Survey of Automotive Controller Area Network Intrusion Detection Systems

Novel attacks continue to appear against in-vehicle networks due to the increasing complexity of heterogeneous software and hardware components used in vehicles. These new components introduce challenges when developing efficient and adaptable security mechanisms. Several intrusion detection systems (IDS) have been proposed to identify and protect in-vehicle networks against malicious activities. We describe the state-of-the-art intrusion detection methods for securing automotive networks, with special focus on the Controller Area Network (CAN). We provide a description of vulnerabilities, highlight threat models, identify known attack vectors present in CAN, and discuss the advantages and disadvantages of suggested solutions

Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes

The modern automobile relies on numerous electronic control units communicating over the de facto standard of the controller area network (CAN) bus. This communication network was not developed with cybersecurity in mind. Many methods based on constant time intervals between messages have been proposed to address this lack of security issue with the CAN bus. However, these existing methods may struggle to handle variable time intervals between messages during transitions of vehicle driving modes. This paper proposes a simple and cost-effective method to ensure the security of the CAN bus that is based on constant message frequencies across vehicle driving modes. This proposed method does not require any modifications on the existing CAN bus and it is designed with the intent for efficient execution in platforms with very limited computational resources. Test results with the proposed method against two different vehicles and a frequency domain analysis are also presented in the paper

Summer Engagement in Cyber Undergraduate Research Experiences (SECURE)

Background: This virtual initiative, called Summer Engagement in Cyber Undergraduate Research Experiences (SECURE), was established as a response to support students who may have lost summer internships and/or have financial hardships due to COVID-19. Several students in the program were NSF S-STEM scholars, a mix of computer engineering, cyber security engineering, electrical engineering and software engineering students.Purpose/Hypothesis: The main question addressed by this initiative was whether we could build a virtual undergraduate research experience that enabled students to apply their studies and knowledge similarly as they would in a traditional summer internship. Goals for the experience included providing small-group mentoring as well as broader opportunities for students to learn about design and research skills and to collaborate across projects.Design/Method: Sixteen paid students were assigned to one of ten projects. Several students were classified as sophomores, and others were more advanced. Projects were proposed by faculty mentors with an emphasis on the development of educational experiences using research and/or design approaches. Several projects revolved around cyber security. We introduced students to the research process, while adapting to the limitations of a virtual program. While our main goal was to support students and provide summer work, we also made progress on projects that were established before the program.Results: The SECURE program operated from May 18 through July 31, 2020. The program was funded using funds remaining in an NSF grant with the approval of the program manager. It was successfully implemented through the concerted efforts of faculty, staff and graduate students to rapidly set up program operations. The goals for the program were met, and the feedback from the students and mentors were very positive.Conclusions: We demonstrated it is possible to rapidly build a virtual internship program to meet student needs, and we are working to obtain funding to continue the project next summer. The future goal will be to offer a hybrid model where students can be virtual or a combination of virtual and on-campus

Comparing Energy Efficiency of CPU, GPU and FPGA Implementations for Vision Kernels

Developing high performance embedded vision applications requires balancing run-time performance with energy constraints. Given the mix of hardware accelerators that exist for embedded computer vision (e.g. multi-core CPUs, GPUs, and FPGAs), and their associated vendor optimized vision libraries, it becomes a challenge for developers to navigate this fragmented solution space. To aid with determining which embedded platform is most suitable for their application, we conduct a comprehensive benchmark of the run-time performance and energy efficiency of a wide range of vision kernels. We discuss rationales for why a given underlying hardware architecture innately performs well or poorly based on the characteristics of a range of vision kernel categories. Specifically, our study is performed for three commonly used HW accelerators for embedded vision applications: ARM57 CPU, Jetson TX2 GPU and ZCU102 FPGA, using their vendor optimized vision libraries: OpenCV, VisionWorks and xfOpenCV. Our results show that the GPU achieves an energy/frame reduction ratio of 1.1–3.2× compared to the others for simple kernels. While for more complicated kernels and complete vision pipelines, the FPGA outperforms the others with energy/frame reduction ratios of 1.2–22.3×. It is also observed that the FPGA performs increasingly better as a vision application’s pipeline complexity grows

Real-time Simulation of Dynamic Vehicle Models using a High-performance Reconfigurable Platform

A purely software-based approach for Real-Time Simulation (RTS) may have difficulties in meeting real-time constraints for complex physical model simulations. In this paper, we present a methodology for the design and im-plementationofRTS algorithms,basedontheuseof Field-ProgrammableGateArray(FPGA) technologytoimprove the response time of these models. Our methodology utilizes traditional hardware/software co-design approaches to generate a heterogeneous architecture for an FPGA-based simulator. The hardware design was optimized such that it efficiently utilizes the parallel nature of FPGAs and pipelines the independent operations. Further enhancement is obtained through the use of custom accelerators for common non-linear functions. Since the systems we examined had relatively low response time requirements, our approach greatly simplifies the software components by porting the computationally complexregionsto hardware.We illustratethe partitioningofa hardware-based simulator design across dual FPGAs, initiateRTS usinga system input froma Hardware-in-the-Loop (HIL) framework, and use these simulation results from our FPGA-based platform to perform response analysis. The total simulation time, which includes the time required to receive the system input over a socket (without HIL), software initialization, hardware computation, and transferof simulation results backovera socket, showsa speedup of 2× as compared to a simi-lar setup with no hardware acceleration. The correctness of the simulation output from the hardware has also been validated with the simulated results from the software-only design

Anomaly Detection Approach Using Adaptive Cumulative Sum Algorithm for Controller Area Network

The modern vehicle has transformed from a purely mechanical system to a system that embeds several electronic devices. These devices communicate through the in-vehicle network for enhanced safety and comfort but are vulnerable to cyber-physical risks and attacks. A well-known technique of detecting these attacks and unusual events is by using intrusion detection systems. Anomalies in the network occur at unknown points and produce abrupt changes in the statistical features of the message stream. In this paper, we propose an anomaly-based intrusion detection approach using the cumulative sum (CUSUM) change-point detection algorithm to detect data injection attacks on the controller area network (CAN) bus. We leverage the parameters required for the change-point algorithm to reduce false alarm rate and detection delay. Using real dataset generated from a car in normal operation, we evaluate our detection approach on three different kinds of attack scenarios

Reverse Engineering Controller Area Network Messages using Unsupervised Machine Learning

The smart city landscape is rife with opportunities for mobility and economic optimization, but also presents many security concerns spanning the range of components and systems in the smart ecosystem. One key enabler for this ecosystem is smart transportation and transit, which is foundationally built upon connected vehicles. Ensuring vehicular security, while necessary to guarantee passenger and pedestrian safety, is itself challenging due to the broad attack surfaces of modern automotive systems. A single car contains dozens to hundreds of small embedded computing devices known as electronic control units (ECUs) executing 100s of millions of lines of code; the inherent complexity of this tightly-integrated cyber-physical system (CPS) is one of the key problems that frustrate effective security. We describe an approach to help reduce the complexity of security analyses by leveraging unsupervised machine learning to learn clusters of messages passed between ECUs that correlate with changes in the CPS state of a vehicle as it moves throughout the world. Our approach can help to improve the security of vehicles in a smart city, and can leverage smart city infrastructure to further enrich and refine the quality of the machine learning output

Teaching Graphics Processing and Architecture using a Hardware Prototyping Approach

Abstract-Since its introduction over two decades ago, graphics hardware has continued to evolve to improve rendering performance and increase programmability. While most undergraduate courses in computer graphics focus on rendering algorithms and programming APIs, we have recently created an undergraduate senior elective course that focuses on graphics processing and architecture, with a strong emphasis on laboratory work targeting hardware prototyping of the 3D rendering pipeline. In this paper, we present the overall course layout and FPGA-based laboratory infrastructure, that by the end of the semester enables students to implement an OpenGL-compliant graphics processor. To our knowledge, this class is the first that takes a hardware prototyping approach to teaching computer graphics and architecture

An fpga implementation of decision tree classification

Data mining techniques are a rapidly emerging class of applications that have widespread use in several fields. One important problem in data mining is Classification, which is the task of assigning objects to one of several predefined categories. Among the several solutions developed, Decision Tree Classification (DTC) is a popular method that yields high accuracy while handling large datasets. However, DTC is a computationally intensive algorithm, and as data sizes increase, its running time can stretch to several hours. In this paper, we propose a hardware implementation of Decision Tree Classification. We identify the computeintensive kernel (Gini Score computation) in the algorithm, and develop a highly efficient architecture, which is further optimized by reordering the computations and by using a bitmapped data structure. Our implementation on a Xilinx Virtex-II Pro FPGA platform (with 16 Gini units) provides up to 5.58 × performance improvement over an equivalent software implementation.