Intrusion Detection Systems to Secure In-Vehicle Networks

Abstract

With recent advancements in the automotive world and the introduction of autonomous vehicles, more software-driven electrical components and wireless connectivity are being introduced to increase reliability and improve safety systems for modern vehicles. However, these advanced systems also bring new risks, particularly from the security perspective, as attack surfaces are expanding and new attacks are emerging. Automotive security has become a real and important issue. For modern vehicles, in-vehicle networks that connect Electronic Control Units (ECUs) have increasingly become targets of vehicle cyberattacks. Researchers have demonstrated that attackers can intentionally control a vehicle by gaining access to the in-vehicle network, posing security and safety risks for vehicles and passengers. Intrusion Detection Systems (IDSs) provide effective countermeasures for IT systems. However, they cannot be applied to automotive systems directly due to the challenges posed by real-time automotive systems. Some schemes for in-vehicle networks have limitations in detecting certain critical attacks, while others need to improve their efficiency to meet the challenges of real-time requirements. Existing CAN IDS designs based on anomaly detection usually follow two approaches: rule-based and machine learning-based. Generally, rule-based approaches are more efficient but lack abilities to detect certain types of attacks. It is difficult, if not impossible, to come up with a complete set of rules that can cover all abnormal behaviors. Machine learning-based approaches usually achieve relatively high detection accuracy but, at the same time, often involve high computational costs as well as a higher rate of false positives. Moreover, many existing schemes do not consider the real-time requirements of in-vehicle networks and the memory constraints of ECUs. In addition, their evaluations often rely on simulated data or data collected from only one or a few vehicles, given the lack of standard benchmark datasets in this domain. This dissertation aims to address the challenges mentioned above. We (1) investigate how existing IDS schemes work and understand their strengths and weaknesses, and conduct a detailed literate review and an empirical comparative study to provide a comprehensive understanding; (2) design a new hybrid approach for efficient and accurate intrusion detection. Specifically, we explore the combination of rule-based and machine learning-based approaches to build a two-stage IDS framework that inherits the advantages of both; (3) propose a novel IDS based on Binarized Neural Network (BNN) to accelerate intrusion detection with the consideration of real-time demand of in-vehicle networks. Furthermore, it can be further accelerated by hardware through Field-Programmable Grid Arrays (FPGAs); (4) present a new Binarized Convolutional Neural Network (BCNN)-based IDS to stick a balance between accuracy and acceleration. In particular, we design an input generator that helps machine learning models learn better for higher accuracy; (5) collect real Controller AreaNetwork (CAN) data from seven different vehicle models from different OEMs; and (6) evaluate the proposed schemes with real CAN data. Our research includes a comparative study to provide a comprehensive understanding of existing IDSs, the development of a novel hybrid IDS framework, the exploration of BNN and BCNN to design advanced IDSs suited for in-vehicle environments, the data collection from seven different real vehicles, and the evaluation of the IDSs we proposed. Results show that our research is promising, and the proposed schemes have the potential to improve vehicle security significantly. Overall, this dissertation develops novel IDSs to effectively and efficiently protect in-vehicle networks and meet the unique challenges posed by real-time requirements of in-vehicle networks. This research provides innovative solutions to enhance the security of in-vehicle networks, ensuring vehicle security in an increasingly connected and autonomous world.