Advanced Analytics for Connected Car Cybersecurity

The vehicular connectivity revolution is fueling the automotive industry's most significant transformation seen in decades. However, as modern vehicles become more connected, they also become much more vulnerable to cyber-attacks. In this paper, a fully working machine learning approach is proposed to protect connected vehicles (fleets and individuals) against such attacks. We present a system that monitors different vehicle interfaces (Network, CAN, and OS), extracts relevant information based on configurable rules, and sends it to a trained generative model to detect deviations from normal behavior. Using a configurable data collector, we provide a higher level of data abstraction as the model is trained based on events instead of raw data, which has a noise-filtering effect and eliminates the need to retrain the model whenever a protocol changes. We present a new approach for detecting anomalies, tailored to the temporal nature of our domain. Adapting a hybrid approach to the fully temporal setting, we first train a Hidden Markov Model to learn normal vehicle behavior, and then a regression model to calibrate the likelihood threshold for anomaly. Using this architecture, our method detects sophisticated and realistic anomalies, which are missed by other existing methods monitoring the CAN bus only. We also demonstrate the superiority of adaptive thresholds over static ones. Furthermore, our approach scales efficiently from monitoring individual cars to serving large fleets. We demonstrate the competitive advantage of our model via encouraging empirical results.

[1]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[2]  Mario Stanke,et al.  Gene prediction with a hidden Markov model and a new intron submodel , 2003, ECCB.

[3]  Valeria De Fonzo,et al.  Hidden Markov Models in Bioinformatics , 2007 .

[4]  Erland Jonsson,et al.  Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication Codes , 2008, 2008 IEEE 68th Vehicular Technology Conference.

[5]  Xinghuo Yu,et al.  A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection , 2009, IEEE Network.

[6]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[7]  Wenyuan Xu,et al.  Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study , 2010, USENIX Security Symposium.

[8]  Naim Asaj,et al.  Entropy-based anomaly detection for in-vehicle networks , 2011, 2011 IEEE Intelligent Vehicles Symposium (IV).

[9]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[10]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[11]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[12]  Daniel Krajzewicz,et al.  Recent Development and Applications of SUMO - Simulation of Urban MObility , 2012 .

[13]  Robert Bosch,et al.  CAN with Flexible Data-Rate , 2012 .

[14]  Andreas Theissler Anomaly detection in recordings from in-vehicle networks , 2015 .

[15]  Jung Kyu Park,et al.  A Statistical-Based Anomaly Detection Method for Connected Cars in Internet of Things Environment , 2015, IOV.

[16]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[17]  Laurence T. Yang,et al.  An Intelligent Information Forwarder for Healthcare Big Data Systems With Distributed Wearable Sensors , 2016, IEEE Systems Journal.

[18]  Anupam Joshi,et al.  OBD_SecureAlert: An Anomaly Detection System for Vehicles , 2016, 2016 IEEE International Conference on Smart Computing (SMARTCOMP).

[19]  Albert Held,et al.  POSTER: Anomaly-based misbehaviour detection in connected car backends , 2016, 2016 IEEE Vehicular Networking Conference (VNC).

[20]  Huy Kang Kim,et al.  Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network , 2016, 2016 International Conference on Information Networking (ICOIN).

[21]  Roy E. Welsch,et al.  Anomaly detection via a Gaussian Mixture Model for flight operation and safety monitoring , 2016 .

[22]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[23]  Michele Colajanni,et al.  Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms , 2016, 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI).

[24]  Nathalie Japkowicz,et al.  Anomaly Detection in Automobile Control Network Data with Long Short-Term Memory Networks , 2016, 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA).

[25]  Ibrahim Khalil,et al.  PEACE-Home: Probabilistic estimation of abnormal clinical events using vital sign correlations for reliable home-based monitoring , 2017, Pervasive Mob. Comput..

[26]  Aryeh Kontorovich,et al.  Temporal anomaly detection: calibrating the surprise , 2017, AAAI.