WIXLIB

March 2021 IJIRT Volume 7 Issue 10 ISSN: 2349-6002Intrusion Detection System: An Approach to AutonomousVehiclesRashmi B HExecutive Engineer, Elektrobit India Pvt. Ltd, Bangalore, Karnataka, IndiaAbstract - Due to advance in changing technology inmodern vehicular systems which consist of many sensors,electronic control units and actuators and with theadvent of Intra-Vehicular systems, whose task is tocontrol and monitor the state of the vehicle comprises ofa Complex vehicular system. In addition to this, modernvehicles are becoming a surface for Cyber-attacks,because it is being increasingly connected to V2X(Vehicle-to-Everything) Technologies. So, it is highlyrecommended to ensure vehicle safety and customertrust. To manage the above challenges, countermeasuresshould be taken to prepare a vehicle, in order to beprotective from Cyber-security threats and also areliable mechanism should be in place to detect thepossible intrusions entering the vehicle when it is inoperation, this mechanism or practice is known asIntrusion-Detection system (IDS). This paper provides astructured view of Intrusion detection system in intravehicle for passenger vehicles. This paper also providesan insight of some ongoing research challenges and somegaps in intra-vehicle systems.Index Terms - Vehicle-to-Everything (V2X), IntrusionDetection System (IDS), Cyber-attacks, CAN.I.INTRODUCTIONThe rapid increase in the new technologies by multiplecar production managers has made a revolutionaryimpact on modern connected vehicles. These rapidadvancements include new features such asAutomation features and vehicles getting connected tooutside world, in simple it could be termed as Vehicleto-Vehicle(V2V) and Vehicle-to-Infrastructure(V2I)communications. These communications enablesafety and co-operation among vehicles.The typical modern vehicle may comprise of severalnetwork components like Sensors, Electronic ControlUnits (ECU’s), actuators and many communicationrelated devices. Sensors basically helps in perceivingthe surrounding environment and to stimulate thedriver functions based on the surroundingIJIRT 150839environment. Next coming to ECU’s. These controlunits will be having many features and these featureswill be grouped into subnetworks and thesesubnetworks will be interconnected through manygateways. Basically, ECU’s communicate through adevice called as Controller Area Network (CAN). ThisCAN device acts as a Network protocol for in-vehiclecommunication.Many features of CAN like Low cost, reliable andsome fault tolerable property enables programmers orarchitects to use CAN as a standard measure for invehicle communication. Since CAN can be used as astandard measure for communication purposes, it ismore prone to Cyber-attacks. The major loophole inthis CAN protocol is that it lacks messageauthentication and broadcast transmission. An intruderwho wants to surface an attack on the vehicle, it canbe done easily by sending a message through CANafter having access to it. Since CAN does not have apolicy to authenticate the origin, Intruder can easilyperform an attack on the vehicle.Basically, vehicles are more prone to cyberattacks,because these vehicles are not designed keepingsecurity requirements in place. So, in order to avoidvehicles from being affected by Cyber-attacks, anencryption algorithms or access control mechanismsare incorporated in some modern connected vehicles.One such mechanism incorporated in recent vehicletechnology is Intrusion detection systems (IDS).Intrusion detection system provides certain securitymeasures and also will be able to detect certainpotential cyber threats affecting intra-vehicle system.This paper focuses on certain challenges and issues ofIntra-vehicle IDSs and also on the categories of intravehicle IDSs.II.INTRA-VEHICLE NETWORKSINTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY119

March 2021 IJIRT Volume 7 Issue 10 ISSN: 2349-6002Intra-Vehicle networks in vehicle communicationfacilitates data sharing and communication amongsensors, actuators and ECU’s, which enables theoperation among vehicles. There are five widely ation systems. Local Interconnection Network (LIN) CAN FlexRay Ethernet Media Oriented Systems Transport (MOST)Local interconnection Networks (LIN) have a lowfault tolerance capability and also has a lowerbandwidth compared to Ethernet, FlexRay and otherintra-vehicle communication systems, whereas otherintra-vehicle communication systems like FlexRay,Ethernet and CAN have higher bandwidth also theseare more reliable for bandwidth demandingapplications. FlexRay is widely used as Safety Radarsand ethernet and MOST are used in Infotainmentsystems. CAN is most widely used among all theabove Intra-vehicular communication system, as it isreliably low cost and has showcased acceptableperformance and highly fault tolerant.The major advantage of CAN is that it doesn’t requireany global synchronization to regulate the vehiclecommunication. This is possible because oftransmission nodes present inside CAN which triggerssending and receiving of messages with respect tocommunication of Vehicle. CAN uses Bus topologyand reception filter of each node present inside CANdecides upon which message needs to be sent tovehicle based on the ID.CAN allows the usage ofCarrier Sense multiple access with collision avoidanceprotocol (CSMA/CD) ,when multiple nodes wants totransmit the messages to vehicle.Figure 1: Standard CAN Frame FormatThe Figure 1 shows the Standard and Extended Frameformat of CAN. A CAN frame consists of seven fieldsas follows:IJIRT 150839 SOF (Start of Frame): This fields indicates thestart of the Transmission of all nodes.Arbitration Field: This field has 2 sub fieldsnames Identifier Field and RTR (RemoteTransmission Request) field. The Identifier fieldrepresents the ID of the message/Frame usedduring transmission process and RTR field will bedetermined according to the kind of CAN frame.Control Field: It has two reserved bits and fourData Length Code (DLC).Data Field: This field has the informationregarding the actual data being used or transferredto other nodes.CRC Field: This field is error detection andcorrection field which basically validates themessages. All the nodes verify the receivedmessages using this code.ACK Field: This field sends an acknowledgementwhen it receives a valid message or node.EOF (End of Frame): This field indicates the endof CAN frame format.III. INTRUSION DETECTION SYSTEMS(IDSs) forINTRA-VEHICLE NETWORKSThere are multiple mechanisms encountered againstCyber threats which may include few securitycountermeasures like Encryption algorithms andaccess control mechanisms in order to ensure vehiclesafety. These countermeasures would protect thevehicle from external cyber threats but will be havingvery limited capability towards protecting the vehiclefrom internal cyber-attacks. In order to provide vehiclesafety from both external and internal cyber-attacks, areactive countermeasure like IDSs (Intrusion detectionsystems) is being employed. Intrusion- Detectionsystems are categorized into 2 types namely: Knowledge based IDS Behavior/anomaly-based IDSKnowledge based IDS basically uses signatures orpatterns to compare the existing attacks with theknown attacks. This category of IDS triggers anintrusion or alarms an intrusion when there is a matchamong the existing/observed attack with the knownattacks. The Knowledge based IDS has a low falsepositive rate, since it only reacts to previously knownattacks( not able to recognize any new attack otherthan the known attack).One more challenge withINTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY120

March 2021 IJIRT Volume 7 Issue 10 ISSN: 2349-6002Knowledge based IDS is that the Signature databasemust be updated as and when the new attacks arose.Anomaly based intrusion detection system identifiesthe attack based on the significant behaviour of thesystem. If there is a significant deviation from thenormal behaviour of the system, then this category ofIDS employs an intrusion indicating maliciousbehaviour in the operation of the system. This categoryof IDS does not depend on any Signature or a patternfor an attack. Anomaly based detection systemrequires less memory compared to knowledge-basedintrusion detection system.IV. CATEGORIES OF INTRA-VEHICLE IDSsIntra-vehicle IDSs are categorized into 3 types namelyas shown in the Figure 2. Flow Based IDS Payload based IDS Hybrid based IDSFigure 2: Categories of IDSsFlow based IDS category of Intrusion-Detectionsystem monitors the internal network of a vehicle.Flow based IDS typically focuses on CAN bus andtries to extract certain features related to messageinterval and message transmission frequency from themessages being transmitted on the network. LaterFlow based IDS uses these features to identify thedistinguished or abnormal behaviour of the vehiclesystem from the normal behaviour. This type of IDSwill not verify the payload/information of themessages.Payload based IDS examine the payload(Content/Information) of the messages to identifyabnormal behaviour in the vehicle called Intrusions.Hybrid based IDS is a combination of the above 2categories of Intrusion detection systems. In this typeof IDS each ECU registers with other ECU’s bysending a frame of point called Domain-ActivationFrame. The registered ECU scans the CAN messagesand looks for the Forged messages which would havebeen sent by any malicious entity. The registeredECU’s will delete the forged messages before itIJIRT 150839triggers an Intrusion on vehicle. Later, again theRegistered ECU’s will start sending a DomainActivation-Frame.Intrusion detection system depends on certainobservations on data entities or data sets. FEATURES and FEATURE SELECTION-Eachand every intrusion detection system willmaintain a dataset, where-in this dataset consistsof certain instances and data records, these datarecords or instances will be in the form of certainevents, objects or processes. Each instance ofevents or objects is characterized by certain set offeatures. These instances of features will be ableto detect the intrusion among normal or theabnormal behavior of the system. The Featureselection could be based on two types of namelyPhysical Features and Cyber Features. Physicalfeatures of intrusion detection system describe thephysical state of the system, whereas Cyberfeatures describes the data or communicationaspects of the system. Feature selection can bedone manually and automatically too. Sometimesit would be a tedious task doing manually becauseit might require deep understanding of the data,and how that data could be used to solve theproblem of several intrusions, in such casesautomatic methods are taken up. DATASETS- An appropriate dataset is requiredin order to understand several scenarios ofintrusions. There are several types of datasetsnamely Real data and simulated data. Realdatasets refer to the type of data extracted fromtest vehicles, whereas simulated data refers to thetype of data obtained by simulation or byprototyping (not obtained by any particular/definite source). ATTACKS IN AUTONOMOUS VEHICLES Connected /autonomous vehicles are prone tolarge number of Cyber-attacks. Generally, theseattacks are classified as Passive and Activeattacks. Passive attacks would break the integrity/confidentiality of system’s security which couldlead to leakage of Information (Privacy Leakage).Active attacks could probably lead to the controlof certain primary functionality of the system byinsertion, deletion or modification of themessages. The following are some of the attackINTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY121