Modern vehicles house many advanced components; sensors and Electronic Control Units (ECUs) — now numbering in the 100s. These components provide various advanced safety, comfort and infotainment features, but they also introduce additional attack vectors for malicious entities. Attackers can compromise one or more of these sensors and flood the vehicle’s internal network with fake sensor values. Falsified sensor values can confuse the driver, and even cause the vehicle to misbehave. Redundancy can be used to address compromised sensors, but adding redundant sensors will increase the cost per vehicle and is therefore less attractive. To balance the need for security and cost-efficiency, we exploit the natural redundancy found in vehicles. Natural redundancy occurs when the same physical phenomenon causes symptoms in multiple sensors. For instance, pressing the accelerator pedal will cause the engine to pump faster and increase the speed of the vehicle. Engine RPM and vehicle speed are multiple sensors which respond in a related fashion to the same cause of the accelerator pedal. The challenge is identifying the relationship between similar but different sensors under normal operation and detecting anomalous be-havior accurately. In this paper, we develop the tools to capture the relationship between sensors. Specifically, we use the pairwise correlation between key variables, and use cluster-analysis to identify distinct behavior of drivers. Moreover, we show preliminary results of using these tools to detect attacks within a vehicular communication bus.
[1]
Jana Dittmann,et al.
Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures
,
2008,
Reliab. Eng. Syst. Saf..
[2]
James R. Sayer,et al.
Integrated vehicle-based safety systems (IVBSS) : human factors and driver-vehicle interface (DVI) summary report
,
2008
.
[3]
Chao Liu,et al.
An Unsupervised Spatiotemporal Graphical Modeling Approach to Anomaly Detection in Distributed CPS
,
2016,
2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).
[4]
Hans-Peter Kriegel,et al.
A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise
,
1996,
KDD.
[5]
Paulo Tabuada,et al.
Robustness of attack-resilient state estimators
,
2014,
2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).
[6]
Matti Valovirta,et al.
Experimental Security Analysis of a Modern Automobile
,
2011
.
[7]
Hovav Shacham,et al.
Comprehensive Experimental Analyses of Automotive Attack Surfaces
,
2011,
USENIX Security Symposium.
[8]
Kang G. Shin,et al.
CPS approach to checking norm operation of a brake-by-wire system
,
2015,
ICCPS.