AI-Enabled Low-Level Signal Anomaly Detection in Virtualized Electronic Architectures for Autonomous Vehicles

Abstract

The safety of autonomous vehicles depends not only on perception and planning, but also on the correctness of low-level electronic signals that connect controllers and actuators. Errors at this interface, caused by hardware degradation, timing violations, software faults, or unexpected interactions, can lead to unsafe behavior even when high-level autonomy functions operate correctly. Existing safety mechanisms primarily focus on system behavior, trajectories, or controller design, leaving actuator-bound command streams largely unmonitored. This paper proposes a low-level, AI-enabled anomaly-detection layer for autonomous vehicle architectures. The core idea is to embed a lightweight observer within a virtualized master controller to monitor control-signal streams in real time without interfering with the primary control logic. The proposed framework combines a stacked LSTM sequence classifier with rule-based safety constraints and context-aware monitoring to detect physically implausible or temporally inconsistent command behavior before actuation. A proof-of-concept simulation study was conducted to evaluate the practicality of the approach using overtaking scenarios in a co-simulated high-level and low-level environment. The results show that the proposed concept can identify severe abnormal low-level behavior and provide preliminary warning/error indications, supporting its potential as a complementary safety layer at the control-to-actuation interface.

1. Introduction

Autonomous vehicles (AVs) rely on a layered software and electronics stack. Perception modules estimate the environment; planning modules compute trajectories, and controllers translate those trajectories into actuator commands. Safety research has therefore focused heavily on perception failures, trajectory feasibility, motion planning, and formal control assurance. However, the final stage of command delivery—the low-level signal path between the controller and the actuator—is often treated as an implementation detail rather than as a distinct safety surface.

This omission matters because many hazardous conditions originate below the planning layer. Examples include corrupted CAN or Ethernet frames, stale or duplicated commands, timing jitter, saturation, sudden sign inversions, and conflicts between concurrent control sources. A command can appear reasonable at the trajectory level and still be unsafe when mapped to the actual steering, braking, or propulsion interface. For safety-critical systems, the ability to detect such issues early is essential.

The literature already provides several layers of protection. Runtime monitoring can observe whether system behavior remains within expected bounds [1,2,3,4,5,6]. Runtime enforcement and recovery systems can block or repair unsafe trajectories [7]. Simplex-style safety architectures switch to a verified fallback controller when risk is detected [8]. Control-theoretic approaches, including adaptive control barrier functions, add formal safety constraints to the controller design itself [9,10]. Functional safety monitors and redundancy mechanisms provide additional protection at the system level [11,12]. Yet these methods do not directly address whether the actuator-bound command stream is physically and contextually valid at the point of execution.

This paper contributes a complementary perspective: instead of monitoring only the environment, the plan, or the controller, we monitor the low-level signal interface itself and explicitly evaluate the physical plausibility and contextual consistency of control commands. We propose an AI-enabled observer embedded in a virtualized master controller that continuously validates actuator-bound signals against learned normal patterns and explicit safety constraints. The goal is not to replace existing safety mechanisms but to add a lightweight, local, real-time signal-validation layer that can catch anomalies before they reach the physical plant.

The remainder of the article is organized as follows. Section 2 reviews related work and positions the contribution. Section 3 introduces the proposed architecture and problem formulation, together with the iseAuto autonomous-shuttle use case. Section 4 presents the simulation validation experiments, including the LSTM-based localization-disagreement study. Section 5 discusses benefits, limitations, and future work. Section 6 concludes the paper.

2. Related Work

Safety assurance in AVs has been addressed from multiple complementary directions, including runtime monitoring, runtime enforcement, control-theoretic safety, and system-level assurance. These approaches differ in where safety is enforced within the autonomy stack and which system elements are monitored.

Runtime Monitoring of Vehicle Behavior: Runtime monitoring techniques observe system execution and compare it against temporal logic specifications, automata, or scenario-based requirements. Recent studies have demonstrated that monitoring can be adapted for autonomous driving functions, including context-aware safety checks and complex-scenario monitoring [3,5,6]. A related automotive safety monitor validates functional safety properties directly on the control network [2]. These works show that post-deployment observation is valuable, but they focus on system behavior rather than the validity of the command signal itself.

Runtime Enforcement and Safety Assurance Architectures: Runtime enforcement extends monitoring by modifying or rejecting unsafe behavior before it affects the physical world. REDriver, for example, performs runtime enforcement for AVs and can intervene when planned behavior violates safety constraints [7]. Simplex-inspired architectures combine a high-performance controller with a verified safe controller and a switching logic to preserve safety under risky conditions [8]. Such approaches are effective at the trajectory or controller level, but they do not directly validate the semantics of the actuator command stream.

Safety-Critical Control and Observer-Based Methods: Control barrier functions provide elegant formal guarantees by keeping system states within safe sets. Recent work has combined disturbance observers with adaptive CBFs to improve robustness under uncertainty [9,10]. These methods are effective when safety can be encoded in the controller synthesis problem. Still, they are not designed to serve as external monitors for signals generated elsewhere in the stack.

Functional Safety, Integrity Monitoring, and Cybersecurity: Functional safety approaches often rely on redundancy, cross-checking, and certified control logic. Certified control proposes a verifiable architecture for AVs [11], while steer-by-wire safety designs emphasize redundant sensing and actuation pathways [12]. In parallel, integrity monitoring techniques validate navigation and positioning data [13], and intrusion detection systems attempt to protect vehicular networks from malicious traffic [14]. These methods are valuable, but they primarily address sensor trust and network security rather than low-level command plausibility.

CAN Bus and In-Vehicle Intrusion Detection Systems: Recent intrusion detection research for in-vehicle networks and Internet-of-Vehicles (IoV) systems has increasingly focused on CAN-bus anomaly detection, replay attacks, timing irregularities, and telemetry-level intrusion monitoring. Existing approaches include lightweight statistical IDS methods, deep learning-based CAN anomaly detectors, LSTM autoencoders, transformer-based architectures, and hybrid intrusion detection systems that operate on sequential vehicular communication data. These methods are effective for detecting communication-level intrusions and protocol anomalies. Still, they primarily operate at the message or network level and do not explicitly reason about the physical plausibility or contextual validity of actuator-bound control commands [15,16].

AI Safety Assurance and System-Level Monitoring: The broader AI safety literature increasingly emphasizes lifecycle assurance, runtime monitoring, and structured validation workflows [17]. Safety ArtISt shows how safety-critical AI systems can be designed and assured, including FPGA-based implementations for vehicle braking control [18]. At the system level, monitoring approaches such as SPARQ assess trajectory safety under perception failures and compute recovery actions [19]. Again, these are important safety layers, but they operate above the low-level signal interface.

The reviewed literature suggests five major classes of protection: runtime monitoring, runtime enforcement, controller-level switching, control-theoretic safety, and functional safety or cybersecurity supervision. None of them explicitly targets the validation of actuator-bound commands as a dedicated low-level observation task. That gap motivates the architecture proposed in this paper.

3. Proposed Low-Level Safety Observer Framework

3.1. System Architecture

AVs are typically organized into a layered control architecture, in which perception, planning, and control modules operate hierarchically. At the end, the control module converts the motion-planning decisions into low-level commands, such as steering angle, throttle, and braking signals, which are ultimately executed by the vehicle actuators. While this modular structure enables flexibility and scalability, it also introduces potential safety risks at the interfaces between layers. In particular, the transformation from high-level trajectory to actuator commands represents a critical stage, as errors or inconsistencies at this level can directly affect vehicle behavior. Existing safety mechanisms primarily focus on validating trajectories or supervising controllers, but the command-level interface itself remains largely unmonitored.

To address this limitation, we propose integrating a low-level safety observer at the interface between the control module and the actuators. The role of this observer is to monitor the stream of control commands generated by the controller and to assess their consistency with the current vehicle state and safety constraints before execution. Figure 1 illustrates the proposed placement of the observer within the AV control stack. The planner produces a trajectory; the controller converts that trajectory into actuator commands, and the observer inspects the command stream before those commands reach the actuators. The observer may also ingest sensor feedback, state estimates, and bus-level timing information to compare commanded behavior with the current vehicle context.

The virtualization layer is important because it separates monitoring from primary control tasks. In a virtualized master controller, the observer can execute as a lightweight co-resident service or as a logically isolated safety module. This allows the anomaly detector to observe traffic without directly inheriting the main controller’s complexity or failure modes.

3.2. Problem Formulation

Let $t\in \mathbb{N}$ denote the discrete-time index of the monitoring system. At each time step, let ${\mathbf{u}}_t\in {\mathbb{R}}^m$ denote the control command vector issued to the vehicle, where m is the number of command channels. In this work, ${\mathbf{u}}_t$ may include steering-angle requests, brake-pressure requests, and throttle requests, depending on the actuator interface. Also, let ${\mathbf{x}}_t\in {\mathbb{R}}^n$ denote the estimated vehicle state vector at time t, where n is the number of state variables. The vector ${\mathbf{x}}_t$ may include vehicle speed, yaw rate, longitudinal acceleration, lateral acceleration, and selected actuator feedback signals. Then, let ${\mathbf{z}}_t\in {\mathbb{R}}^p$ denote the communication metadata vector, where p is the number of metadata features. This vector may include message periodicity, communication delay, packet sequence consistency, and other timing-related indicators. To detect abnormal behavior, the observer evaluates a sliding window of recent samples:

$${\mathcal{W}}_t=\{({\mathbf{u}}_{t-k},{\mathbf{x}}_{t-k},{\mathbf{z}}_{t-k}),\dots ,({\mathbf{u}}_t,{\mathbf{x}}_t,{\mathbf{z}}_t)\},$$

where $k\in \mathbb{N}$ is the window length. The window ${\mathcal{W}}_t$ captures the joint temporal evolution of control, state, and communication signals over $k+1$ time steps. A learned detector assigns an anomaly score to this window:

$$s_t=f_{\theta }\left({\mathcal{W}}_t\right),$$

where $f_{\theta }:{\mathbb{R}}^{(m+n+p)\times (k+1)}\to \mathbb{R}$ is a parametric function with parameters $\theta$. The score $s_t\in \mathbb{R}$ quantifies the degree of deviation from nominal behavior, with larger values indicating higher anomaly likelihood.

A command is considered unsafe if it violates at least one of the following conditions: (i) physical feasibility constraints (e.g., actuator limits), (ii) consistency with the current vehicle state, (iii) compatibility with other active command sources, or (iv) temporal consistency of communication patterns (e.g., absence of corruption, duplication, or replay). The decision rule is formulated as a binary classification problem:

$${\widehat{y}}_t=\mathbb{I}(s_t>\tau ),$$

where $\tau \in \mathbb{R}$ is the detection threshold, $\mathbb{I}(·)$ is the indicator function, and ${\widehat{y}}_t\in \{0,1\}$ is the decision variable. Specifically, ${\widehat{y}}_t=1$ denotes an anomaly alert, while ${\widehat{y}}_t=0$ indicates nominal behavior.

3.3. Observer Concept and Design

The proposed observer combines three complementary mechanisms: a data-driven detector, a rule-based guardrail layer, and a context adaptation module.

Data-driven model: The temporal learning component captures the distribution of nominal signal sequences and provides a learned estimate of abnormal behavior. In the proposed framework, this module can be realized by a lightweight recurrent sequence model, such as an LSTM, that processes multivariate control, state, and communication signals over time [20]. Rather than relying on a fixed handcrafted model, the learned detector assigns an anomaly score or class label based on deviations from nominal temporal patterns. During operation, abnormal behavior is identified when the observed sequence departs from the learned normal dynamics and violates the accompanying rule-based constraints. The parameter vector $\theta$ is learned from nominal training data and may be supplemented with synthetic fault scenarios for robustness testing.

Rule-based guardrails: A deterministic function $g\left({\mathcal{W}}_t\right)$ encodes explicit safety and consistency constraints. This function evaluates whether the observed signals satisfy predefined invariants such as steering rate limits, brake–throttle exclusivity, bounded actuator rates, and maximum communication jitter. Formally, $g:{\mathbb{R}}^{(m+n+p)\times (k+1)}\to \mathbb{R}$ produces a scalar consistency score, where higher values indicate greater deviation from rule-based expectations. For example, the rule-based score can be expressed as

$$g\left({\mathcal{W}}_t\right)=w_{\delta }{r}_{\delta }\left({\mathcal{W}}_t\right)+w_{bt}{r}_{bt}\left({\mathcal{W}}_t\right)+w_{\Delta u}{r}_{\Delta u}\left({\mathcal{W}}_t\right)+w_j{r}_j\left({\mathcal{W}}_t\right)$$

where $r_{\delta }$ penalizes steering-angle or steering-rate violations, $r_{bt}$ penalizes simultaneous brake and throttle activation, $r_{\Delta u}$ penalizes actuator command-rate violations, and $r_j$ penalizes communication-jitter or message-timing violations. The weights $w_{\delta }$, $w_{bt}$, $w_{\Delta u}$, and $w_j$ can be selected during validation according to the relative safety importance of each rule.

Context adaptation: Context-aware temporal modeling has become increasingly important in autonomous driving systems, where command validity depends strongly on vehicle dynamics, traffic conditions, maneuver intent, and surrounding environment behavior. Sequence-based prediction and control frameworks increasingly rely on contextual temporal reasoning to maintain consistent decision-making under dynamic traffic conditions [21]. Incorporating contextual information into the observer, therefore, helps distinguish aggressive but valid control behavior from genuinely unsafe or anomalous commands. Let ${\mathbf{c}}_t\in {\mathbb{R}}^q$ denote a context vector describing the current driving condition, where q is the number of context features (e.g., speed regime, maneuver type, traffic condition). The detector can be conditioned on ${\mathbf{c}}_t$ either explicitly, by extending the input to $f_{\theta }$, or implicitly, by adapting thresholds or model parameters.

The overall monitoring function is defined as a hybrid combination:

$$\mathcal{M}\left({\mathcal{W}}_t\right)=\alpha f_{\theta }\left({\mathcal{W}}_t\right)+(1-\alpha )g\left({\mathcal{W}}_t\right),$$

where $\mathcal{M}\left({\mathcal{W}}_t\right)\in \mathbb{R}$ is the combined anomaly score, and $\alpha \in [0,1]$ is a mixing coefficient that balances the contribution of the learned model and the rule-based component. A larger $\alpha$ emphasizes data-driven detection, while a smaller $\alpha$ prioritizes interpretable rule enforcement.

Hybrid anomaly detection architectures combining statistical learning with rule-based or observer-based reasoning have shown strong effectiveness in cyber-physical intrusion detection systems operating under real-time and embedded-system constraints [15,16]. In particular, lightweight first-stage filtering combined with deeper anomaly analysis has been shown to improve both latency and robustness in safety-critical environments.

Figure 2 provides a schematic overview of the proposed observer, illustrating how control inputs, vehicle state, and communication metadata are aggregated and processed through both learned and rule-based components to produce a final safety decision. The final decision can equivalently be written as

$${\widehat{y}}_t=\mathbb{I}(\mathcal{M}\left({\mathcal{W}}_t\right)>\tau ),$$

ensuring consistency between the learned and hybrid formulations.

3.4. Representative Implementation Assumptions

To provide a concrete yet implementation-agnostic description of the proposed observer, the framework may operate on low-level vehicular control streams sampled at automotive rates and analyzed using a short sliding window to capture temporal inconsistencies while keeping inference latency low. Representative input signals include steering, throttle, brake, vehicle-state feedback, and communication timing metadata. The observer combines these signals with explicit physical and contextual constraints, such as actuator limits, brake–throttle exclusivity, and timing consistency, to assess whether a command sequence is plausible before actuation.

The parameter $\tau$ denotes the decision threshold applied to the observer score $\mathcal{M}\left({\mathcal{W}}_t\right)$, which represents the hybrid anomaly score produced by the observer by combining the learned temporal detector and the rule-based safety constraints. Larger values of $\mathcal{M}\left({\mathcal{W}}_t\right)$ indicate a higher likelihood that the observed command sequence is abnormal or unsafe. It is selected during validation to balance sensitivity and false-alarm rate.

3.5. Safety Monitoring and Intervention Strategy

Detection alone is insufficient; the observer must also define appropriate responses to anomalies. Let ${\widehat{y}}_t=1$ indicate a detected anomaly associated with the observer confidence score $\mathcal{M}\left({\mathcal{W}}_t\right)$. This score quantifies the severity and confidence of the detected anomaly based on both temporal sequence deviation and rule-based consistency violations. We define three levels of intervention:

• Reject: The current command ${\mathbf{u}}_t$ is discarded, and the system retains the last validated safe command ${\mathbf{u}}_{t-1}^{\mathrm{safe}}$.
• Modify: The command is projected onto a safe set ${\mathcal{U}}_{\mathrm{safe}}\subseteq {\mathbb{R}}^m$:

  $${\tilde{\mathbf{u}}}_t={\mathsf{\Pi }}_{{\mathcal{U}}_{\mathrm{safe}}}\left({\mathbf{u}}_t\right),$$

  where ${\mathsf{\Pi }}_{{\mathcal{U}}_{\mathrm{safe}}}(·)$ denotes a projection operator enforcing constraints such as magnitude limits or rate bounds.
• Override: The observer replaces the command with a fallback control ${\mathbf{u}}_t^{\mathrm{fb}}$, generated by a verified safety controller or predefined safe policy.

The choice of intervention depends on the anomaly score and its associated confidence. Low-confidence deviations may trigger mild corrective actions (e.g., modification or logging), while high-confidence violations result in immediate rejection or override. This hierarchical strategy enables the observer to act as a real-time safety barrier between high-level software commands and physical actuation, ensuring both robustness and operational continuity.

3.6. Use Case: Low-Level Safety Observation in an Autonomous Shuttle

To demonstrate the practical relevance of the proposed low-level safety observer, we consider the iseAuto autonomous shuttle, a Level 4 (L4) vehicle developed as an open research platform for last-mile mobility applications [22]. The system follows a layered autonomy architecture in which high-level decision-making is clearly separated from low-level control.

At the high level, the shuttle utilizes the Autoware universe software stack [23], which provides functionality for perception, localization, planning, and trajectory generation. Based on sensor data and environmental interpretation, Autoware generates motion commands, including desired velocity, steering angle, and braking inputs. These commands are then transmitted to the lower-level control system via a communication interface.

At the lower level, the control architecture is organized around a master controller that serves as an interface between the high-level software and the vehicle actuators. As illustrated in Figure 3, the master controller receives commands from the Autoware stack and distributes them to dedicated function-based controllers responsible for steering, braking, and propulsion. While this modular structure enhances system flexibility, it also introduces a critical interface at which command validity must be verified prior to actuation.

Experimental operation of the iseAuto shuttle indicates that anomalies can arise at the interface between high-level command generation and low-level execution. These anomalies are not necessarily caused by faults in the control logic itself, but may also result from localization errors, planning inconsistencies, or communication delays that produce commands inconsistent with the current vehicle state. Because the master controller forwards commands directly to the drive controller, such discrepancies can immediately affect the vehicle’s physical behavior. The proposed low-level safety observer is therefore placed at this interface to monitor actuator-bound commands before execution and to identify physically implausible or context-inconsistent behavior in real time.

To support development and evaluation, a CARLA (0.9.13)-MATLAB/Simulink (2022b) co-simulation framework was established in which the high-level autonomy stack is simulated in CARLA, and the low-level control and CAN communication are modeled in Simulink. This setup enables controlled testing of localization faults, command inconsistencies, and other abnormal operating conditions, while the iseAuto platform provides a representative use case for demonstrating how a low-level monitoring layer can improve safety by detecting anomalies that may remain invisible to higher-level autonomy modules.

4. Validation and Use Cases

Although the proposed observer framework is primarily architectural, preliminary proof-of-concept experiments were conducted to evaluate the feasibility of low-level anomaly detection under representative abnormal operating conditions. In addition to conceptual fault analysis, the experiments demonstrate the capability of the observer to identify localization disagreement anomalies and threshold violations using an LSTM-based anomaly detection model.

4.1. Illustrative Fault Scenarios

Three representative fault classes illustrate the design, reflecting common safety and reliability concerns in vehicle control, functional safety, and networked automotive systems [24].

Excessive steering command: Suppose the planner requests a lane-change maneuver and the controller outputs a steering command that exceeds the allowable rate or angle given the current vehicle speed. Even if the planned trajectory is feasible, the low-level command may violate physical constraints of the vehicle dynamics. The observer detects such violations by comparing the command against state-dependent bounds derived from vehicle models and actuator limitations [25].

Braking inconsistency: Consider a case in which the brake command rises abruptly while the throttle remains active, or while the inferred longitudinal dynamics do not support the corresponding deceleration. This represents a logical inconsistency between control inputs and the expected system response. The observer identifies such contradictions using rule-based constraints (e.g., brake–throttle exclusivity) combined with expected vehicle behavior models [24,25].

Conflicting or stale commands: In a virtualized or networked controller, duplicate packets or delayed messages may cause multiple control sources to issue inconsistent updates. The observer monitors timestamps, sequence numbers, and temporal regularity to detect replay, staleness, or race conditions. Such issues are well documented in automotive network security and reliability analyses [26].

Additional scenarios include message corruption, actuator saturation, and sensor-driven feedback mismatch. These phenomena arise in practice due to communication faults, physical actuator limits, and sensing or estimation errors in complex automotive systems [25,26]. In all cases, the distinguishing feature is that the observer evaluates the plausibility of low-level signals and their consistency with system dynamics, rather than relying solely on high-level trajectory validity. This enables the detection of subtle inconsistencies that may not be visible at the planning level.

4.2. Expected Behavior of the Observer

Table 1. Conceptual comparison of the proposed observer with adjacent safety mechanisms.

Approach	Main Focus	Gap Addressed by This Paper
Runtime monitoring	Detects behavioral deviations at the system or requirement level	Does not directly validate actuator-bound commands
Runtime enforcement	Blocks or repairs unsafe trajectories	Operates above the signal interface
Simplex/fallback switching	Switches to a safe controller	Does not inspect command plausibility in detail
Control barrier functions	Enforces safety in controller synthesis	Requires safety to be encoded in the controller design
Functional safety/redundancy	Protects the overall system against faults	Does not isolate low-level command anomalies

summarizes the intended behavior of the proposed observer relative to existing approaches.

The proposed observer is expected to detect physically impossible command sequences, context-inconsistent actions, and communication-level anomalies. After detection, it should either suppress the command or transform it into a safe fallback action with minimal latency. This makes it useful as a final-line defense for actuation integrity.

4.3. Preliminary Experimental Evaluation

To provide an initial quantitative evaluation of the proposed observer, we conducted a sequence-classification experiment using localization-disagreement data derived from 400 simulated autonomous-driving overtaking scenarios. TalTech iseAuto simulation platform was used in conducting software-in-the-loop simulations [22]. The data were generated in a high- and low-level co-simulation environment during an overtaking maneuver.

The implemented monitoring network, shown in Figure 4, consisted of a stacked LSTM sequence classifier with two LSTM layers containing 128 and 64 hidden units, respectively. Each LSTM layer was followed by dropout regularization with a dropout probability of 0.2. The network output was passed to a fully connected layer, a softmax layer, and a classification layer to produce frame-wise labels over three classes: normal, warning, and error. The input features consisted of steering, steering rate, throttle, and throttle rate. The signals were grouped scenario-wise, and z-score normalization was applied using the mean and standard deviation computed from the training set.

Although the general framework is formulated using a sliding window $W_t$, the present offline validation used full scenario-wise sequences rather than a fixed-length sliding window. In an online implementation, the LSTM monitor can be applied using a rolling buffer of recent samples, with the buffer length selected according to latency and memory constraints.

The network was trained using the Adam optimizer with a learning rate of 0.001, a mini-batch size of 10, and 60 epochs, reaching a final validation accuracy of approximately 99.90%. The training set contained 320 scenarios, and the remaining 80 scenarios were reserved for validation.

Table 2. Confusion matrix obtained during validation of the proposed LSTM-based localization monitor.

	Predicted Class
True Class	Normal	Warning	Error
Normal	40,841	5	8
Warning	10	2	2
Error	13	3	1153

summarizes the class-wise validation performance. The model correctly identifies most normal and error frames, while warning frames remain more difficult to classify due to the narrow transition region between nominal operation and severe localization failure.

The validation dataset was highly imbalanced, as nominal driving occupied most frames while warning-level localization disagreement appeared only during short transitional intervals before severe localization loss. Specifically, the validation set contained 40,854 normal frames, 1169 error frames, and only 14 warning frames, corresponding to 97.19%, 2.78%, and 0.033% of the validation data, respectively. Therefore, overall accuracy alone is not sufficient to characterize the model’s performance. No class weighting, oversampling, or undersampling was applied in this proof-of-concept experiment; instead, the effect of class imbalance was explicitly analyzed using balanced accuracy, macro-F1 score, class-wise recall, and false-alarm rate.

The results show that the proposed LSTM monitor reliably separates normal and error states, with an error-class recall of 98.63% and a low false-alarm rate of 0.032%. However, the class-balanced metrics reveal the effect of severe class imbalance. In the validation set, warning frames represented only 14 out of 42,037 frames, corresponding to 0.033% of the validation data. Consequently, warning-class recall was only 14.29%, and the macro-F1 score was 71.84%, despite the high overall accuracy. These results indicate that the present model is effective for detecting severe localization-disagreement events, but the warning class should be interpreted as a preliminary transition indicator rather than a fully validated class.

In addition to frame-level classification metrics, event-level detection delay was evaluated to estimate how quickly the monitor reacted after the localization disagreement crossed the warning or error threshold. Detection delay was computed as the time difference between the first threshold crossing and the first corresponding monitor prediction within the same event. Since the validation data were sampled at 20 Hz, each frame corresponds to 0.05 s. For detected events, the mean delay was 0.036 s for error-threshold events and 0.050 s for warning-or-higher events. These values indicate that, when an event was detected, the monitor typically reacted within one frame after the threshold crossing.

To visually check the model’s performance, it is implemented on the full validation set and is shown in Figure 5. It produces frame-wise warning and error marks on the figure, indicating localization disagreements when the disagreement exceeds 1.0 m and 1.5 m, respectively. At the episode level, the validation set contained seven main localization-disagreement episodes exceeding the 1.5 m error threshold. The monitor produced error-level detections for all seven episodes. A stricter frame-contiguity definition splits two of these episodes into additional short threshold-crossing segments; under this stricter definition, 7 of 9 error segments were detected. The missed segments were short, lasting 10 frames and 1 frame, respectively.

However, as also reflected in the confusion matrix, the model remains less reliable in identifying the warning state, since the intermediate region between nominal operation and severe localization failure is narrow and contains fewer representative samples. As a result, most warning-level transitions are absorbed into either the normal or error class rather than being predicted explicitly as a warning.

To further examine the observer’s behavior around failure transitions, Figure 6 presents two zoomed-in scenarios extracted from the validation set. These cases illustrate how the disagreement signal evolves from nominal behavior toward degraded localization and how the observer reacts as the signal approaches the predefined thresholds. The first example highlights a sharp increase in disagreement, with the monitor indicating abnormal behavior the moment the critical error threshold is reached. In the second scenario, there is a brief initial spike that exceeds the error threshold before returning to normal levels. A few frames later, a more significant degradation occurs, during which the disagreement rapidly enters the error region and is consistently detected by the model. These two representative scenarios show that the model can detect severe localization-loss regions once the disagreement exceeds the established error threshold.

A second zoomed-in example is shown in Figure 7, where the proposed monitor could identify a warning state before the localization disagreement reaches the critical error threshold. In this case, the disagreement signal gradually increases, and the LSTM predicts a warning transition even though the trajectory remains below the 1.5 m error limit. This example illustrates the desired warning behavior of the observer: in some cases, the model identifies a warning transition before the localization disagreement reaches the critical error threshold. However, this behavior was not consistent across all warning-level samples, as reflected by the low warning-class recall in

Table 3. Validation performance of the LSTM-based localization monitor.

Metric	Value
Validation frames	42,037
Normal/Warning/Error frames	40,854/14/1169
Overall accuracy	99.90%
Balanced accuracy	70.96%
Macro-F1 score	71.84%
Error-class recall	98.63%
Warning-class recall	14.29%
False-alarm rate	0.032%
Error-event detection rate	77.78%
Warning-or-higher event detection rate	58.33%
Mean error-event detection delay	0.036 s
Mean warning-or-higher detection delay	0.050 s

.

5. Discussion

The proposed low-level safety observer offers a complementary perspective to existing safety mechanisms in AVs by focusing on actuator-bound signal plausibility and the monitoring of temporal consistency. Unlike conventional runtime monitoring or network-level intrusion detection approaches, the observer operates directly at the control-to-actuation interface, combining temporal sequence learning with explicit threshold-based safety reasoning.

The proof-of-concept experiments indicate that the proposed LSTM-based localization monitor can successfully learn temporal patterns associated with nominal and degraded localization behavior. The model converged rapidly during training and achieved high validation accuracy on the held-out scenario set, demonstrating the feasibility of lightweight temporal learning for low-level vehicular signal monitoring, as suggested in recent research [15,16]. At the same time, the class-wise results show that warning states remain more difficult to identify than normal and error states, mainly because the transition region between nominal operation and critical localization degradation is narrow and underrepresented in the data.

5.1. Advantages

The main advantage of the proposed framework is its independence from the internals of high-level planning or control. Because it observes the low-level interface directly, it can complement existing autonomy stacks without requiring a full redesign. Its modular placement within a virtualized controller also supports incremental adoption. A second advantage is interpretability. The observer combines learned temporal classification with explicit warning and error thresholds, which is preferable in safety-critical applications where purely black-box decisions may be difficult to justify. A third advantage is scalability: once the low-level interface is instrumented, the same design pattern can be extended to steering, braking, throttle, and other actuator channels.

The experimental results also demonstrate the practical usefulness of combining learned temporal behavior with threshold-based safety reasoning. The observer can distinguish nominal and abnormal operating regions and provide frame-wise warning and error labels based on localization disagreement. This hybrid strategy improves interpretability while preserving the flexibility of data-driven sequence modeling.

5.2. Limitations

Despite the promising preliminary results, several limitations must be acknowledged. First, the current experimental validation is limited to simulated overtaking scenarios in a CARLA–MATLAB/Simulink co-simulation environment. Although these experiments demonstrate feasibility, they do not yet represent deployment-level validation under real-world driving conditions. Real-world vehicle experiments, hardware-in-the-loop validation, and embedded latency measurements remain future work and were outside the scope of the current proof-of-concept study. Second, the learned detector depends on the coverage of nominal and degraded sequences in the training data. Rare or previously unseen faults may remain difficult to detect if they are not sufficiently represented in the dataset. This is especially relevant for the warning class, which occupies a narrow transition region and is therefore harder to learn reliably.

Third, the current experiments primarily evaluate detection performance rather than full closed-loop safety behavior. Additional investigation is required to analyze how intervention strategies such as reject, modify, and override affect vehicle stability, control smoothness, and operational safety during dynamic maneuvers. Lastly, the present implementation focuses on localization disagreement and on representative low-level control signals. Future studies should extend the evaluation to broader categories of actuator, communication, and sensor-related anomalies.

5.3. Future Work

Future work should focus on three main key directions. One is the development of an end-to-end observer trained with broader fault data and validated in a digital-twin environment. Another is real-time deployment on an embedded automotive platform, together with latency and power measurements. A third is formal analysis of the intervention policy, including safety guarantees for reject, modify, and override actions. Future research should also explore lightweight deployment strategies suitable for resource-constrained automotive platforms. Model compression, quantization, pruning, and edge-oriented inference optimization may reduce latency and computational overhead while preserving acceptable detection accuracy [16]. Systematic benchmarking against alternative runtime monitoring approaches, including rule-based monitors, statistical anomaly detectors, and lightweight transformer-based sequence models, is another topic for further investigation.

Additionally, future experimental work should involve larger-scale fault-injection campaigns that employ realistic CAN traffic, actuator-level anomalies, and network timing inconsistencies. Also, conducting hardware-in-the-loop and embedded deployment experiments would offer more comprehensive insights into real-time latency, computational costs, and practical feasibility. Overall, the proposed observer can be viewed as an additional safety layer that enhances the assurance of AVs by detecting low-level inconsistencies before they result in unsafe actuation.

6. Conclusions

This paper presented a low-level safety observer for AV electronic architectures, with a particular focus on actuator-bound command monitoring at the control-to-actuation interface. The proposed framework complements existing runtime monitoring, enforcement, and control-theoretic safety methods by evaluating command plausibility, temporal consistency, and contextual compatibility before actuation. To assess feasibility, an initial study was conducted using an LSTM-based sequence classifier on localization-disagreement scenarios generated in a simulation environment of a real autonomous driving vehicle. The experimental results indicate that the proposed observer can identify severe localization-disagreement events with high error-class recall and low false-alarm rate. However, warning-level transitions remain difficult to detect reliably because this class is severely underrepresented in the validation data. These findings demonstrate the practicality of lightweight temporal learning for low-level monitoring while also identifying the need for improved warning-state data generation and class-balancing strategies.

The results support the idea that data-driven sequence modeling, combined with explicit safety constraints, can serve as an effective complementary safety layer for AV architectures. At the same time, the current evaluation remains preliminary and simulation-based, so further work is needed to validate the approach under embedded deployment conditions, larger fault sets, and real-time automotive constraints. Future developments will therefore focus on larger-scale validation, hardware deployment, latency analysis, and formal analysis of the intervention logic, with the long-term goal of incorporating low-level observers as a standard component of AV assurance frameworks.