This work addresses the limited generalizability of existing learning-based V2X anomaly detection methods, which rely on labeled attack data and struggle to detect unseen spoofing attacks. To overcome this limitation, the authors propose an attack-agnostic detection framework that requires no attack annotations during training. The approach trains a causal Transformer decoder exclusively on normal vehicle trajectories to predict future kinematic states and incorporates a Top-K normalized anomaly scoring mechanism to identify and localize anomalous features. Evaluated on the VeReMi++ dataset across 19 distinct attack types and diverse traffic scenarios, the method achieves AUC scores up to 0.98 and F1-scores up to 0.95 for most attack categories, demonstrating, for the first time, effective V2X anomaly detection without exposure to attack samples during training while maintaining strong generalization to previously unseen attack types.

Misbehavior detection in Vehicle-to-Everything (V2X) networks is a second line of defense against insider falsification attacks that cryptographic mechanisms alone cannot address. Existing learning-based Misbehavior Detection Schemes (MDSs) are supervised, requiring labeled attack samples at training time, thus failing to counter unseen falsification attacks. We present PAMPOS, a causal transformer-decoder trained on benign VeReMi++ trajectories to learn normal mobility patterns. At inference time, misbehavior is identified as a deviation from the model's next-step kinematic predictions using a top-K normalized anomaly scoring mechanism that localizes falsification to specific kinematic features, without requiring attack-labeled training data. We evaluate PAMPOS across all 19 attack types in VeReMi++ under rush-hour and afternoon scenarios, achieving Area Under the Curve (AUC) values of up to 0.98 and F1-scores of up to 0.95 for most attack categories.