4,226 research outputs found

    A Real-Time Remote IDS Testbed for Connected Vehicles

    Full text link
    Connected vehicles are becoming commonplace. A constant connection between vehicles and a central server enables new features and services. This added connectivity raises the likelihood of exposure to attackers and risks unauthorized access. A possible countermeasure to this issue are intrusion detection systems (IDS), which aim at detecting these intrusions during or after their occurrence. The problem with IDS is the large variety of possible approaches with no sensible option for comparing them. Our contribution to this problem comprises the conceptualization and implementation of a testbed for an automotive real-world scenario. That amounts to a server-side IDS detecting intrusions into vehicles remotely. To verify the validity of our approach, we evaluate the testbed from multiple perspectives, including its fitness for purpose and the quality of the data it generates. Our evaluation shows that the testbed makes the effective assessment of various IDS possible. It solves multiple problems of existing approaches, including class imbalance. Additionally, it enables reproducibility and generating data of varying detection difficulties. This allows for comprehensive evaluation of real-time, remote IDS.Comment: Peer-reviewed version accepted for publication in the proceedings of the 34th ACM/SIGAPP Symposium On Applied Computing (SAC'19

    Anomaly detection with machine learning for automotive cyber-physical systems

    Get PDF
    2022 Spring.Includes bibliographical references.Today's automotive systems are evolving at a rapid pace and there has been a seismic shift in automotive technology in the past few years. Automakers are racing to redefine the automobile as a fully autonomous and connected system. As a result, new technologies such as advanced driver assistance systems (ADAS), vehicle-to-vehicle (V2V), 5G vehicle to infrastructure (V2I), and vehicle to everything (V2X), etc. have emerged in recent years. These advances have resulted in increased responsibilities for the electronic control units (ECUs) in the vehicles, requiring a more sophisticated in-vehicle network to address the growing communication needs of ECUs with each other and external subsystems. This in turn has transformed modern vehicles into a complex distributed cyber-physical system. The ever-growing connectivity to external systems in such vehicles is introducing new challenges, related to the increasing vulnerability of such vehicles to various cyber-attacks. A malicious actor can use various access points in a vehicle, e.g., Bluetooth and USB ports, telematic systems, and OBD-II ports, to gain unauthorized access to the in-vehicle network. These access points are used to gain access to the network from the vehicle's attack surface. After gaining access to the in-vehicle network through an attack surface, a malicious actor can inject or alter messages on the network to try to take control of the vehicle. Traditional security mechanisms such as firewalls only detect simple attacks as they do not have the ability to detect more complex attacks. With the increasing complexity of vehicles, the attack surface increases, paving the way for more complex and novel attacks in the future. Thus, there is a need for an advanced attack detection solution that can actively monitor the in-vehicle network and detect complex cyber-attacks. One of the many approaches to achieve this is by using an intrusion detection system (IDS). Many state-of-the-art IDS employ machine learning algorithms to detect cyber-attacks for its ability to detect both previously observed as well as novel attack patterns. Moreover, the large availability of in-vehicle network data and increasing computational power of the ECUs to handle emerging complex automotive tasks facilitates the use of machine learning models. Therefore, due to its large spectrum of attack coverage and ability to detect complex attack patterns, we adopt and propose two novel machine learning based IDS frameworks (LATTE and TENET) for in-vehicle network anomaly detection. Our proposed LATTE framework uses sequence models, such as LSTMs, in an unsupervised setting to learn the normal system behavior. LATTE leverages the learned information at runtime to detect anomalies by observing for any deviations from the learned normal behavior. Our proposed LATTE framework aims to maximize the anomaly detection accuracy, precision, and recall while minimizing the false-positive rate. The increased complexity of automotive systems has resulted in very long term dependencies between messages which cannot be effectively captured by LSTMs. Hence to overcome this problem, we proposed a novel IDS framework called TENET. TENET employs a novel convolutional neural attention (TCNA) based architecture to effectively learn very-long term dependencies between messages in an in-vehicle network during the training phase and leverage the learned information in combination with a decision tree classifier to detect anomalous messages. Our work aims to efficiently detect a multitude of attacks in the in-vehicle network with low memory and computational overhead on the ECU

    Ein mehrschichtiges sicheres Framework für Fahrzeugsysteme

    Get PDF
    In recent years, significant developments were introduced within the vehicular domain, evolving the vehicles to become a network of many embedded systems distributed throughout the car, known as Electronic Control Units (ECUs). Each one of these ECUs runs a number of software components that collaborate with each other to perform various vehicle functions. Modern vehicles are also equipped with wireless communication technologies, such as WiFi, Bluetooth, and so on, giving them the capability to interact with other vehicles and roadside infrastructure. While these improvements have increased the safety of the automotive system, they have vastly expanded the attack surface of the vehicle and opened the door for new potential security risks. The situation is made worse by a lack of security mechanisms in the vehicular system which allows the escalation of a compromise in one of the non-critical sub-systems to threaten the safety of the entire vehicle and its passengers. This dissertation focuses on providing a comprehensive framework that ensures the security of the vehicular system during its whole life-cycle. This framework aims to prevent the cyber-attacks against different components by ensuring secure communications among them. Furthermore, it aims to detect attacks which were not prevented successfully, and finally, to respond to these attacks properly to ensure a high degree of safety and stability of the system.In den letzten Jahren wurden bedeutende Entwicklungen im Bereich der Fahrzeuge vorgestellt, die die Fahrzeuge zu einem Netzwerk mit vielen im gesamten Fahrzeug verteile integrierte Systeme weiterentwickelten, den sogenannten Steuergeräten (ECU, englisch = Electronic Control Units). Jedes dieser Steuergeräte betreibt eine Reihe von Softwarekomponenten, die bei der Ausführung verschiedener Fahrzeugfunktionen zusammenarbeiten. Moderne Fahrzeuge sind auch mit drahtlosen Kommunikationstechnologien wie WiFi, Bluetooth usw. ausgestattet, die ihnen die Möglichkeit geben, mit anderen Fahrzeugen und der straßenseitigen Infrastruktur zu interagieren. Während diese Verbesserungen die Sicherheit des Fahrzeugsystems erhöht haben, haben sie die Angriffsfläche des Fahrzeugs erheblich vergrößert und die Tür für neue potenzielle Sicherheitsrisiken geöffnet. Die Situation wird durch einen Mangel an Sicherheitsmechanismen im Fahrzeugsystem verschärft, die es ermöglichen, dass ein Kompromiss in einem der unkritischen Subsysteme die Sicherheit des gesamten Fahrzeugs und seiner Insassen gefährdet kann. Diese Dissertation konzentriert sich auf die Entwicklung eines umfassenden Rahmens, der die Sicherheit des Fahrzeugsystems während seines gesamten Lebenszyklus gewährleistet. Dieser Rahmen zielt darauf ab, die Cyber-Angriffe gegen verschiedene Komponenten zu verhindern, indem eine sichere Kommunikation zwischen ihnen gewährleistet wird. Darüber hinaus zielt es darauf ab, Angriffe zu erkennen, die nicht erfolgreich verhindert wurden, und schließlich auf diese Angriffe angemessen zu reagieren, um ein hohes Maß an Sicherheit und Stabilität des Systems zu gewährleisten

    Automotive Ethernet architecture and security: challenges and technologies

    Get PDF
    Vehicle infrastructure must address the challenges posed by today's advances toward connected and autonomous vehicles. To allow for more flexible architectures, high-bandwidth connections and scalability are needed to connect many sensors and electronic control units (ECUs). At the same time, deterministic and low latency is a critical and significant design requirement to support urgent real-time applications in autonomous vehicles. As a recent solution, the time-sensitive network (TSN) was introduced as Ethernet-based amendments in IEEE 802.1 TSN standards to meet those needs. However, it had hurdle to be overcome before it can be used effectively. This paper discusses the latest studies concerning the automotive Ethernet requirements, including transmission delay studies to improve worst-case end-to-end delay and end-to-end jitter. Also, the paper focuses on the securing Ethernet-based in-vehicle networks (IVNs) by reviewing new encryption and authentication methods and approaches
    corecore