Intrusion Detection System: An Approach To Autonomous Vehicles

Transcription

March 2021 IJIRT Volume 7 Issue 10 ISSN: 2349-6002Intrusion Detection System: An Approach to AutonomousVehiclesRashmi B HExecutive Engineer, Elektrobit India Pvt. Ltd, Bangalore, Karnataka, IndiaAbstract - Due to advance in changing technology inmodern vehicular systems which consist of many sensors,electronic control units and actuators and with theadvent of Intra-Vehicular systems, whose task is tocontrol and monitor the state of the vehicle comprises ofa Complex vehicular system. In addition to this, modernvehicles are becoming a surface for Cyber-attacks,because it is being increasingly connected to V2X(Vehicle-to-Everything) Technologies. So, it is highlyrecommended to ensure vehicle safety and customertrust. To manage the above challenges, countermeasuresshould be taken to prepare a vehicle, in order to beprotective from Cyber-security threats and also areliable mechanism should be in place to detect thepossible intrusions entering the vehicle when it is inoperation, this mechanism or practice is known asIntrusion-Detection system (IDS). This paper provides astructured view of Intrusion detection system in intravehicle for passenger vehicles. This paper also providesan insight of some ongoing research challenges and somegaps in intra-vehicle systems.Index Terms - Vehicle-to-Everything (V2X), IntrusionDetection System (IDS), Cyber-attacks, CAN.I.INTRODUCTIONThe rapid increase in the new technologies by multiplecar production managers has made a revolutionaryimpact on modern connected vehicles. These rapidadvancements include new features such asAutomation features and vehicles getting connected tooutside world, in simple it could be termed as Vehicleto-Vehicle(V2V) and Vehicle-to-Infrastructure(V2I)communications. These communications enablesafety and co-operation among vehicles.The typical modern vehicle may comprise of severalnetwork components like Sensors, Electronic ControlUnits (ECU’s), actuators and many communicationrelated devices. Sensors basically helps in perceivingthe surrounding environment and to stimulate thedriver functions based on the surroundingIJIRT 150839environment. Next coming to ECU’s. These controlunits will be having many features and these featureswill be grouped into subnetworks and thesesubnetworks will be interconnected through manygateways. Basically, ECU’s communicate through adevice called as Controller Area Network (CAN). ThisCAN device acts as a Network protocol for in-vehiclecommunication.Many features of CAN like Low cost, reliable andsome fault tolerable property enables programmers orarchitects to use CAN as a standard measure for invehicle communication. Since CAN can be used as astandard measure for communication purposes, it ismore prone to Cyber-attacks. The major loophole inthis CAN protocol is that it lacks messageauthentication and broadcast transmission. An intruderwho wants to surface an attack on the vehicle, it canbe done easily by sending a message through CANafter having access to it. Since CAN does not have apolicy to authenticate the origin, Intruder can easilyperform an attack on the vehicle.Basically, vehicles are more prone to cyberattacks,because these vehicles are not designed keepingsecurity requirements in place. So, in order to avoidvehicles from being affected by Cyber-attacks, anencryption algorithms or access control mechanismsare incorporated in some modern connected vehicles.One such mechanism incorporated in recent vehicletechnology is Intrusion detection systems (IDS).Intrusion detection system provides certain securitymeasures and also will be able to detect certainpotential cyber threats affecting intra-vehicle system.This paper focuses on certain challenges and issues ofIntra-vehicle IDSs and also on the categories of intravehicle IDSs.II.INTRA-VEHICLE NETWORKSINTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY119

March 2021 IJIRT Volume 7 Issue 10 ISSN: 2349-6002Intra-Vehicle networks in vehicle communicationfacilitates data sharing and communication amongsensors, actuators and ECU’s, which enables theoperation among vehicles. There are five widely ation systems. Local Interconnection Network (LIN) CAN FlexRay Ethernet Media Oriented Systems Transport (MOST)Local interconnection Networks (LIN) have a lowfault tolerance capability and also has a lowerbandwidth compared to Ethernet, FlexRay and otherintra-vehicle communication systems, whereas otherintra-vehicle communication systems like FlexRay,Ethernet and CAN have higher bandwidth also theseare more reliable for bandwidth demandingapplications. FlexRay is widely used as Safety Radarsand ethernet and MOST are used in Infotainmentsystems. CAN is most widely used among all theabove Intra-vehicular communication system, as it isreliably low cost and has showcased acceptableperformance and highly fault tolerant.The major advantage of CAN is that it doesn’t requireany global synchronization to regulate the vehiclecommunication. This is possible because oftransmission nodes present inside CAN which triggerssending and receiving of messages with respect tocommunication of Vehicle. CAN uses Bus topologyand reception filter of each node present inside CANdecides upon which message needs to be sent tovehicle based on the ID.CAN allows the usage ofCarrier Sense multiple access with collision avoidanceprotocol (CSMA/CD) ,when multiple nodes wants totransmit the messages to vehicle.Figure 1: Standard CAN Frame FormatThe Figure 1 shows the Standard and Extended Frameformat of CAN. A CAN frame consists of seven fieldsas follows:IJIRT 150839 SOF (Start of Frame): This fields indicates thestart of the Transmission of all nodes.Arbitration Field: This field has 2 sub fieldsnames Identifier Field and RTR (RemoteTransmission Request) field. The Identifier fieldrepresents the ID of the message/Frame usedduring transmission process and RTR field will bedetermined according to the kind of CAN frame.Control Field: It has two reserved bits and fourData Length Code (DLC).Data Field: This field has the informationregarding the actual data being used or transferredto other nodes.CRC Field: This field is error detection andcorrection field which basically validates themessages. All the nodes verify the receivedmessages using this code.ACK Field: This field sends an acknowledgementwhen it receives a valid message or node.EOF (End of Frame): This field indicates the endof CAN frame format.III. INTRUSION DETECTION SYSTEMS(IDSs) forINTRA-VEHICLE NETWORKSThere are multiple mechanisms encountered againstCyber threats which may include few securitycountermeasures like Encryption algorithms andaccess control mechanisms in order to ensure vehiclesafety. These countermeasures would protect thevehicle from external cyber threats but will be havingvery limited capability towards protecting the vehiclefrom internal cyber-attacks. In order to provide vehiclesafety from both external and internal cyber-attacks, areactive countermeasure like IDSs (Intrusion detectionsystems) is being employed. Intrusion- Detectionsystems are categorized into 2 types namely: Knowledge based IDS Behavior/anomaly-based IDSKnowledge based IDS basically uses signatures orpatterns to compare the existing attacks with theknown attacks. This category of IDS triggers anintrusion or alarms an intrusion when there is a matchamong the existing/observed attack with the knownattacks. The Knowledge based IDS has a low falsepositive rate, since it only reacts to previously knownattacks( not able to recognize any new attack otherthan the known attack).One more challenge withINTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY120

March 2021 IJIRT Volume 7 Issue 10 ISSN: 2349-6002Knowledge based IDS is that the Signature databasemust be updated as and when the new attacks arose.Anomaly based intrusion detection system identifiesthe attack based on the significant behaviour of thesystem. If there is a significant deviation from thenormal behaviour of the system, then this category ofIDS employs an intrusion indicating maliciousbehaviour in the operation of the system. This categoryof IDS does not depend on any Signature or a patternfor an attack. Anomaly based detection systemrequires less memory compared to knowledge-basedintrusion detection system.IV. CATEGORIES OF INTRA-VEHICLE IDSsIntra-vehicle IDSs are categorized into 3 types namelyas shown in the Figure 2. Flow Based IDS Payload based IDS Hybrid based IDSFigure 2: Categories of IDSsFlow based IDS category of Intrusion-Detectionsystem monitors the internal network of a vehicle.Flow based IDS typically focuses on CAN bus andtries to extract certain features related to messageinterval and message transmission frequency from themessages being transmitted on the network. LaterFlow based IDS uses these features to identify thedistinguished or abnormal behaviour of the vehiclesystem from the normal behaviour. This type of IDSwill not verify the payload/information of themessages.Payload based IDS examine the payload(Content/Information) of the messages to identifyabnormal behaviour in the vehicle called Intrusions.Hybrid based IDS is a combination of the above 2categories of Intrusion detection systems. In this typeof IDS each ECU registers with other ECU’s bysending a frame of point called Domain-ActivationFrame. The registered ECU scans the CAN messagesand looks for the Forged messages which would havebeen sent by any malicious entity. The registeredECU’s will delete the forged messages before itIJIRT 150839triggers an Intrusion on vehicle. Later, again theRegistered ECU’s will start sending a DomainActivation-Frame.Intrusion detection system depends on certainobservations on data entities or data sets. FEATURES and FEATURE SELECTION-Eachand every intrusion detection system willmaintain a dataset, where-in this dataset consistsof certain instances and data records, these datarecords or instances will be in the form of certainevents, objects or processes. Each instance ofevents or objects is characterized by certain set offeatures. These instances of features will be ableto detect the intrusion among normal or theabnormal behavior of the system. The Featureselection could be based on two types of namelyPhysical Features and Cyber Features. Physicalfeatures of intrusion detection system describe thephysical state of the system, whereas Cyberfeatures describes the data or communicationaspects of the system. Feature selection can bedone manually and automatically too. Sometimesit would be a tedious task doing manually becauseit might require deep understanding of the data,and how that data could be used to solve theproblem of several intrusions, in such casesautomatic methods are taken up. DATASETS- An appropriate dataset is requiredin order to understand several scenarios ofintrusions. There are several types of datasetsnamely Real data and simulated data. Realdatasets refer to the type of data extracted fromtest vehicles, whereas simulated data refers to thetype of data obtained by simulation or byprototyping (not obtained by any particular/definite source). ATTACKS IN AUTONOMOUS VEHICLES Connected /autonomous vehicles are prone tolarge number of Cyber-attacks. Generally, theseattacks are classified as Passive and Activeattacks. Passive attacks would break the integrity/confidentiality of system’s security which couldlead to leakage of Information (Privacy Leakage).Active attacks could probably lead to the controlof certain primary functionality of the system byinsertion, deletion or modification of themessages. The following are some of the attackINTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY121

March 2021 IJIRT Volume 7 Issue 10 ISSN: 2349-60021.2.3.4.5.types which affect intra-vehicle communicationsystem.DENIAL OF SERVICE ATTACKS (DoS)Basically this attack in the name only suggeststhat, it disrupts the normal functionality ofservices. This could probably lead to theprevention of private or important informationrelated to safety warnings of vehicle. In CAN, itmight avoid the ECU from transmitting highpriority legitimate messages related to Vehiclesafety. An attacker with limited knowledge caneasily launch DoS attack on vehicles.REPLAY ATTACK (Message Injection)-In thistype of attack, an attacker gains an access to ECUand will be having complete control over it. Whenthe attacker is having complete control over ECU,he/she can inject fabricated message (maliciousmessages).MANIPULATION OF MESSAGES-This attackimplies that there is no integrity of the messages;it means that messages will be modified and evenmessages can be deleted. Attacker can easilymodify the content of the messages. The attackercan modify the content of the message which hasto reach CAN by different ECU’s. One of the subattacks under message manipulation is Deletionattack whereas entire message will be deletedfrom the buffer.MASQUERADE ATTACK- This attack isknown as Impersonation attack. For an instanceattacker tries to know the ID of the CAN bus andalso gets the information regarding ECU’stransmitting messages. If ECU A and ECU B areboth sending a message to CAN to establish acommunication, attacker might impersonate asECU by its ID and frequency and could send thecommunication details on behalf of A. Here,attacker is impersonated as ECU A.MALWARE ATTACK- Malwares can be in anyform like Viruses, worms and many more. Thisform of malwares can be injected into the systemsby exploiting the vulnerability of the system.These viruses and worms can be injected intoCAN or any particular system say for an instance,malwares to CAN will be activated, whenever aninfotainment system starts playing the music.ROLE OF IDSs IN SECURING AUTONOMOUSVEHICLES- The main role of IDS is to identify theIJIRT 150839generation of attacks using a file called Trace file,where it contains complete information regardingCAN communication signals. So these trace files willbe used as auditable file to know the generation andimpact of the attack too. IDSs also use datasets andfeatures and feature selection mechanism to identifythe attacks on connected vehicles. IDS has a taxonomyof process on CAN as shown in the Figure 3.Figure 3: IDS taxonomy for CANIDS can be deployed in possible locations of CANsuch as CAN, ECU’s and gateways. IDS evaluates thesensitivity and effectiveness of attacks occurring onCAN bus and thus reducing certain high impact ofthese attacks. Several results have suggested that IDSapproach is a practical approach in detecting maliciousattacks on CAN network.V. CONCLUSIONModern day autonomous vehicles are moresusceptible to various cyber-threats by eventuallyproviding access to attackers to control the vehicles.Though certain conventional mechanisms providesecurity against certain cyber-attacks, but usually notapplicable to intra-vehicle networks. IDSs represent anessential component of vehicle security. IDSs usesvarious criterions like Features, feature selection,Datasets, and certain performance metrics to analysethe impact of attack on CAN and to overcome theattack impact on CAN networks of vehicle systems.Using anomaly-based approach and signature-basedapproach of IDS, attacks can be detected based onpatterns or signatures or also content/payload.Intrusion detection system has become the mostholistic approach in providing security mechanisms toconnected vehicles. Certainly, every proposedmethodology will be having further researchdevelopments in order to overcome the existing flaws.INTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY122

March 2021 IJIRT Volume 7 Issue 10 ISSN: 2349-6002IDS can definitely examine the cyber features but failsto recognize the context of the data. This feature couldbe achieved by using ML-based approach, whichlooks like a promising candidate for intrusiondetection system.REFERENCE[1] S. Han, M. Xie, H. H. Chen, and Y. Ling, Intrusion detection in cyber physical systems:Techniques and challenges,'' IEEE Syst. J., vol. 8,no. 4, pp. 1052 1062, Dec. 2014.[2] Omar Y. Al-Jarrah, Carsten Maple, MehrdadDianati, David Oxtoby, And Alex Mouzakitis,“Intrusion-detection system for Intra-vehiclesystem: A review”, IEEE access, 2019, pg.2126621289.[3] Jonathan Petit and Steven E. Shladover,”Potential Cyber-attacks on automated vehicles”,IEEE Transactions on Intelligent TransportationSystem, 2014, p9 1-11.[4] Cybersecurity in Automotive, a white paper,Altran technologies.IJIRT 150839INTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY123

IDS employs an intrusion indicating malicious behaviour in the operation of the system. This category of IDS does not depend on any Signature or a pattern for an attack. of certain instances and data records, these data Anomaly based detection system requires less memory compared to knowledge-based intrusion detection system.