Continuous fields: Enhanced in-vehicle anomaly detection using machine learning models

Abstract The attack surface of a modern vehicle increases with its connectivity. A strategy to prevent attacks or at least to identify such attacks and to mitigate their effects is therefore imperative. The detection of indications for intrusive behavior in an in-vehicle network is an important aspect of a holistic security concept. The structure of the payload of in-vehicle messages with respect to the encoded sensor values is in general confidential. Therefore, most researchers consider the structure of the in-vehicle messages to be bit- or byte-fields. However, this may hide anomalies which are characterized by correlations between sensor values transferred by the in-vehicle messages. In this work, we evaluate the influence of accuracy of the model of the payload structure with respect to the actual sensor values on the results of different intrusion detection methods. In particular, we analyze if an improved alignment is helpful to detect anomalies introduced by stealthy intrusions. In order to cover conceptually different modeling and reasoning techniques, we adapted a deep learning approach as well as a characteristic functions based intrusion detection approach to utilize such message streams. An important aspect is that the explainability of the results is better compared to deep learning systems. We further developed a set of test vectors based on log files of a vehicle enriched by different intrusions. In particular, we included simulations of stealthy intrusions which mask certain sensor values within the respective messages. The effectiveness of the developed methods is demonstrated by various experiments.

[1]  Dong Hoon Lee,et al.  VoltageIDS: Low-Level Communication Characteristics for Automotive Intrusion Detection System , 2018, IEEE Transactions on Information Forensics and Security.

[2]  Mirco Marchetti,et al.  READ: Reverse Engineering of Automotive Data Frames , 2003, IEEE Transactions on Information Forensics and Security.

[3]  Mirco Marchetti,et al.  Anomaly detection of CAN bus messages through analysis of ID sequences , 2017, 2017 IEEE Intelligent Vehicles Symposium (IV).

[4]  Tomas Olovsson,et al.  Extending AUTOSAR's Counter-Based Solution for Freshness of Authenticated Messages in Vehicles , 2019, 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC).

[5]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[6]  Carsten Maple,et al.  Intrusion Detection Systems for Intra-Vehicle Networks: A Review , 2019, IEEE Access.

[7]  Jerry den Hartog,et al.  A Survey of Network Intrusion Detection Systems for Controller Area Network , 2019, 2019 IEEE International Conference of Vehicular Electronics and Safety (ICVES).

[8]  Bernhard Seeger,et al.  Behavior Analysis for Safety and Security in Automotive Systems , 2017, 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP).

[9]  Huy Kang Kim,et al.  Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network , 2016, 2016 International Conference on Information Networking (ICOIN).

[10]  Vincent Nicomette,et al.  A language-based intrusion detection approach for automotive embedded networks , 2015, Int. J. Embed. Syst..

[11]  Yannick Chevalier,et al.  ECU-Secure: Characteristic Functions for In-Vehicle Intrusion Detection , 2019, IDC.

[12]  Avishai Wool,et al.  Field classification, modeling and anomaly detection in unknown CAN bus networks , 2017, Veh. Commun..

[13]  Je-Won Kang,et al.  A Novel Intrusion Detection Method Using Deep Neural Network for In-Vehicle Network Security , 2016, 2016 IEEE 83rd Vehicular Technology Conference (VTC Spring).

[14]  Ronald Davis,et al.  Neural networks and deep learning , 2017 .

[15]  Naim Asaj,et al.  Entropy-based anomaly detection for in-vehicle networks , 2011, 2011 IEEE Intelligent Vehicles Symposium (IV).

[16]  Anupam Joshi,et al.  OBD_SecureAlert: An Anomaly Detection System for Vehicles , 2016, 2016 IEEE International Conference on Smart Computing (SMARTCOMP).

[17]  Christoph Krauß,et al.  SEPAD – Security Evaluation Platform for Autonomous Driving , 2020, 2020 28th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP).

[18]  Igor V. Kotenko,et al.  Comparative Study of Machine Learning Methods for In-Vehicle Intrusion Detection , 2018, CyberICPS/SECPRE@ESORICS.

[19]  D.K. Nilsson,et al.  An approach to specification-based attack detection for in-vehicle networks , 2008, 2008 IEEE Intelligent Vehicles Symposium.

[20]  Michele Colajanni,et al.  Detecting attacks to internal vehicle networks through Hamming distance , 2017, 2017 AEIT International Annual Conference.

[21]  Nathalie Japkowicz,et al.  Anomaly Detection in Automobile Control Network Data with Long Short-Term Memory Networks , 2016, 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA).

[22]  Robert H. Deng,et al.  IoVShield: An Efficient Vehicular Intrusion Detection System for Self-driving (Short Paper) , 2017, ISPEC.

[23]  Nathalie Japkowicz,et al.  Frequency-based anomaly detection for the automotive CAN bus , 2015, 2015 World Congress on Industrial Control Systems Security (WCICSS).

[24]  Adrian Taylor,et al.  Probing the Limits of Anomaly Detectors for Automobiles with a Cyberattack Framework , 2018, IEEE Intelligent Systems.

[25]  Shwetak N. Patel,et al.  Experimental Security Analysis of a Modern Automobile , 2010, 2010 IEEE Symposium on Security and Privacy.