Conference Paper

A structured approach to anomaly detection for in-vehicle networks

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

The complexity and connectivity of modern vehicles has constantly increased over the past years. Within the scope of this development the security risk for the in-vehicle network and its components has risen massively. Apart from threats for comfort and confidentiality, these attacks can also affect safety critical systems of the vehicle and therefore endanger the driver and other road users. In this paper the introduction of anomaly detection systems to the automotive in-vehicle network is discussed. Based on properties of typical vehicular networks, like the Controller Area Network (CAN), a set of anomaly detection sensors is introduced which allow the recognition of attacks during the operation of the vehicle without causing false positives. Moreover, important design and application criteria for a vehicular attack detection system are explained and discussed.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... In addition, it is not possible to unambiguously determine the sending ECU using MACs, since they do not provide non-repudiation. However, information about the sender of a message is also relevant for Networkbased Intrusion Detection Systems (IDSs) [25], [47], which are expected to be a common security measure around 2023 [52]. These systems analyze the message traffic and can detect attack patterns or deviations from the expected behavior. ...
... These systems analyze the message traffic and can detect attack patterns or deviations from the expected behavior. One way to react on intrusions is, besides to warn the driver [47], [24], to update existing signature-based systems with the observed attack patterns in order to be able to react quickly to zero day exploits. This does not necessarily prevent an attack on a particular vehicle, but immunizes the entire vehicle fleet and prevents potential major damage. ...
... Even if high speed MCUs are available and their general performance increases, the costs of implementing security functions play a major role [20]. This is especially true for the automotive sector [36], [47], [25], [39], [20], [61], as security features are often difficult to monetize as they are viewed as a fundamental requirement and not as an additional feature [26]. To address this problem, we present EASI (Edge-Based Sender Identification), a novel approach which has significantly lower requirements and thereby increases the cost effectiveness and applicability of the sender identification for automotive networks. ...
... • Identifier filtering: Based on the identifier, an intrusion detection system can establish a list of allowed and forbidden identifiers, based on which it can decide which frames to accept and which frames to filter. This technique is best known as identifier filtering or identifier white-listing [95,100]. Such a white list can also depend on the context of the vehicle: for instance, the intrusion detection system may allow specific identifiers when the vehicle is on parking state, and reject them when the vehicle is moving. ...
... In order to detect attacks that uses periodic messages, multiple methods [29,54,100] proposed mechanisms that take advantage of the identifiers timing analysis. In fact, since the goal of the CAN-IDPS is to protect against injection of extra packets onto the network, and given the fact that most normal frames have predefined frequencies (set-up during the design phase), then if the particular message does not respect its frequency, it should be reported as an intrusion. ...
... This mapping defines a syntax that can be checked based on the payload length of each message. Müter et al. [100] proposed that messages that violate this syntax (i.e., messages sent with the wrong DLC or wrong signals) are then flagged as intrusions. ...
Thesis
During the last decade, technological advances have made the car more and more connected to the outside world. On the flip side, thistechnological transformation has made modern vehicles subject to advanced cyber attacks. The cyber-physical architectures of automotive systems were not designed with security in mind. With the integration of connected platforms into these cyberphysical systems, the threat landscape has radically changed. Lately, multiple security breaches targeting different car manufacturers have been reported mainly by the scientific community. This makes security a critical concern, with a high impact especially on future autonomous driving. In order to address this gap, rigorous security engineering needs to be integrated into the design process of an automotive system and new protection methods adapted to the specificities of the vehicle systems must be introduced. Threat modeling and risk analysis are essential building blocks of this process. In this context, attack trees proved to be a reasonably good way to model attack steps. Nevertheless, given the diversity of architectures, it can quickly become a burden to draw attack trees for all architectures. This thesis tackles the issues of security of connected vehicles. The proposed approach allows enhancing the threat analysis with the automated generation of attack tree used to assist in the risk assessment step. We also propose novel and efficient protection mechanisms for in-vehicle communication networks capable of coping with existing cyber-physical attacks.
... The IDS approach is the dominant CAN defense because an IDS runs as an independent entity on the CAN bus and does not burden the resource-constrained ECUs/network with non-trivial computation/communication overhead. Traditional message (anomaly)-based IDS (MIDS) [18], [34], [44] utilize features such as payload values to identify anomalies on CAN. Modern state-of-the-art CAN IDS leverage physical characteristics of ECUs, such as clock-skew (CIDS [8]) and voltage (VIDS [9], [10], [14], [22], [23]), to determine if a message is generated by a legitimate ECU. ...
... DUET is designed to evade the state-of-the-art VIDS defenses. Besides, DUET can be integrated with other attack strategies, e.g., (1) the strategy presented by Miller and Valasek [31] against MIDS [34] that analyzes the message content to detect an anomaly, and (2) the attack method presented by Sagong et al. [43] against CIDS [8] that analyzes the clock-skew-based fingerprint to detect a masquerade attack. In other words, before DUET, MIDS and CIDS -but not VIDS -have already been shown defeat-able hence are not the focus of DUET. ...
... A countermeasure using hardware-based identifiers [46] will hinder ECUs' reconfigurability, making ECUs specific to a car's year-make-model, hence increasing their manufacturing cost. More practical and deployable CAN defenses favor signature and fingerprintbased IDS, such as MIDS [34], [44], CIDS [8] and VIDS [9], [10], [14], [22], [23]). While MIDS and CIDS have been shown vulnerable to impersonation attacks [8], [43], VIDS are still considered the state-of-the-art defenses. ...
... However, the gained dynamics and flexibility of the networking of a SOA comes at the expense of the static predefinition of the network traffic. This was one of the advantages of automotive networks in terms of security compared to IT networks, because static behavior allows simple rule-based control [56]. ...
... An early work by Müter et al. [56] introduced eight different anomaly detection sensors (e.g., formality, location, plausibility of messages) to identify intrusions on the CAN bus. Especially, they compared the applicability of the sensors with respect to six different criteria, e.g., if the sensor can be developed only based on the vehicles specification or if messages of different bus systems need to be considered for detection. ...
... Indeed, the features an automotive SOA flow should contain are unclear today. In comparison, Müter et al. [56] formulated the information that should be observed for automotive IDS, especially for anomaly based detection on the CAN bus. They outlined eight so-called sensors and compared them w.r.t. ...
Article
Full-text available
New requirements from the customers' and manufacturers' point of view such as adding new software functions during the product life cycle require a transformed architecture design for future vehicles. The paradigm of signal-oriented communication established for many years will increasingly be replaced by service-oriented approaches in order to increase the update and upgrade capability. In this article, we provide an overview of current protocols and communication patterns for automotive architectures based on the service-oriented architecture (SOA) paradigm and compare them with signal-oriented approaches. Resulting challenges and opportunities of SOAs with respect to information security are outlined and discussed. For this purpose, we explain different security countermeasures and present a state of the section of automotive approaches in the fields of firewalls, Intrusion Detection Systems (IDSs) and Identity and Access Management (IAM). Our final discussion is based on an exemplary hybrid architecture (signal-and service-oriented) and examines the adaptation of existing security measures as well as their specific security features.
... Two types of intrusion detection solutions have been proposed for in-vehicle network attacks. One is messagerecognition-based intrusion detection systems (IDSs) [1,[5][6][7][8][9] and the other is the source-recognition-based detection solutions [10][11][12][13][14][15][16]. In a message-recognition-based detection system, intrusion attacks can be detected by analyzing the message features, e.g., CAN message rate, CAN message time information, and CAN bus entropy. ...
... e messageidentification-based IDS is one of the best ways to enhance the security of in-vehicle network, and various IDSs have been proposed to guard against in-vehicle network-related attacks [1,5,6,[18][19][20][21][22][23][24]. Several message-identification-based IDSs are introduced to detect invasions by analyzing message characteristics, e.g., CAN machine learning is also extensively used in these kinds of intrusion detection systems. ...
... Some of the IDSs are introduced utilizing characteristics and entropy of regular CAN bus to detect attacks. Muter et al. [6] presented a solution to use the features of attack messages to distinguish the intrusions. e solution involves a series of detection sensors that serve as recognition criteria for in-vehicle network intrusions. ...
Article
Full-text available
External wireless interfaces and the lack of security design of controller area network (CAN) standards make it vulnerable to CAN-targeting attacks. Unfortunately, various defense solutions have been proposed merely to detect CAN intrusion attacks, while only a few works are devoted to intrusion source identification. Demonstrated by our experimental studies, the most advanced IDS with intrusion source identification, which is based on the physical feature fingerprints of the in-vehicle Electronic Control Units (ECUs), will fail when the temperature changes. In this paper, we innovatively propose temperature-varied fingerprinting, called TVF, for CAN intrusion detection and intrusion source identification. Motivated by the remarkable observation that the physical feature of an ECU, i.e., its clock offset, changes linearly with the temperature of ECUs, the concept of temperature-varied fingerprints is proposed. Then, for a severe intrusion case, we provide an advanced TVF for further supplemented and expanded. The proposed advanced temperature-varied fingerprinting is implemented, and extensive performance evaluation experiments are conducted in both CAN bus prototype and real vehicles. The experimental results illustrate the effectiveness and performance of advanced TVF.
... Additional Key Words and Phrases: Vehicle ABS, sensor attack, CAN bus attack, attack detection, attack mitigation ACM Reference format: methods to interface with an outside-vehicle environment such as WLAN for vehicle-to-vehicle communication and Bluetooth for mobile communication networks [2]. Under this condition, vehicles become much more open to the outside-vehicle environment and suffer high vulnerability and security weakness, which may result in the risk of attacks. ...
... Attacks can cause serious malfunctions of a vehicle ABS and be a threat to drive safety and human life [3]. For example, a vehicle ABS will fail to work, resulting in a wheellock phenomenon (i.e., vehicle driving direction will be out of its driver's control), during a brake process if an attacker injects malicious messages, such as longitudinal brake force messages, into the CAN bus [2,3]. Although there exist other stability control systems that seek to improve vehicle stability, all actions from these systems are conducted by using hydraulic pumps through ABS. ...
... (1) Our attack detection method not only can detect both SAs and CAN bus attacks but also can overcome their individual drawbacks indicated previously. (2) There are no previous works for attack mitigation. This is the first work to mitigate the detected SAs and CAN bus attacks in a vehicle ABS. ...
Article
For a modern vehicle, if the sensor in a vehicle anti-lock braking system (ABS) or controller area network (CAN) bus is attacked during a brake process, the vehicle will lose driving direction control and the driver’s life will be highly threatened. However, current methods for detecting attacks are not sufficiently accurate, and no method can provide attack mitigation. To ensure vehicle ABS security, we propose an attack detection method to accurately detect both sensor attack (SA) and CAN bus attack in a vehicle ABS, and an attack mitigation strategy to mitigate their negative effects on the vehicle ABS. In our attack detection method, we build a vehicle state space equation that considers the real-time road friction coefficient to predict vehicle states (i.e., wheel speed and longitudinal brake force) with their previous values. Based on sets of historical measured vehicle states, we develop a search algorithm to find out attack changes (vehicle state changes because of attack) by minimizing errors between the predicted vehicle states and the measured vehicle states. In our attack mitigation strategy, attack changes are subtracted from the measured vehicle states to generate correct vehicle states for a vehicle ABS. We conducted the first real SA experiments to show how a magnet affects sensor readings. Our simulation results demonstrate that our attack detection method can detect SA and CAN bus attack more accurately compared with existing methods, and also that our attack mitigation strategy almost eliminates the attack’s effects on a vehicle ABS.
... In recent years, there have been several attempts to design and develop intrusion detection systems for IVNs [8,16,30,31,33]. Due to the long life-span (decades) of vehicles and the difficulty of maintaining regular updates, anomaly-based detection has been considered to be more viable than signature-based approaches [31]. ...
... In recent years, there have been several attempts to design and develop intrusion detection systems for IVNs [8,16,30,31,33]. Due to the long life-span (decades) of vehicles and the difficulty of maintaining regular updates, anomaly-based detection has been considered to be more viable than signature-based approaches [31]. Much of the related literature on in-vehicle attack detection lays particular emphasis on the well-defined specifications of CAN communication with respect to message periodicity and data content. ...
... Larson et al. [23] propose a specification-based method to detect malicious communication that does not comply with the configuration parameters of the ECU and the CAN protocol specifications. Müter et al. [31] propose a sensor-based detection method to detect abnormal events related to eight potentially exploitable aspects of CAN communication. An entropy-based approach is proposed in [30], where the normal entropy of CAN traffic is initially modelled, and the entropy of subsequent traffic is then monitored such that a higher value indicates a higher level of coincidence in the communication. ...
Conference Paper
Nowadays, vehicles have complex in-vehicle networks that have recently been shown to be increasingly vulnerable to cyber-attacks capable of taking control of the vehicles, thereby threatening the safety of the passengers. Several countermeasures have been proposed in the literature in response to the arising threats, however, hurdle requirements imposed by the industry is hindering their adoption in practice. In this paper, we propose Spectra, a data-driven anomaly-detection mechanism that is based on spectral analysis of CAN-message payloads. Spectra does not abide by the strict specifications predefined for every vehicle model and addresses key real-world deployability challenges.
... It performs well with a low false positive rate and high detection accuracy. However, it behaves poorly against novel attacks, and not appropriate for the limited resources in the vehicle as mentioned in [9], [10]. Also, updating the database is a difficult challenge in the vehicle environment as described in [10]. ...
... However, it behaves poorly against novel attacks, and not appropriate for the limited resources in the vehicle as mentioned in [9], [10]. Also, updating the database is a difficult challenge in the vehicle environment as described in [10]. So, Anomaly detection is considered as a better approach by researchers for the vehicle network where novel attacks can be detected. ...
... Different sensors can be introduced to the bus for anomaly detection [10]. This model is difficult to be applied as it changes the vehicle architecture by applying different sensors per communication bus for anomaly detection. ...
... The internet or physical access to a linked vehicle's intelligence system is another security danger that intelligent automobiles encounter. In 2016, security professionals Charlie Miller and Chris Valasek, for example, wirelessly hacked the Jeep Cherokee's intelligence system [13], while the Jeep Cherokee's driver was still behind the wheel, researchers Miller and Valasek compromised the entertainment system, steering and brakes, and air conditioning system to show that the Jeep's intelligence system had security vulnerabilities. The Nissan Leaf's companion app was abused by cybercriminals utilizing the vehicle's unique identification number, which is generally displayed on the windows. ...
... In addition to putting the driver and other road users at risk, these attacks can compromise the vehicle's critical safety systems. The detection of anomalies in automobile in-vehicle networks is discussed by Müter et al. [13]. A set of anomaly detection sensors was introduced based on the characteristics of typical vehicular networks, such as the CAN. ...
Article
Full-text available
It is increasingly difficult to identify complex cyberattacks in a wide range of industries, such as the Internet of Vehicles (IoV). The IoV is a network of vehicles that consists of sensors, actuators, network layers, and communication systems between vehicles. Communication plays an important role as an essential part of the IoV. Vehicles in a network share and deliver information based on several protocols. Due to wireless communication between vehicles, the whole network can be sensitive towards cyber-attacks.In these attacks, sensitive information can be shared with a malicious network or a bogus user, resulting in malicious attacks on the IoV. For the last few years, detecting attacks in the IoV has been a challenging task. It is becoming increasingly difficult for traditional Intrusion Detection Systems (IDS) to detect these newer, more sophisticated attacks, which employ unusual patterns. Attackers disguise themselves as typical users to evade detection. These problems can be solved using deep learning. Many machine-learning and deep-learning (DL) models have been implemented to detect malicious attacks; however, feature selection remains a core issue. Through the use of training empirical data, DL independently defines intrusion features. We built a DL-based intrusion model that focuses on Denial of Service (DoS) assaults in particular. We used K-Means clustering for feature scoring and ranking. After extracting the best features for anomaly detection, we applied a novel model, i.e., an Explainable Neural Network (xNN), to classify attacks in the CICIDS2019 dataset and UNSW-NB15 dataset separately. The model performed well regarding the precision, recall, F1 score, and accuracy. Comparatively, it can be seen that our proposed model xNN performed well after the feature-scoring technique. In dataset 1 (UNSW-NB15), xNN performed well, with the highest accuracy of 99.7%, while CNN scored 87%, LSTM scored 90%, and the Deep Neural Network (DNN) scored 92%. xNN achieved the highest accuracy of 99.3% while classifying attacks in the second dataset (CICIDS2019); the Convolutional Neural Network (CNN) achieved 87%, Long Short-Term Memory (LSTM) achieved 89%, and the DNN achieved 82%. The suggested solution outperformed the existing systems in terms of the detection and classification accuracy.
... Existing security assistant proposals fail to meet this pressing need of increased security in today's cars. They usually detect these in-vehicle attacks by modeling packet-arrival characteristics within the vehicle [20,73] or the relationships between in-vehicle sensors [21,39]. If the vehicle is compromised, both classes of security assistants suffer from untrustworthy data since they both rely on Smartphones have proven successful in assisting with other vehicular tasks such as dangerous driving detection [45,67,60,113,29], road monitoring [32,47,92,118,40], and trajectory mining [23,106,12,65]. ...
... Müter et al. [72,73] developed an IDS which models information-theoretic and In addition to providing an external source of knowledge, smartphones are also freely and readily available to enhance car security. Furthermore, they are personal devices which form a natural interface to the user. ...
Thesis
The average American spends around at least one hour driving every day. During that time the driver utilizes various sensors to enhance their commute. Approximately 77% of smartphone users rely on navigation apps daily. Consumer grade OBD dongles that collect vehicle sensor data to monitor safe driving habits are common. Existing sensing applications pertaining to our drive are often separate from each other and fail to learn from and utilize the information gained by other sensing streams and other drivers. In order to best leverage the widespread use of sensing capabilities, we have to unify and coordinate the different sensing streams in a meaningful way. This dissertation explores and validates the following thesis: Sensing the same phenomenon from multiple perspectives can enhance vehicle safety, security and transportation. First, it presents findings from an exploratory study on unifying vehicular sensor streams. We explored combining sensory data from within one vehicle through pairwise correlation and across multiple vehicles through normal models built with principal component analysis and cluster analysis. Our findings from this exploratory study motivated the rest of this thesis work on using sensor redundancy for CAN-bus injection detection and driving hazard detection. Second, we unify the phone sensors with vehicle sensors to detect CAN bus injection attacks that compromise vehicular sensor values. Specifically, we answer the question: Are phone sensors accurate enough to detect typical CAN bus injection attacks found in literature? Through extensive tests we found that phone sensors are sufficiently accurate to detect many CAN-bus injection attacks. Third, we construct GPS trajectories from multiple vehicles nearby to find stationary and mobile driving hazards such as a bicyclist on the side of the road. Such a tool will effectively extend the repertoire of current navigation assistant applications such as Google Maps which detect and warn drivers about upcoming stationary hazards. Finally, we present an easy-to-use tool to help developers and researchers quickly build and prototype data-collection apps that naturally exploit sensing redundancy. Overall, this thesis provides a unified basis for exploiting sensing redundancy existing inside a single vehicle as well as between different vehicles to enhance driving safety and security.
... Automotive IDS research did not yet consider the novel designs of E/E architectures and how it affects the different detection techniques or the placement of the IDS. For example, an IDS placed at a gateway as a correlation sensor as proposed in [41] would allow to observe and correlate sensor values from different networks. However, a recent review of work in this area [42] shows that the majority of papers do not analyze multiple data sources for attack detection. ...
... In classical computer networks, an incident is reported to the user together with suggestions about possible actions to take. However, in a vehicle the driver is unlikely to have the technical knowledge to react appropriately within a very short time [41]. If an autonomous vehicle is attacked, the impact will be much higher as the driver will not be able to take control in time, if at all [43]. ...
... There are different parameters that an IDS system can assess on the CAN. Müter et al. [54] defined eight anomaly detection sensors, as shown in Table 4, to identify the anomalies in a structured way. All these detection sensors were inspired by the typical behaviour of the CAN bus. ...
... These solutions can be categorised as time/frequencybased, physical system characteristic, specification-based, and feature-based. Table 4. Automotive anomaly detection sensors [54]. ...
Article
Full-text available
The automobile industry no longer relies on pure mechanical systems; instead, it benefits from many smart features based on advanced embedded electronics. Although the rise in electronics and connectivity has improved comfort, functionality, and safe driving, it has also created new attack surfaces to penetrate the in-vehicle communication network, which was initially designed as a close loop system. For such applications, the Controller Area Network (CAN) is the most-widely used communication protocol, which still suffers from various security issues because of the lack of encryption and authentication. As a result, any malicious/hijacked node can cause catastrophic accidents and financial loss. This paper analyses the CAN bus comprehensively to provide an outlook on security concerns. It also presents the security vulnerabilities of the CAN and a state-of-the-art attack surface with cases of implemented attack scenarios and goes through different solutions that assist in attack prevention, mainly based on an intrusion detection system (IDS).
... Anomaly detection methods based on verifying the message contents have also been proposed in addition to using message ID bits as input features [50]. Muter et al. for instance, used in-vehicle sensors to verify message range and correlation [72]. ...
... In this study, CAID uses sensor information to establish reference models of the physical system and then checks the correctness of the current sensor data against the reference models. Muter et al. [72] developed a sensor-based detection method that could recognize a malicious intrusion by using several sensors designed for cyber attack scenarios. In [74], Cho et al. used CarSim to obtain realistic sensor readings for the slip ratio and the normalized traction force. ...
... Based on the typical behavior of the in-vehicle bus systems, Müter et al. [MGF10] have proposed eight attack detection sensors which could be used to observe anomalies occurring inside the vehicular network. These sensors include the formality, location, range, frequency, correlation, protocol, plausibility and consistency of each transmitted message. ...
Thesis
Full-text available
In recent years, significant developments were introduced within the vehicular domain, evolving the vehicles to become a network of many embedded systems distributed throughout the car, known as Electronic Control Units (ECUs). Each one of these ECUs runs a number of software components that collaborate with each other to perform various vehicle functions. Modern vehicles are also equipped with wireless communication technologies, such as WiFi, Bluetooth, and so on, giving them the capability to interact with other vehicles and roadside infrastructure. While these improvements have increased the safety of the automotive system, they have vastly expanded the attack surface of the vehicle and opened the door for new potential security risks. The situation is made worse by a lack of security mechanisms in the vehicular system, which allows the escalation of a compromise in one of the non-critical subsystems to threaten the safety of the entire vehicle and its passengers. This dissertation focuses on providing a comprehensive framework that ensures the security of the vehicular system during its whole life-cycle. This framework aims to prevent cyber-attacks against different components by ensuring secure communications among them. Furthermore, it aims to detect attacks that were not prevented successfully, and finally, to respond to these attacks properly to ensure a high degree of safety and stability of the system. The thesis starts by developing a hybrid threat model that combines multiple existing threat modeling approaches to define a more comprehensive one. This model defines (1) the various potential groups of attackers, which may threaten the vehicular system and their capabilities, (2) the potential targets (i.e., assets) of these groups and the various vulnerabilities that they include, and (3) the security requirements for these targets which should be considered to prevent the attacker from compromising them. After defining the security requirements by using the proposed threat model, the thesis addresses the challenges of developing the security policy, which implements these requirements. The thesis presents a methodology supporting the gradual definition of the security policy. Under our methodology, the designer of each software component is responsible for formulating the security policy of their components. As components get integrated into larger subsystems, the individual policies are merged into the subsystem policy. This continues as we go up the ladder of bigger subsystems until we have a complete vehicle. The thesis also shows how to enforce the developed security policy in an efficient manner by using a lightweight distributed access framework implemented within each single ECU. The enforcement takes place at the network level, enforcing communications only between authorized components while employing data integrity mechanisms in the communication between components, even if they run on different ECUs. In this way, we provide a level of compartmentalization in the in-vehicle network. With this precondition, a malicious application might remain able to emit (a) malicious packet(s) to its remote peer(s), if it is authorized. But, at the same time, this application can be prevented from attacking other components, which it is not authorized to communicate with. A heavy-handed security policy may adversely impact availability. Taken to the extreme, a secure system is a silent system that does not interact with its environment, and this is clearly not the intent of a security policy aimed at a vehicular platform. So we face the conundrum of increased security, leading to false positives affecting availability and overall performance against a more permissive system that may fail to detect attacks (false negatives), leading to the demise of the platform. The thesis addresses this issue by using the Red-Zone principle, whereby a tighter inner security envelope alerts the security system of a potential compromise before an actual security violation occurs. In this way, we can observe the suspect component as it operates within the Red-Zone, and characterize the event. We leverage the Red-zone principle in order to develop a run-time mechanism to detect the incidence of an attack and to prevent the attackers from gaining a foothold. The thesis defines temporal specifications for each hard real-time software component within the vehicle to be used as a baseline to define its nominal behavior. Attacks such as code injection, or Denial of Service (DoS) will usually cause a breach of this temporal specification, and thus will be detected. Once a software component is found to have violated its security boundaries, the system needs to take some remedial action. The type of response, e.g., taking the component offline, restarting the component, initiating containment measures (e.g., resetting the entire ECU), and so on, are the responsibility of the Intrusion Response System (IRS). This thesis uses the Red-Zone principle as the basis for developing an IRS framework to manage the interaction between security and safety of the system.
... Rare are the papers which deals with anomaly detection for CAV. [7] proposed a model based on adaptive extended Kalman filter and the trained One Class Support Vector. in [8] authors provide an experimental evaluation of entropy-based anomaly detection algorithms applied to real modern vehicle. ...
Article
Full-text available
Connected and autonomous vehicles (CAV) are expected to change the landscape of the automotive market. They are autonomous decision-making systems that process streams of observations coming from different external and on-board sensors. CAV like any other cyber-physical objects are prone to signal interference, hardware deterioration, software errors, power instability, and cyber-attacks. To avoid these anomalies which can be fatal, it is mandatory to design a robust real-time technique to detect them and identify their sources. In this paper, we propose a deep learning approach which consists of hierarchic models to firstly extract the signal features using an LSTM auto-encoder, then perform an accurate classification of each signal sequence in real-time. In addition, we investigated the impact of the model parameter tuning on the anomaly detection and the advantage of channel boosting through three scenarios. The model achieves an accuracy of 95.5% and precision of 94.2%.
... Another approach uses the characteristics of the physical layer of each ECU, such as its signal and voltage profile, and compares the changes in these characteristics to detect anomalies. Müter et al. [90] have categorised the features that an IDS can use to detect attacks on the bus using the following sensors: ...
Preprint
Full-text available
As connectivity between and within vehicles increases, so does concern about safety and security. Various automotive serial protocols are used inside vehicles such as Controller Area Network (CAN), Local Interconnect Network (LIN) and FlexRay. CAN bus is the most used in-vehicle network protocol to support exchange of vehicle parameters between Electronic Control Units (ECUs). This protocol lacks security mechanisms by design and is therefore vulnerable to various attacks. Furthermore, connectivity of vehicles has made the CAN bus not only vulnerable from within the vehicle but also from outside. With the rise of connected cars, more entry points and interfaces have been introduced on board vehicles, thereby also leading to a wider potential attack surface. Existing security mechanisms focus on the use of encryption, authentication and vehicle Intrusion Detection Systems (IDS), which operate under various constrains such as low bandwidth, small frame size (e.g. in the CAN protocol), limited availability of computational resources and real-time sensitivity. We survey In-Vehicle Network (IVN) attacks which have been grouped under: direct interfaces-initiated attacks, telematics and infotainment-initiated attacks, and sensor-initiated attacks. We survey and classify current cryptographic and IDS approaches and compare these approaches based on criteria such as real time constrains, types of hardware used, changes in CAN bus behaviour, types of attack mitigation and software/ hardware used to validate these approaches. We conclude with potential mitigation strategies and research challenges for the future.
... Because most of the messages in the vehicle are periodic. Paper [13] detected intrusion by detecting the change of message cycle, but the periodicity of CAN message is not considered, which has a certain impact on the detection accuracy. ...
Article
Full-text available
Alongside with the convergence of In-vehicle network (IVN) and wireless communication technology, In-vehicle CAN communication with external networks reinforces the connectivity among systems of a vehicle. Vehicle communication is facing severe challenges. Intrusion detection technology is one of the most widely used technologies to ensure the safety of In-vehicle CAN communication, so an adaptive intrusion detection method for In-vehicle CAN bus based on message periodicity is proposed. Communication load of CAN bus in the vehicle, the unique priority mechanism and transmission waiting mechanism of CAN message cause a certain fluctuation in the message cycle. The influence of this fluctuation on the detection accuracy of intrusion detection algorithm is analysed while rules are determined by establishing and optimizing the detection threshold in order to further improve the accuracy. Experimental results show that the adaptive intrusion detection based on message periodicity can effectively detect injection and interruption attacks.
... Another approach uses the characteristics of the physical layer of each ECU, such as its signal and voltage profile, and compares the changes in these characteristics to detect anomalies. Müter et al. [90] have categorised the features that an IDS can use to detect attacks on the bus using the following sensors: ...
Article
Full-text available
As connectivity between and within vehicles increases, so does concern about safety and security. Various automotive serial protocols are used inside vehicles such as Controller Area Network (CAN), Local Interconnect Network (LIN), and FlexRay. CAN Bus is the most used in-vehicle network protocol to support exchange of vehicle parameters between Electronic Control Units (ECUs). This protocol lacks security mechanisms by design and is therefore vulnerable to various attacks. Furthermore, connectivity of vehicles has made the CAN Bus vulnerable not only from within the vehicle but also from outside. With the rise of connected cars, more entry points and interfaces have been introduced on board vehicles, thereby also leading to a wider potential attack surface. Existing security mechanisms focus on the use of encryption, authentication, and vehicle Intrusion Detection Systems (IDS), which operate under various constraints such as low bandwidth, small frame size (e.g., in the CAN protocol), limited availability of computational resources, and real-time sensitivity. We survey and classify current cryptographic and IDS approaches and compare these approaches based on criteria such as real-time constraints, types of hardware used, changes in CAN Bus behaviour, types of attack mitigation, and software/ hardware used to validate these approaches. We conclude with mitigation strategies limitations and research challenges for the future.
... Citation information: DOI 10.1109/ACCESS.2022.3200375 intrusions while driving without causing false positives [3]. The IDS presented by Zhang et al. has two stages: the first is a rule-based model that uses the time interval, message sequence, valid ID, and frequency of messages to detect anomalous behaviors [30]. ...
Article
Full-text available
Recent research interests have been directed to study the security of vehicles due to the advancement of their technologies. Due to the rapid growth and accelerated development of electronic control units (ECUs), they are countered to be exploited by external attacks. As a result, recent research efforts have been focused on investigating alternative countermeasures that might be implemented by introducing different intrusion detection systems (IDSs). The problem with some of IDSs is the location of their deployment because of the ECU limitations and constraints. Other introduced IDSs require severe changes in the in-vehicle network, which is not preferred by vehicle manufacturers. In this research, we introduce a novel design of a framework to check the state of the vehicle and capture possible attacks by detecting any malicious data in the diagnostic parameters of the vehicle. The framework is divided into two phases: the specific-based detection phase and the anomaly-based detection phase. The proposed system employs the extreme gradient boosting (XGBoost) algorithm to detect anomalies in diagnostic data and it is optimized by a non-dominated sorting genetic algorithm II (NSGA-II). The model is verified against two datasets collected from real vehicles. To generate anomalies in datasets, an attack generation algorithm is introduced. The model is trained on a dataset that contains different attack types and verified blindly against various attacks that have not been seen before. The framework’s experimental results show that it can detect abnormalities with accuracy 97.00% for the Seat Leon 2018 dataset and 97.49% for the KIA SOUL dataset.
... Müter et al. [26] identify eight anomaly detection sensors that provide the essential input to structure an in-vehicle network. These are frequency, formality, location, range, correlation, protocol, plausibility, and consistency. ...
Article
Full-text available
Vehicles are equipped with Electronic Control Units (ECUs) to increase their overall system functionality and connectivity. However, the rising connectivity exposes a defenseless internal Controller Area Network (CAN) to cyberattacks. An Intrusion Detection System (IDS) is a supervisory module, proposed for identifying CAN network malicious messages, without modifying legacy ECUs and causing high traffic overhead. The traditional IDS approaches rely on time and frequency thresholding, leading to high false alarm rates, whereas state-of-the-art solutions may suffer from vehicle dependency. This paper presents a wavelet-based approach to locating the behavior change in the CAN traffic by analyzing the CAN network’s transmission pattern. The proposed Wavelet-based Intrusion Detection System (WINDS) is tested on various attack scenarios, using real vehicle traffic from two independent research centers, while being expanded toward more comprehensive attack scenarios using synthetic attacks. The technique is evaluated and compared against the state-of-the-art solutions and the baseline frequency method. Experimental results show that WINDS offers a vehicle-independent solution applicable for various vehicles through a unique approach while generating low false alarms.
... Monitored traffic is then compared against the baseline, and the IDS flags for any abnormal traffic using anomaly-based detection. Some potential network-based detection sensors presented in [91] are frequency, formality, location, range, correlation, protocol, plausibility, and consistency. Among the sensors, frequency is commonly used because most ECUs broadcast CAN frames regularly, and their transmission intervals can be easily observed [49]. ...
Article
The number of Connected and Autonomous Vehicles (CAVs) is increasing rapidly in various smart transportation services and applications, considering many benefits to society, people, and the environment. Several research surveys for CAVs were conducted by primarily focusing on various security threats and vulnerabilities in the domain of CAVs to classify different types of attacks, impacts of attacks, attack features, cyber-risk, defense methodologies against attacks, and safety standards. However, the importance of attack detection and prevention approaches for CAVs has not been discussed extensively in the state-of-the-art surveys, and there is a clear gap in the existing literature on such methodologies to detect new and conventional threats and protect the CAV systems from unexpected hazards on the road. Some surveys have a limited discussion on Attacks Detection and Prevention Systems (ADPS), but such surveys provide only partial coverage of different types of ADPS for CAVs. Furthermore, there is a scope for discussing security, privacy, and efficiency challenges in ADPS that can give an overview of important security and performance attributes. This survey paper, therefore, presents the significance of CAVs in the market, potential challenges in CAVs, key requirements of essential security and privacy properties, various capabilities of adversaries, possible attacks in CAVs, and performance evaluation parameters for ADPS. An extensive analysis is discussed of different ADPS categories for CAVs and state-of-the-art research works based on each ADPS category that gives the latest findings in this research domain. This survey also discusses crucial and open security research problems that are required to be focused on the secure deployment of CAVs in the market.
... Despite these techniques are lightweight, these techniques have limitations, especially when in-vehicle environments change frequently, as they require a lot of data updates. Müter et al. [223], [224] proposed IDS based on monitoring the state of the CAN bus traffic and the entropy of in-vehicle networks. Despite the fact that this technique does not need any hardware modifications, it is unable to detect irregular message incoming. ...
Article
Full-text available
Recent years have led the path to the evolution of automotive technology and with these new developments, modern vehicles are getting increasingly astute and offering growing quantities of innovative applications that cover various functionalities. These functionalities are controlled by hundreds of Electronic Control Units (ECUs) which are connected to each other via the Control Area Network (CAN) bus. Although ECUs are designed to offer various amenities that are associated with modern vehicles including comfort, such features expose new attack surfaces that can be harnessed by attackers. This trend is exacerbated by the fact that many of these ECUs rely on wireless communication for interacting with the outside world. Therefore, making them vulnerable to common threats such as malware injection that can compromise the overall security of modern vehicles. In this paper, we provide a detailed description of the architecture associated with intelligent vehicles, and identify various security issues and vulnerabilities that impact such systems. We provide an overview of different malware types and the vectors of attacks they leverage for infecting modern vehicles. This work also presents a detailed survey of available defenses against such attacks including: signature, behavior, heuristic, cloud, and machine learning-based detection measures. Furthermore, this paper intends to assist researchers in becoming familiar with the available defenses and how they can be applied to secure intelligent vehicles against emerging malware threats that can compromise the security of today’s vehicles. It also provides future directions for researchers who are interested in developing new defenses that can safeguard intelligent vehicles systems against malware attacks.
... In 2008, Larson et al. [7] proposed a CAN intrusion detection method based on vehicle communication protocol by studying CAN protocol, which could monitor the protocol-violating messages and abnormal message sending behaviors in the network. Muter [8] proposed a network anomaly detection method based on the multi-detection theory. Eight sensors were used to monitor frame ID, data load, message frequency, and message order, and finally the detection results of sensors were integrated to identify abnormal attacks. ...
Article
Full-text available
With the rapid development of vehicular networking and intelligence, more interfaces are adopted by cars to interact with the external world. Accordingly, this also brings enormous security risks, which are potentially catastrophic due to communication loopholes. Since the Controller Area Network (CAN) is critical to the transmission of commands among vehicular components, it has become a prime target for hacker research and attack. Considering that the CAN bus is commonly used and its protocol is always flawed, how to efficiently detect the intrusions against it has become an evitable problem. In this paper, we presented an intrusion detection system that can be rapidly deployed inside the vehicle. Aiming at achieving the goal of real-time detection, we devised a feature extraction algorithm with low complexity and thoroughly exploited its advantages via a GRU-based lightweight neural network. The experiment was physically conducted on in-vehicle embedded devices using publicly available datasets. Experiment results illustrated that our intrusion detection system could be rapidly deployed with high classification and real-time performance. Moreover, we also discussed how an intrusion detection system could work with OTA services to improve the intelligence of vehicular operating systems and prevent potential attacks.
... As a result, establishing an in-vehicle data anomaly detection mechanism is critical. A unique entropy-based threat identification approach in vehicle systems is given in research [31], which uses entropy to provide an uncertainty metric of data collective items. To identify anomalies, the acquired messages of the CAN bus have been treated earlier, data entropy computation, as well as relevant length measurements, being contrasted to base sampling library generated in the estimation step. ...
Article
Full-text available
This study offers a neural network-based deep learning method for energy optimization modeling in electric vehicles (EV). The pre-processed driving cycle is transformed into static maps and fed into a neural network for prototype energy optimization for CAN bus and media control in electric vehicles. The proposed model includes the prediction of battery state-of-charge as well as the consumption of fuel-at-destination. The controller area network (CAN) bus is the most important element in EV, ensuring its protection is the most difficult task. The abnormal messages of the CAN bus are detected using DNN. The suggested DNN model is an integrated triplet network loss which minimizes the length among the anchor sample as well as the positive sample is comparably minimum than the length measured between anchor sample and negative sample. The proposed DNN model is utilized for CAN bus and various media control in electric vehicles for effective performance.
... Monitored traffic is then compared against the baseline and the IDS flags for any abnormal traffic using anomaly-based detection. Some potential network-based detection sensors as presented by Müter et al. [78] are frequency, formality, location, range, correlation, protocol, plausibility, and consistency. Among the sensors, frequency is commonly used because most ECUs broadcast CAN frame regularly, and their transmissions intervals can be easily observed [49]. ...
Preprint
The number of Connected and Autonomous Vehicles (CAVs) is increasing rapidly in various smart transportation services and applications due to many benefits to society, people, and the environment. Several research surveys were conducted in the domain of CAVs. Such surveys primarily focus on various security threats and vulnerabilities in the domain of CAVs to classify different types of attacks, impacts of attacks, attacks features, cyber-risk, defense methodologies against attacks, and safety standards in CAVs. However, the importance of attacks detection and prevention approaches for CAVs has not been discussed extensively in the state-of-the-art surveys, and there is a clear gap in the existing literature on such methodologies to detect new and conventional threats and protect the CAV system from unexpected hazards on the road. There are some surveys with a limited discussion on Attacks Detection and Prevention Systems (ADPS), but such surveys provide only partial coverage of different types of ADPS for CAVs. Furthermore, there is a scope for discussing security, privacy, and efficiency challenges in ADPS that can give an overview of important security and performance attributes. This survey paper presents the significance of CAVs, potential challenges in CAVs, and an explanation of important security and privacy properties, attack scenarios, possible attacks in CAV, and performance evaluation parameters for ADPS. This survey paper extensively provides a discussion on the overview of different ADPS categories and state-of-the-art research works based on each ADPS category that gives the latest findings in this research domain. This survey also discusses crucial and open security research problems that are required to be focused on a secure deployment of CAVs in the market.
Article
There have been several public demonstrations of attacks on connected vehicles showing the ability of an attacker to take control of a targeted vehicle by injecting messages into their CAN bus. In this paper, using injected speed reading and RPM reading messages in in-motion vehicle, we examine the ability of the Pearson correlation and the unsupervised learning methods k-means clustering and HMM to differentiate 'no-attack' and 'under-attack' states of the given vehicle. We found that the Pearson correlation distinguishes the two states, the k-means clustering method has an acceptable accuracy but high false positive rate and HMM detects attacks with acceptable detection rate but has a high false positive in detecting attacks from speed readings when there is no attack. The accuracy of these unsupervised learning methods are comparable to the ones of the supervised learning methods used by CAN bus IDS suppliers. In addition, the paper shows that studying CAN anomaly detection techniques using off-vehicle test facilities may not properly evaluate the performance of the detection techniques. The results suggest using other features besides the data content of the CAN messages and integrate knowledge about how the ECU collaborate in building effective techniques for the detection of injection of fabricated message attacks.
Article
Full-text available
The Controller Area Network (CAN) has been widely used in the automotive and industrial automation for over two decades. However, due to the lack of security mechanisms, CAN is vulnerable to attacks. In this paper, we propose a novel protection scheme called CANeleon. It can defend CAN against a smart attacker who might inject malicious frames with the legitimate frame IDs, which cannot be mitigated by existing countermeasures. Inspired by the idea of moving target defense technologies, CANeleon equips each legitimate CAN node with the ability to shift the spoofed frame ID. In this way, the ID of malicious frames is exposed and can be further filtered by legitimate nodes. Moreover, CANeleon neither inserts new information to the frame, nor requires any modification to the CAN protocol, so it is in compliance with the existing standards. CANeleon is a decentralized mechanism guaranteeing that the protection could be done simultaneously without additional communication. Experiments on a CAN bus prototype and a real self-driving vehicle proved the effectiveness of CANeleon.
Article
Full-text available
With the development of Internet of Vehicles (IoV) technology, the car is no longer a closed individual. It exchanges information with an external network, communicating through the vehicle-mounted network (VMN), which, inevitably, gives rise to security problems. Attackers can intrude on the VMN, using a wireless network or vehicle-mounted interface devices. To prevent such attacks, various intrusion-detection methods have been proposed, including convolutional neural network (CNN) ones. However, the existing CNN method was not able to best use the CNN’s capability, of extracting two-dimensional graph-like data, and, at the same time, to reflect the time connections among the sequential data. Therefore, this paper proposed a novel CNN model, based on two-dimensional Mosaic pattern coding, for anomaly detection. It can not only make full use of the ability of a CNN to extract grid data but also maintain the sequential time relationship of it. Simulations showed that this method could, effectively, distinguish attacks from the normal information on the vehicular network, improve the reliability of the system’s discrimination, and, at the same time, meet the real-time requirement of detection.
Article
Automotive security has gained significant traction in the last decade thanks to the development of new connectivity features that have brought the vehicle from an isolated environment to an externally facing domain. Researchers have shown that modern vehicles are vulnerable to multiple types of attacks leveraging remote, direct and indirect physical access, which allow attackers to gain control and affect safety-critical systems. Conversely, Intrusion Detection Systems (IDSs) have been proposed by both industry and academia to identify attacks and anomalous behaviours. In this paper, we propose CANnolo, an IDS based on Long Short-Term Memory (LSTM)-autoencoders to identify anomalies in Controller Area Networks (CANs). During a training phase, CANnolo automatically analyzes the CAN streams and builds a model of the legitimate data sequences. Then, it detects anomalies by computing the difference between the reconstructed and the respective real sequences. We experimentally evaluated CANnolo on a set of simulated attacks applied over a real-world dataset. We show that our approach outperforms the state-of-the-art model by improving the detection rate and precision.
Article
Today’s vehicles are complex distributed embedded systems that are increasingly being connected to various external systems. Unfortunately, this increased connectivity makes the vehicles vulnerable to security attacks that can be catastrophic. In this article, we present a novel intrusion detection system (IDS) called INDRA that utilizes a gated recurrent unit (GRU)-based recurrent autoencoder to detect anomalies in controller area network (CAN) bus-based automotive embedded systems. We evaluate our proposed framework under different attack scenarios and also compare it with the best known prior works in this area.
Article
With recent advancements in the automotive world and the introduction of autonomous vehicles, automotive security has become a real and important issue. Modern vehicles have tens of Electronic Control Units (ECUs) connected to in-vehicle networks. As a de facto standard for in-vehicle network communication, the Controller Area Network (CAN) has become a target of cyber attacks. Anomaly-based Intrusion Detection System (IDS) is considered as an effective approach to secure CAN and detect malicious attacks. Currently, there are two primary approaches used for intrusion detection: rule-based and machine learning-based. Rule-based approach is efficient but limited in the detection accuracy while machine learning-based detection has comparably higher detection accuracy but higher computation cost at the same time. In this paper, we propose a novel hybrid IDS that combines the benefits of both rule-based and machine learning-based approaches. More specifically, we use machine learning methods to achieve a high detection rate while keeping the low computational requirement by offsetting the detection with a rule-based component. Our experiments with CAN traces collected from four different vehicle models demonstrate the effectiveness and efficiency of the proposed hybrid IDS.
Article
Full-text available
Abstract The modern car is a complicated system consisting of Electronic Control Units (ECUs) with engines, detectors and wired and wireless communication protocols, that communicate through different types of intra-car networks. The cyber-physical design relies on this ECU network that has been susceptible to several kinds of attacks using wireless, internal and external access. The internal network contains several security vulnerabilities that make it possible to launch attacks via buses and propagation over the entire ECU network, therefore anomaly detection technology, which represents the security protection, can efficiently reduce security threats. So, this paper proposes new Intrusion Detection System (IDS) using the Artificial Neural Network (ANN) to monitor the state of the car by information collected from internal buses and to achieve security, safety of the internal network The parameters building the ANN structure are trained CAN packet information to devise the fundamental statistical attribute of normal and attacking packets and in defense, extracted the related attribute to classify the attack. Experimental evaluation on Open Car Test-Bed and Network Experiments (OCTANE) show that the proposed IDS achieves acceptable performance in terms of intrusions detection. Results show its capability to detect attacks with false-positive rate of 1.7 %, false-negative rate 24.6 %, and average accuracy of 92.10 %. Keywords Intrusion Detection, Security, Self-driving Cars, CAN, Internal Communication.
Article
Full-text available
The modern car is a complicated system consisting of Electronic Control Units (ECUs) with engines, detectors and wired and wireless communication protocols, that communicate through different types of intra-car networks. The cyber-physical design relies on this ECU network that has been susceptible to several kinds of attacks using wireless, internal and external access. The internal network contains several security vulnerabilities that make it possible to launch attacks via buses and propagation over the entire ECU network, therefore anomaly detection technology, which represents the security protection, can efficiently reduce security threats. So, this paper proposes new Intrusion Detection System (IDS) using the Artificial Neural Network (ANN) to monitor the state of the car by information collected from internal buses and to achieve security, safety of the internal network The parameters building the ANN structure are trained CAN packet information to devise the fundamental statistical attribute of normal and attacking packets and in defense, extracted the related attribute to classify the attack. Experimental evaluation on Open Car Test-Bed and Network Experiments (OCTANE) show that the proposed IDS achieves acceptable performance in terms of intrusions detection. Results show its capability to detect attacks with false-positive rate of 1.7 %, false-negative rate 24.6 %, and average accuracy of 92.10 %.
Article
As technology has evolved, cities have become increasingly smart. Smart mobility is a crucial element in smart cities, and autonomous vehicles are an essential part of smart mobility. However, vulnerabilities in autonomous vehicles can be damaging to quality of life and human safety. For this reason, many security researchers have studied attacks and defenses for autonomous vehicles. However, there has not been systematic research on attacks and defenses for autonomous vehicles. In this survey, we analyzed previously conducted attack and defense studies described in 151 papers from 2008 to 2019 for a systematic and comprehensive investigation of autonomous vehicles. We classified autonomous attacks into the three categories of autonomous control system, autonomous driving systems components, and vehicle-to-everything communications. Defense against such attacks was classified into security architecture, intrusion detection, and anomaly detection. Due to the development of big data and communication technologies, techniques for detecting abnormalities using artificial intelligence and machine learning are gradually being developed. Lastly, we provide implications based on our systemic survey that future research on autonomous attacks and defenses is strongly combined with artificial intelligence and major component of smart cities.
Article
As the risk of cyber and safety threats to vehicle systems has increased, the anomaly detection in in-vehicle networks (IVN) has received the attention of researchers. Although, machine-learning-based anomaly detection methods have been proposed, there are limitations in detecting unknown attacks that the model has not learned because general supervised learning-based approaches depend on training dataset. To solve this problem, we propose a novel self-supervised method for IVN anomaly detection using noised pseudo normal data. The proposed method consists of two deep-learning models of the generator and the detector, which generates noised pseudo normal data and detects anomalies, respectively. Firstly, the generator is trained with only normal network traffic to generate pseudo normal traffic data. Then, the anomaly detector is trained to classify normal traffic and noised pseudo normal traffic as normal and abnormal, respectively. The experimental results demonstrate that the anomaly detection models, trained with the proposed method, not only significantly improved in the detection of unknown attacks, but also outperformed other semi-supervised learning-based methods.
Thesis
Despite all the different technological innovations and advances in the automotive field, autonomous vehicles are still in the testing phase. Many actors are working on several improvements in many domains to make autonomous cars the safest option. One of the important dimensions is cybersecurity. Autonomous vehicles will be prone to cyberattacks, and criminals might be motivated to hack into the vehicles' operating systems, steal essential passenger data, or disrupt its operation and jeopardize the passenger's safety. Thus, cybersecurity remains one of the biggest obstacles to overcome to ensure vehicles safety and the contribution that this technology can bring to society. Indeed, the actual and future design and implementation of Autonomous Vehicles imply many communication interfaces, In-vehicle communication of the embedded system, Vehicle-to-X (V2X) communications between the vehicle and other connected vehicles and structures on the roads. Even though the cybersecurity aspect is incorporated by design, meaning that the system needs to satisfy security standards (anti-virus, firewall, etc.), we cannot ensure that all possible breaches are covered. The Intrusion Detection System (IDS) has been introduced in the IT world to assess the state of the network and detect if a violation occurs. Many experiences and the history of IT have inspired the cybersecurity for autonomous vehicles. Nevertheless, autonomous vehicles exhibit their own needs and constraints. The current state of vehicles evolution has been made possible through successive innovations in many industrial and research fields. Artificial Intelligence (AI) is one of them. It enables learning and implementing the most fundamental self-driving tasks. This thesis aims to develop an intelligent invehicle Intrusion detection system (IDS) using machine learning (ml) from an automotive perspective, to assess and evaluate the impact of machine learning on enhancing the security of future vehicle intrusion detection system that fits in-vehicle computational constraints. Future In-vehicle network architecture is composed of different subsystems formed of other ECUs (Electronic Controller Units). Each subsystem is vehicles. Our primary focus is on In-vehicle communication security. We conduct an empirical investigation to determine the underlying needs and constraints that in-vehicle systems require. First, we review the deep learning literature for anomaly detection and studies on autonomous vehicle intrusion detection systems using deep learning. We notice many works on in-vehicle intrusion detection systems, but not all of them consider the constraints of autonomous vehicle systems. We conduct an empirical investigation to determine the underlying needs and constraints that in-vehicle systems require. We review the deep learning literature for anomaly detection, and there is a lack of tailored study on autonomous vehicle intrusion detection systems using Deep Learning (DL). In such applications, the data is unbalanced: the rate of normal examples is much higher than the anomalous examples. The emergence of generative adversarial networks (GANs) has recently brought new algorithms for anomaly detection. We develop an adversarial approach for anomaly detection based on an Encoding adversarial network (EAN). Considering the behaviour and the lightweight nature of in-vehicle networks, we show that EAN remains robust to the increase of normal examples modalities, and only a sub-part of the neural network is used for the detection phase. Controller Area Network (CAN) is one of the mostused vehicle bus standards designed to allow microcontrollers and devices to communicate. We propose a Deep CAN intrusion detection system framework. We introduce a Multi-Variate Time Series representation for asynchronous CAN data. We show that this representation enhances the temporal modelling of deep learning architectures for anomaly detection.
Article
Controller area network (CAN) is the most commonly used bus technology for In-vehicle network and uses multicast communication without corresponding security measures. Therefore, the message data field is vulnerable to tampering and other attacks. Recent machine learning-based intrusion detection methods for CAN bus messages only use the information contained in the message data field and do not take into account the contribution made by the neighboring information of CAN bus messages. In addition, previous models considered the data domain information of CAN bus messages as separate features and did not consider the unique weight of each feature, as well as the second-order interaction information between features. Therefore, we propose a novel intrusion detection model, The Hybrid Similar Neighborhood Robust Factorization Machine Model (HSNRFM), for detecting anomalies in CAN bus messages to address the shortcomings and problems of the previous models. To be able to incorporate the contribution of similar neighborhood information and learn the unique weight parameters of each feature in the model decision process, as well as additional second-order interaction information between features, the HSNRFM model solves the above problem using a similarity calculation method and a factorization machine model. Comprehensive experimental results are compared on real vehicle datasets. The HSNRFM model has AUC values of 0.9216 and 0.901 and AUPR values of 0.9194 and 0.9018 on two real datasets, respectively. And the results show that our proposed HSNRFM model has excellent detection efficiency for intrusion detection of CAN bus messages.
Article
Full-text available
The rapid proliferation of computer networks has changed the prospect of network security. An easy accessibility condition cause computer network’s vulnerable against several threats from hackers. Threats to networks are numerous and potentially devastating. Up to the moment, researchers have developed Intrusion Detection Systems (IDS) capable of detecting attacks in several available environments. A boundlessness of methods for misuse detection as well as anomaly detection has been applied. Many of the technologies proposed are complementary to each other, since for different kind of environments some approaches perform better than others. This paper presents a taxonomy of intrusion detection systems that is then used to survey and classify them. The taxonomy consists of the detection principle, and second of certain operational aspects of the intrusion detection system.
Article
Full-text available
Vehicular communication systems are on the verge of practical deployment. Nonetheless, their security and privacy protection is one of the problems that have been addressed only recently. In order to show the feasibility of secure VC, certain implementations are required. we discuss the design of a VC security system that has emerged as a result of the European SeVe-Com project. In this second article we discuss various issues related to the implementation and deployment aspects of secure VC systems. Moreover, we provide an outlook on open security research issues that will arise as VC systems develop from today's simple prototypes to full-fledged systems.
Article
Full-text available
For new automotive applications and services, information technology (IT) has gained central importance. IT-related costs in car manufacturing are already high and they will increase dramatically in the future. Yet whereas safety and reliability have become a relatively well-established field, the protection of vehicular IT systems against systematic manipulation or intrusion has only recently started to emerge. Nevertheless, IT security is already the base of some vehicular applications such as immobilizers or digital tachographs. To securely enable future automotive applications and business models, IT security will be one of the central technologies for the next generation of vehicles. After a state-of-the-art overview of IT security in vehicles, we give a short introduction into cryptographic terminology and functionality. This contribution will then identify the need for automotive IT security while presenting typical attacks, resulting security objectives, and characteristic constraints within the automotive area. We will introduce core security technologies and relevant security mechanisms followed by a detailed description of critical vehicular applications , business models, and components relying on IT security. We conclude our contribution with a detailed statement about challenges and opportunities for the automotive IT community for embedding IT security in vehicles.
Article
Full-text available
This paper gives the main definitions relating to dependability, a generic concept including a special case of such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures.
Conference Paper
The introduction of the wireless gateway as an entry point to an automobile in-vehicle network reduces the effort of performing diagnostics and firmware updates considerably. Unfortunately, the same gateway also allows cyber attacks to target the unprotected network, which currently lacks proper means for detecting and investigating security-related events. In this paper, we discuss the specifics of performing a digital forensic investigation of an in-vehicle network. An analysis of the current features of the network is performed, and an attacker model is developed. Based on the attacker model and a set of generally accepted forensic investigation principles, we derive a list of requirements for detection, data collection, and event reconstruction. We then use Brian Carrier's Digital Crime Scene Model as a template to illustrate how the requirements affect an investigation. For each phase of the model, we show the benefits of meeting the requirements and the implications of not complying with them.
Chapter
In-car entertainment is part of many new business models in the automotive industry. The security of such services and products has only played a minor role in these concepts. However, business opportunities should not be handled separately from security. This contribution sums up some of the most important factors for a successful strategy in in-car entertainment products and services.
Book
Extended and updated version of the 2005 IEEE Proceedings paper with the same title.
Book
Even though most vehicular IT systems are indeed developed to face technical failures, they rarely consider a systematic malicious encroachment. However, in the degree that vehicular electronics are becoming software-driven, digitally networked and interactive IT systems, dependable security measures are essential to ensure driving safety and enable the automotive industry to achieve different legal requirements. Marko Wolf provides a comprehensive overview of the merging area of vehicular security. Having identified potential threats, attacks, and attackers for current and future vehicular IT applications, the author presents practical security measures to meet the identified security requirements efficiently and dependably.
Chapter
Für viele automobile Anwendungen ist Informationstechnik (IT) von zentraler Bedeutung. Während die Zuverlässigkeit und Fehlertoleranz automobiler IT-Systeme weitgehend sichergestellt werden kann, beginnt sich die Absicherung gegen gezielte Eingriffe und Manipulationen erst langsam zu entwickeln. Nichtsdestotrotz existieren verschiedenste Automobilanwendungen, wie die elektronische Wegfahrsperre oder der digitale Fahrtenschreiber, welche schon jetzt sicherheitskritische Daten verarbeiten. Um auch zukünftige, komplexe Automobilanwendungen sicher realisieren zu können, wird IT-Sicherheit eine Schlüsseltechnologie zukünftiger Fahrzeuggenerationen werden [Ross03], Während OEMs aus dem Automobilbereich bei der Thematik IT-Sicherheit bisher eher auf proprietäre miteinander inkompatible Entwicklungen gesetzt haben, bietet die Technologie des Trusted Computing auch im Automobilbereich zahlreiche Möglichkeiten IT-Sicherheit kostengünstig, kompatibel und zuverlässig umzusetzen. Auch wenn TC bisher eher im Server und Desktopbereich eingesetzt wird, existieren bereits erste Implementierungen [Atme06], welche auch den besonderen Anforderungen eingebetteter Systeme gerecht werden können. Im folgenden Beitrag werden daher nach einer kurzen Einführung in die Thematik der IT-Sicherheit im Automobil einige Anwendungen aus Automobilbereich vorgestellt, welche von den verschiedenen TC-Mechanismen profitieren können. Es werden mögliche Angreifer und Angriffsszenarien identifiziert und klassifiziert, damit anschließend die zugehörigen Sicherheitsziele zusammen mit ihren technischen und organisatorischen Rahmenbedingungen hergeleitet werden können. Der Beitrag schließt mit verschiedenen Lösungsvorschlägen für ein Hardwaresicherheitsmodul und einer prototypischen Implementierung von Trusted Computing Technologie für einen Anwendungsfall aus dem Automobilbereich.
Article
Embedded systems have become an integral part of our everyday life. Devices like vehicles, household appliances, and cell phones are already equipped with embedded microcontrollers. The networking of the myriads of embedded devices gives rise to the brave new world of pervasive computing. Pervasive computing offers enormous advantages and opportunities for users and businesses through new applications, increased comfort, and cost reduction. One often overlooked aspect of pervasive computing, however, are new security threats.This article describes security issues in current and future pervasive security scenarios, ranging from privacy threats and unreliable products to loss of revenue. We also highlight the opportunities, such as new business models, which are enabled through strong embedded security solutions. Current research issues are also summarized. As case studies, we introduce security aspects in future automotive systems and in ad-hoc networks.
Article
Intrusion-detection systems aim at detecting attacks against computer systems and networks, or against information systems in general, as it is difficult to provide provably secure information systems and maintain them in such a secure state for their entire lifetime and for every utilization. Sometimes, legacy or operational constraints do not even allow a fully secure information system to be realized at all. Therefore, the task of intrusion-detection systems is to monitor the usage of such systems and to detect the apparition of insecure states. They detect attempts and active misuse by legitimate users of the information systems or external parties to abuse their privileges or exploit security vulnerabilities. In this paper, we introduce a taxonomy of intrusion-detection systems that highlights the various aspects of this area. This taxonomy defines families of intrusion-detection systems according to their properties. It is illustrated by numerous examples from past and current projects.
Conference Paper
The fast growing Internet technology has affected many areas of human life. As it offers a convenient and widely accepted approach for communication and service distribution it is expected to continue its influence to future system design. Motivated from this successful spreading we assume hypothetical scenarios in our paper, whereby automotive components might also be influenced by omnipresent communication in near future. If such a development would take place it becomes important to investigate the influence to security and safety aspects. Based on today’s wide variety of Internet based security attacks our goal is therefore to simulate and analyze potential security risks and their impact to safety constraints when cars would become equipped and connected with an IP based protocol via unique IP addresses. Therefore, our work should motivate the inserting of security mechanisms into the design, implementation and configuration of the car IT systems from the beginning of the development, which we substantiate by practical demo attacks on recent automotive technology.
Article
The introduction of the wireless gateway as an entry point to an automobile in-vehicle network reduces the effort of performing diagnostics and firmware updates considerably. Unfortunately, the same gateway also allows cyber attacks to target the unprotected network, which currently lacks proper means for detecting and investigating security-related events. In this paper, we discuss the specifics of performing a digital forensic investigation of an in-vehicle network. An analysis of the current features of the network is performed, and an attacker model is developed. Based on the attacker model and a set of generally accepted forensic investigation principles, we derive a list of requirements for detection, data collection, and event reconstruction. We then use Brian Carrier's Digital Crime Scene Model as a template to illustrate how the requirements affect an investigation. For each phase of the model, we show the benefits of meeting the requirements and the implications of not complying with them.
Article
The use of networks for communications between the Electronic Control Units (ECU) of a vehicle in production cars dates from the beginning of the 90s. The specific requirements of the different car domains have led to the development of a large number of automotive networks such as LIN, J1850, CAN, TTP/C, FlexRay, MOST, IDB1394, etc.. This paper first introduces the context of in-vehicle embedded systems and, in particular, the requirements imposed on the communication systems. Then, a comprehensive review of the most widely used, as well as the emerging automotive networks is given. Next, the current efforts of the automotive industry on middleware technologies, which may be of great help in mastering the heterogeneity, are reviewed. Finally, we highlight future trends in the development of automotive communication systems.
Conference Paper
Modern cars offer an increasingly powerful Multimedia environment. While also the potential for an application as Human Computer Interface (HCI) is growing, in this paper we concentrate on already existing possibilities for their use as Computer-Human-Interface (CHI) to communicate system security related information to the driver.After identifying the Intrusion Detection approach from desktop IT as a promising supplemental measure for the IT security of future automotive systems and successfully testing it in practice, in this paper we investigate about how such an automotive Intrusion Detection System (IDS) could communicate security-related information to the driver. We propose an adaptive dynamic concept to address the frequently changing environmental conditions in the automotive domain and discuss it using three exemplarily selected scenarios.
Conference Paper
An upcoming trend for automotive manufacturers is to create seamless interaction between a vehicle and fleet management to provide remote diagnostics and firmware updates over the air. To allow this, the previously isolated in-vehicle network must be connected to an external network, and can thus be exposed to a whole new range of threats known as cyber attacks. In this paper we explore the applicability of a specification-based approach to detect cyber attacks within the in-vehicle network. We derive information to create security specifications for communication and ECU behavior from the CANopen draft standard 3.01 communication protocol and object directory sections. We also provide a set of example specifications, propose a suitable location for the attack detector, and evaluate the detection using a set of attack actions.
Conference Paper
Traditional forensic investigations of vehicles aims at gathering physical evidence since most crimes involving vehicles are physical. However, in the near future digital crimes on vehicles will most likely surge, and therefore it will be necessary to also gather digital evidence. In this paper, we investigate the possibilities of combining physical and digital evidence in forensic investigations of vehicle crime scenes. We show that digital evidence can be used to improve the investigation of physical crimes and, respectively, that physical evidence can be used to improve the investigation of digital crimes. We also recognize that by gathering purely physical or digital evidence certain crimes cannot be solved. Finally, we show that by combining physical and digital evidence it is possible to distinguish between different types of physical and digital crime.
Conference Paper
Intrusion detection plays one of the key roles in computer security techniques and is one of the prime areas of research. Usages of computer network services are tremendously increasing day by day and at the same time intruders are also playing a major role to deny network services, compromising the crucial services for Email, FTP and Web. Realizing the importance of the problem due to intrusions, many researchers have taken up research in this area and have proposed several solutions. It has come to a stage to take a stock of the research results and project a comprehensive view so that further research in this area will be motivated objectively to fulfill the gaps exists till now.
Conference Paper
Security threats to the computer systems have raised the importance of intrusion detection systems. With the advent of new vulnerabilities to computer systems new techniques for intrusion detection have been implemented. Statistical based anomaly detection techniques use statistical properties and statistical tests to determine whether "observed behavior" deviate significantly from the "expected behavior". Statistical based anomaly detection has been a wide area of interest for researchers since it provides the base line for developing a promising technique. This paper presents a guideline for statistical based anomaly detection techniques with the perspective of various scenarios and areas of implementation.
Article
The goal of intrusion detection is seemingly simple: to detect intrusions. However, the task is difficult, and in fact intrusion detection systems do not detect intrusions at all, they only identify evidence of intrusions, either while they are in progress or after the fact. The paper considers data collection issues, intrusion detection techniques, system effectiveness and network wide analysis
Sate of the Art: Embedding Security in Vehicles Special Issue: Embedded Systems for Intelligent Vehicles
  • M Wolf
  • A Weimerskirch
  • T Wollinger