The vehicular Metaverse represents an emerging paradigm that merges vehicular communications with virtual environments, integrating real-world data to enhance in-vehicle services. However, this integration faces critical security challenges, particularly in the data collection layer where malicious sensing IoT (SIoT) devices can compromise service quality through data poisoning attacks. The security aspects of the Metaverse services should be well addressed both when creating the digital twins of the physical systems and when delivering the virtual service to the vehicular Metaverse users (VMUs). This paper introduces vehicular Metaverse guard (VMGuard), a novel four-layer security framework that protects vehicular Metaverse systems from data poisoning attacks. Specifically, when the virtual service providers (VSPs) collect data about physical environment through SIoT devices in the field, the delivered content might be tampered. Malicious SIoT devices with moral hazard might have private incentives to provide poisoned data to the VSP to degrade the service quality (QoS) and user experience (QoE) of the VMUs. The proposed framework implements a reputation-based incentive mechanism that leverages user feedback and subjective logic modeling to assess the trustworthiness of participating SIoT devices. More precisely, the framework entails the use of reputation scores assigned to participating SIoT devices based on their historical engagements with the VSPs. Ultimately, we validate our proposed model using comprehensive simulations. Our key findings indicate that our mechanism effectively prevents the initiation of poisoning attacks by malicious SIoT devices. Additionally, our system ensures that reliable SIoT devices, previously missclassified, are not barred from participating in future rounds of the market.

翻译：车载元宇宙是一种将车联网通信与虚拟环境相融合的新兴范式，其通过整合现实世界数据以增强车内服务。然而，这种融合面临着严峻的安全挑战，尤其是在数据采集层，恶意传感物联网设备可能通过数据投毒攻击破坏服务质量。无论是创建物理系统的数字孪生体，还是向车载元宇宙用户提供虚拟服务时，都必须妥善解决元宇宙服务的安全问题。本文提出了车载元宇宙防护框架，这是一种新颖的四层安全框架，旨在保护车载元宇宙系统免受数据投毒攻击。具体而言，当虚拟服务提供商通过现场传感物联网设备采集物理环境数据时，所传输的内容可能被篡改。存在道德风险的恶意传感物联网设备可能出于私人动机向虚拟服务提供商提供投毒数据，从而降低车载元宇宙用户的服务质量与体验质量。该框架实现了一种基于信誉的激励机制，利用用户反馈和主观逻辑建模来评估参与传感物联网设备的可信度。更准确地说，该框架要求根据参与传感物联网设备与虚拟服务提供商的历史交互记录为其分配信誉评分。最终，我们通过综合仿真验证了所提模型。主要研究结果表明，该机制能有效阻止恶意传感物联网设备发起投毒攻击。此外，我们的系统确保先前被误判的可靠传感物联网设备不会被排除在后续市场轮次之外。