Can LLMs Classify Vehicular Basic Safety Messages Anomalies?

Abstract

The reliability of connected vehicles (CVs) critically depends on the integrity of Basic Safety Messages (BSMs), yet distinguishing anomalies caused by benign sensor faults from those induced by malicious cyber-attacks remains challenging and operationally crucial. This work investigates whether large language models (LLMs) can complement or surpass traditional machine learning (ML) methods for multi-class BSM anomaly classification, where messages must be labeled as normal, faulty, or under attack. We use an extended version of the Tampa CV Pilot dataset enriched with synthetic fault and attack trajectories and evaluate several state-of-the-art LLMs (Llama, Mistral, Gemma, and Qwen) against strong tree-based baselines. Our approach textualizes multivariate kinematic and peer-report sequences and applies both few-shot prompting and parameter-efficient LoRA fine-tuning. The results quantify how far generic instruction-tuned LLMs can go in few-shot mode and show that domain-adapted LLMs can achieve near-baseline or superior accuracy and robustness for critical vehicular safety classifications.