked positions.
(2) In the influence area caused by cyber-attack, the safety condition gets worse and leads 2-3 levels than the whole road, especially in the position-attacked scenarios. Moreover, cyber-attack causes more 2-20% emissions and fuel consumption with the increase of cyber-attacked vehicles and cyber-attack severity.
(3) The longer cyber-attack range caused by the improvement of transmission technology results in more negative effects on traffic efficiency and safety. The average speeds approximately drop by 5 m/s with a 200-meter increase of cyber-attack range.
(4) Compared with the traffic below 1500 vph, the 2000-vph traffic demand results in striking decreases and big fluctuations in speeds. In addition, [1000 vph, 2000 vph] is the sensitive range for traffic demand management, where route guidance in advance may be necessary.
(5) From the view of attackers, vehicle's position may be the most potential attack target, and its severity over 1% can cause significant negative effects on travel efficiency and traffic safety. For the defenders, some control methods like VSL can be applied along the influence area for enough reaction time. Additionally, road-side units may send warning massages to CAVs and remind drivers to keep safe distance if unknown attack occurs. There, if the security cannot be guaranteed completely, the control right of CAV should be controlled by the driver to support emergency response.
In our future work, the following aspects need special attention: (1) This study only focuses on one-lane road, and hence, other types of highway shall be analyzed in future research, including on-ramps and off-ramps. (2) The traffic system contains many variables. Future research could investigate the scenarios that both positions and speeds are attacked. (3) Lane-changings are a common phenomenon in the realistic world, and further research is required to explore impacts of lane-changings on the cyber-attacked traffic system.