The connectivity of autonomous vehicles induces new attack surfaces and thusthe demand for sophisticated cybersecurity management. Thus, it is important to ensure thatin-vehicle network monitoring includes the ability to accurately detect intrusive behavior andanalyze cyberattacks from vehicle data and vehicle logs in a privacy-friendly manner. For thispurpose, we describe and evaluate a method that utilizes characteristic functions and compareit with an approach based on artificial neural networks. Visual analysis of the respective eventstreams complements the evaluation. Although the characteristic functions method is an order ofmagnitude faster, the accuracy of the results obtained is at least comparable to those obtainedwith the artificial neural network. Thus, this method is an interesting option for implementation inin-vehicle embedded systems. An important aspect for the usage of the analysis methods within acybersecurity framework is the explainability of the detection results.
Most vehicles use the controller area network bus for communication between their components. Attackers who have already penetrated the in-vehicle network often utilize this bus in order to take control of safety-relevant components of the vehicle. Such targeted attack scenarios are often hard to detect by network intrusion detection systems because the specific payload is usually not contained within their training data sets. In this work, we describe an intrusion detection system that uses decision trees that have been modelled through genetic programming. We evaluate the advantages and disadvantages of this approach compared to artificial neural networks and rule-based approaches. For this, we model and simulate specific targeted attacks as well as several types of intrusions described in the literature. The results show that the genetic programming approach is well suited to identify intrusions with respect to complex relationships between sensor values which we consider important for the classification of specific targeted attacks. However, the system is less efficient for the classification of other types of attacks which are better identified by the alternative methods in our evaluation. Further research could thus consider hybrid approaches.
CCS CONCEPTS• Security and privacy → Intrusion detection systems; • Computing methodologies → Machine learning.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.