Advertisement

ECU-Secure: Characteristic Functions for In-Vehicle Intrusion Detection

  • Yannick ChevalierEmail author
  • Roland Rieke
  • Florian Fenzl
  • Andrey Chechulin
  • Igor Kotenko
Conference paper
  • 205 Downloads
Part of the Studies in Computational Intelligence book series (SCI, volume 868)

Abstract

Growing connectivity of vehicles induces increasing attack surfaces and thus the demand for a sophisticated security strategy. One part of such a strategy is to accurately detect intrusive behavior in an in-vehicle network. Therefore, we built a log analyzer in C that focused on payload bytes having either a small set of different values or a small set of possible changes. While being an order of magnitude faster, the accuracy of the results obtained is at least comparable with results obtained using standard machine learning techniques. Thus, this approach is an interesting option for implementation within in-vehicle embedded systems. Another important aspect is that the explainability of the results is better compared to deep learning systems.

Keywords

Controller area network security Intrusion detection Anomaly detection Machine learning Automotive security Security monitoring 

Notes

Acknowledgement

This research is partially supported by the German Federal Ministry of Education and Research in the context of the project VITAF (ID 16KIS0835).

References

  1. 1.
    Al-Jarrah, O.Y., Maple, C., Dianati, M., Oxtoby, D., Mouzakitis, A.: Intrusion detection systems for intra-vehicle networks: a review. IEEE Access 7, 21266–21289 (2019).  https://doi.org/10.1109/ACCESS.2019.2894183CrossRefGoogle Scholar
  2. 2.
    Berger, I., Rieke, R., Kolomeets, M., Chechulin, A., Kotenko, I.: Comparative study of machine learning methods for in-vehicle intrusion detection. In: Computer Security. ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, 6–7 September 2018, Revised selected papers. Lecture Notes in Computer Science, vol. 11387, pp. 85–101. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-12786-2_6CrossRefGoogle Scholar
  3. 3.
    Cho, K., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection. In: Holz, T., Savage, S. (eds.) 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, 10–12 August 2016, pp. 911–927. USENIX Association (2016)Google Scholar
  4. 4.
    Chockalingam, V., Larson, I., Lin, D., Nofzinger, S.: Detecting attacks on the CAN protocol with machine learning (2016)Google Scholar
  5. 5.
    Choi, W., Joo, K., Jo, H.J., Park, M.C., Lee, D.H.: VoltageIDS: low-level communication characteristics for automotive intrusion detection system. IEEE Trans. Inf. Forensics Secur. 13(8), 2114–2129 (2018)CrossRefGoogle Scholar
  6. 6.
    ENISA: cyber security and resilience of smart cars. Tech. rep. ENISA (2016).  https://doi.org/10.2824/87614
  7. 7.
    Hacking and Countermeasure Research Lab (HCRL): Car-Hacking Dataset for the intrusion detection (2018). http://ocslab.hksecurity.net/Datasets/CAN-intrusion-dataset. Accessed 28 Jun 2018
  8. 8.
    Hoppe, T., Kiltz, S., Dittmann, J.: Security threats to automotive CAN networks - practical examples and selected short-term countermeasures. Reliab. Eng. Syst. Saf. 96, 11–25 (2011)CrossRefGoogle Scholar
  9. 9.
    Kang, M.J., Kang, J.W.: A novel intrusion detection method using deep neural network for in-vehicle network security. In: 2016 IEEE 83rd Vehicular Technology Conference (VTC Spring) (2016)Google Scholar
  10. 10.
    Lai, L., Suda, N., Chandra, V.: CMSIS-NN: efficient neural network kernels for arm cortex-M CPUS. CoRR abs/1801.06601 (2018). http://arxiv.org/abs/1801.06601
  11. 11.
    Larson, U.E., Nilsson, D.K., Jonsson, E.: An approach to specification-based attack detection for in-vehicle networks. In: Intelligent Vehicles Symposium 2008, pp. 220–225. IEEE (2008)Google Scholar
  12. 12.
    Levi, M., Allouche, Y., Kontorovich, A.: Advanced analytics for connected cars cyber security. CoRR abs/1711.01939 (2017)Google Scholar
  13. 13.
    Marchetti, M., Stabili, D.: Anomaly detection of CAN bus messages through analysis of id sequences. In: 2017 IEEE Intelligent Vehicles Symposium (IV), pp. 1577–1583 (2017)Google Scholar
  14. 14.
    Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Tech. rep. IOActive Labs (2015)Google Scholar
  15. 15.
    Müller-Quade, J., et al.: Cybersecurity research: challenges and course of action. Tech. rep. Karlsruher Institut für Technologie (KIT) (2019).  https://doi.org/10.5445/IR/1000090060
  16. 16.
    Müter, M., Asaj, N.: Entropy-based anomaly detection for in-vehicle networks. In: 2011 IEEE Intelligent Vehicles Symposium (IV), pp. 1110–1115 (2011)Google Scholar
  17. 17.
    Narayanan, S.N., Mittal, S., Joshi, A.: OBD securealert: an anomaly detection system for vehicles. In: IEEE Workshop on Smart Service Systems (SmartSys 2016) (2016)Google Scholar
  18. 18.
    Rieke, R., Seidemann, M., Talla, E.K., Zelle, D., Seeger, B.: Behavior analysis for safety and security in automotive systems. In: 25nd Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP) 2017, pp. 381–385. IEEE Computer Society (2017)Google Scholar
  19. 19.
    Song, H., Kim, H., Kim, H.: Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network, March 2016, vol. 2016, pp. 63–68. IEEE Computer Society (2016)Google Scholar
  20. 20.
    Studnia, I., Alata, E., Nicomette, V., Kaâniche, M., Laarouchi, Y.: A language-based intrusion detection approach for automotive embedded networks. In: The 21st IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2015) (2014)Google Scholar
  21. 21.
    Studnia, I., Nicomette, V., Alata, E., Deswarte, Y., Kaâniche, M., Laarouchi, Y.: Security of embedded automotive networks: state of the art and a research proposal. In: Roy, M. (ed.) SAFECOMP 2013 - Workshop CARS of the 32nd International Conference on Computer Safety, Reliability and Security (2013)Google Scholar
  22. 22.
    Taylor, A., Leblanc, S.P., Japkowicz, N.: Probing the limits of anomaly detectors for automobiles with a cyber attack framework. IEEE Intell. Syst. PP(99), 1 (2018)Google Scholar
  23. 23.
    Theissler, A.: Anomaly detection in recordings from in-vehicle networks. In: Proceedings of Big Data Applications and Principles First International Workshop, 11–12 September 2014, BIGDAP 2014, Madrid, Spain (2014)Google Scholar
  24. 24.
    Wei, Z., Yang, Y., Rehana, Y., Wu, Y., Weng, J., Deng, R.H.: IoVShield: an efficient vehicular intrusion detection system for self-driving (short paper), pp. 638–647. Springer International Publishing, Cham (2017)CrossRefGoogle Scholar
  25. 25.
    Wolf, M., Weimerskirch, A., Paar, C.: Security in automotive bus systems. In: Proceedings of the Workshop on Embedded Security in Cars, July 2004, pp. 1–13 (2004)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Yannick Chevalier
    • 1
    Email author
  • Roland Rieke
    • 2
  • Florian Fenzl
    • 3
  • Andrey Chechulin
    • 4
  • Igor Kotenko
    • 4
  1. 1.Paul Sabatier UniversityToulouseFrance
  2. 2.Fraunhofer Institute for Secure Information TechnologyDarmstadtGermany
  3. 3.University of Applied Sciences MittelhessenGiessenGermany
  4. 4.SPIIRASSt-PetersburgRussia

Personalised recommendations