Network Security Monitoring in Automotive Domain

  • Daniel GrimmEmail author
  • Felix Pistorius
  • Eric Sax
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1129)


With the development of autonomous vehicles, the networking of vehicles with their surroundings continues to increase. On the one hand, wireless interfaces enable vehicle owners to communicate with other vehicles or infrastructure to use new applications such as smart parking services in car parks. On the other hand, external communication interfaces impose vulnerabilities to vehicles that can be exploited by cyber threats. The worst case scenario would be that unauthorized persons remotely take control of driving functions. The development of suitable countermeasures is increasingly coming into the focus of industry and research. In addition to authentication and encryption algorithms for the CAN (Controller Area Network) bus system, methods for monitoring network security in vehicles, for example by means of intrusion detection systems, are a current field of research. At the moment, CAN is the most popular bus system in automotive in-vehicle communication, but new technologies such as Automotive Ethernet arise. Hence, security for modern vehicles has to deal with various bus systems inducing different challenges.

In this work, we introduce a classification of techniques to monitor vehicle communications for security purposes to the automotive domain. Typical security measures in enterprise information technology are systematically compared with the state of the art in vehicle security. Our work serves to identify open fields of research and to classify future work.


Automotive Security Network Monitoring 


  1. 1.
    McCandless, D., Doughty-White, P., Quick, M.: Code bases: millions of lines of code (2015). 13 Sept 2019
  2. 2.
    Charette, R.N.: This car runs on code. IEEE Spectr. (2009). 13 Sept 2019
  3. 3.
    Wyglinski, A.M., Huang, X., Padir, T., Lai, L., Eisenbarth, T.R., Venkatasubramanian, K.: Security of autonomous systems employing embedded computing and sensors. IEEE Micro 33(1), 80–86 (2013)CrossRefGoogle Scholar
  4. 4.
    Hyundai Media Newsroom: How will the Internet of Things transform the car industry? Hyundai Media Newsroom (2017). 13 Sept 2019
  5. 5.
    PwC: The 2017 PwC’s strategy & digital auto report (2017). 13 Sept 2019
  6. 6.
    Coppola, R., Morisio, M.: Connected car. ACM Comput. Surv. 49(3), 1–36 (2016)CrossRefGoogle Scholar
  7. 7.
    Hartmann, F., Pistorius, F., Lauber, A., Hildenbrand, K., Becker, J., Stork, W.: Design of an embedded UWB hardware platform for navigation in GPS denied environments. In: 2015 IEEE Symposium on Communications and Vehicular Technology in the Benelux (SCVT), pp. 1–6. IEEE, Piscataway, NJ (2015)Google Scholar
  8. 8.
    Miller, C., Valasek, C.: A survey of remote automotive attack surfaces (2014). 13 Sept 2019
  9. 9.
    Navale, V.M., Williams, K., Lagospiris, A., Schaffert, M., Schweiker, M.A.: (R)evolution of E/E architectures. SAE Int. J. Passeng. Cars Electron. Electr. Syst. 8(2), 282–288 (2015)CrossRefGoogle Scholar
  10. 10.
    National Highway Traffic Safety Administration: Cybersecurity Best Practices for Modern Vehicles (2016). 13 Sept 2019
  11. 11.
    Weber, M., Pistorius, F., Sax, E., Maas, J., Zimmer, B.: A hybrid anomaly detection system for electronic control units featuring replicator neural networks. In: Arai, K., Kapoor, S., Bhatia, R. (eds.) Advances in Information and Communication Networks, Advances in Intelligent Systems and Computing, vol. 887, pp. 43–62. Springer, Cham (2019)CrossRefGoogle Scholar
  12. 12.
    Hoppe, T., Kiltz, S., Dittmann, J.: Applying intrusion detection to automotive it-early insights and remaining challenges. J. Inf. Assur. Secur. (JIAS) 4(6), 226–235 (2009)Google Scholar
  13. 13.
    Hewlett Packard Enterprise: What is security monitoring - HPE definition glossary (2019). 13 Sept 2019
  14. 14.
    AUTOSAR Foundation: Specification of secure onboard communication. Document Identification No. 654 (2017)Google Scholar
  15. 15.
  16. 16.
    Zimmermann, W., Schmidgall, R.: Bus systeme in der Fahrzeugtechnik: Protokolle, Standards und Softwarearchitektur. ATZ/MTZ-Fachbuch, Springer Vieweg, Wiesbaden, 5., aktual. und erw. aufl. edn. (2014)Google Scholar
  17. 17.
  18. 18.
    IEEE Standards Association: ISO/IEC/IEEE International Standard - Part 3: Standard for Ethernet - Amendment 1: Physical Layer Specifications and Management Parameters for 100 Mb/s Operation over a Single Balanced Twisted Pair Cable (100BASE-T1), 8802-3:2017/Amd 1-2017 (2018)Google Scholar
  19. 19.
    ISO/IEC/IEEE: International Standard - Information technology – Telecommunications and information exchange between systems – Local and metropolitan area networks – Specific requirements – Part 3: Standard for Ethernet Amendment 4: Physical Layer Specifications and Management Parameters for 1 Gb/s Operation over a Single Twisted-Pair Copper Cable, 8802-3:2017/Amd 4-2017 (2017)Google Scholar
  20. 20.
    IEEE Standards Association: Standard for Ethernet Physical Layer Specifications and Management Parameters for Greater Than 1 Gb/s Automotive Ethernet (scheduled for fall 2019), p802.3ch (2019).
  21. 21.
    IEEE Standards Association: IEEE Draft Standard for Ethernet Amendment 5: Physical Layer Specifications and Management Parameters for 10 Mb/s Operation and Associated Power Delivery over a Single Balanced Pair of Conductors (scheduled for fall 2019), p802.3cg (2019).
  22. 22.
    IEEE Standards Association: Timing and Synchronization for Time-Sensitive Applications in Bridged Local Area Networks, 802.1AS-2011 (2011).
  23. 23.
    AUTOSAR Foundation: SOME/IP protocol specification: release 1.1.0. document ID 696 (2017)Google Scholar
  24. 24.
    Object Management Group: Data Distribution Service (DDS): Version 1.4 (2015). 13 Sept 2019
  25. 25.
    AUTOSAR Foundation: AUTOSAR - AUTomotive Open System ARchitecture (2003). 13. Sept 2019
  26. 26.
    GENIVI Alliance: GENIVI open source platform (2009). 13 Sept 2019
  27. 27.
    Navet, N., Simonot-Lion, F.: Automotive Embedded Systems Handbook, 1st edn. CRC Press Inc., Boca Raton (2008)Google Scholar
  28. 28.
    Cisco Networking Academy: Connecting Networks Companion Guide, 1st edn. Cisco Press, Indianapolis (2014)Google Scholar
  29. 29.
    Cisco Systems: Campus LAN and Wireless LAN Design Guide (2018). 13 Sept 2019
  30. 30.
    Combs, G.: Wireshark (1998). 13 Sept 2019
  31. 31.
    Claise, B.: Cisco system NetFlow services export Version 9 (2004). 13 Sept 2019
  32. 32.
    Quittek, J.: Requirements for IP flow information export (IPFIX) (2004). 13 Sept 2019
  33. 33.
    Roesch, M.: Snort - lightweight intrusion detection for networks. In: LISA 1999: Proceedings of the 13th USENIX Conference on System Administration, vol. 132, p. 411. USENIX Association, Berkeley, CA, USA (1999)Google Scholar
  34. 34.
    Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)CrossRefGoogle Scholar
  35. 35.
    Daniel, B.: Cid: OSSEC - open source HIDS SECurity. 13 Sept 2019
  36. 36.
    Muter, M., Asaj, N.: Entropy-based anomaly detection for in-vehicle networks. In: IEEE Intelligent Vehicles Symposium (IV), 5–9 June 2011, Baden-Baden, Germany, pp. 1110–1115. IEEE, Piscataway, NJ (2011)Google Scholar
  37. 37.
    Stabili, D., Marchetti, M., Colajanni, M.: Detecting attacks to internal vehicle networks through Hamming distance. In: Infrastructures for Energy and ICT: Opportunities for Fostering Innovation, pp. 1–6. IEEE, Piscataway, NJ (2017)Google Scholar
  38. 38.
    Taylor, A., Japkowicz, N., Leblanc, S.: Frequency-based anomaly detection for the automotive CAN bus. In: 2015 World Congress on Industrial Control Systems Security (WCICSS), pp. 45–49. IEEE, Piscataway, NJ (2015)Google Scholar
  39. 39.
    Weber, M., Klug, S., Sax, E., Zimmer, B.: Embedded hybrid anomaly detection for automotive CAN communication. In: Proceedings of the 9th European Congress on Embedded Real Time Software and Systems, ERTS\(^2\) 2018, Toulouse, France, 31st January–2nd February 2018, pp. 1–10 (2018)Google Scholar
  40. 40.
    Cho, K.T., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection. In: 25th 5USENIX6 Security Symposium (5USENIX6 Security 16), pp. 911–927 (2016)Google Scholar
  41. 41.
    Cho, K.T., Shin, K.G.: Viden: attacker identification on in-vehicle networks. In: Thuraisingham, B. (ed.) CCS 2017, pp. 1109–1123. Association for Computing Machinery, New York, NY (2017)Google Scholar
  42. 42.
    Haga, T., Takahashi, R., Sasaki, T., Kishikawa, T., Tsurumi, J., Matsushima, H.: Automotive SIEM and anomaly detection using sand-sprinkled isolation forest. escar Europe (2017)Google Scholar
  43. 43.
    Grimm, D., Weber, M., Sax, E.: An extended hybrid anomaly detection system for automotive electronic control units communicating via ethernet efficient and effective analysis using a specification- and machine learning-based approach. In: Helfert, M., Gusikhin, O. (eds.) VEHITS 2018, vol. 2018-March. SCITEPRESS - Science and Technology Publications Lda, Setúbal, Portugal (2018)Google Scholar
  44. 44.
    Argus Cyber Security: Argus Solution Suites (2019). 13 Sept 2019
  45. 45.
    Arilou Technologies Ltd.: Solutions - Arilou. 13 Sept 2019
  46. 46.
    Berlin, O., Held, A., Matousek, M., Kargl, F.: POSTER: anomaly-based misbehaviour detection in connected car backends. In: IEEE Vehicular Networking Conference, VNC, pp. 1–2 (2017)Google Scholar
  47. 47.
    Collins, M.: Network Security Through Data Analysis: Building Situational Awareness, 1 Million Log Records at a Time. O’Reilly, Beijing (2014)Google Scholar
  48. 48.
    Sanders, C.: Applied Network Security Monitoring: Collection, Detection, and Analysis. Syngress an Imprint of Elsevier, Waltham (2014)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Institute for Information Processing Technologies, Karlsruhe Institute of TechnologyKarlsruheGermany

Personalised recommendations