Host-based Intrusion Detection to enhance Cybersecurity of Real-time Automotive Systems

Abstract

Modern automotive industry develops technology advancing vehicles in direction of interconnectivity. Estimation forecast shows that by 2025, more than 470 million vehicles will be connected among each other, to Smart-Roads, Smart-Homes, etc. Due to external communication of a car to surrounding, the vehicle is under the exposure to potential attacks through those communication channels. The attack case from 2015. by C. Miller and C. Valasek shows what could happen if modern vehicles are not protected from external malicious/non-verified access. In order to detect an attack, an Intrusion Detection System (IDS) is used. However, the future attacks cannot be predicted, and thus IDS are run to detect anomalies in the system behavior. IDS can be separated into two main fields: Communication channels monitored by Network-based IDS and Control Units monitored by Host-based IDS. The scope of the Thesis is detecting anomalies of behavior of a Control Unit within the vehicle based on timing elements of its functions. The method proposed by this Thesis is called AutoSec - Host-based Intrusion Detection System. The goal of AutoSec is, in compliance with AUTOSAR standard, to reach high detection rate of Anomalies in the system, by keeping level of False Alarms close to zero.