Research On Connected Vehicle Cyber Security And Anomaly Detection Technology For In-vehicle CAN Bus

The Internet tide has an unprecedented influence on the automobile industry, making autos more and more frequently in information exchange with the outside through network connection. Information applications such as Internet of Vehicles, intelligent transportation system and cloud service are promoting auto development in terms of intelligence and networking. But connected vehicle are more than connected to Internet, specifically referring to multi-network integration including vehicle-Internet interconnection, vehicle-vehicle interconnection, interconnection between vehicles and intelligent transportation facilities, and In-vehicle bus network communications.Thanks to the multi-network integration, connected vehicle have more function of information and abundant application. These functions and applications increase the external access to the vehicle, the resulting access interface will also become a malicious attack access portal, the cyber security risk index increased. In recent years, the automotive security incidents and connected vehicle cyber security faces great challenges, research on connected vehicle cyber security issues has important significance. At the same time, In-vehicle control and information system is a complex network system, In-vehicle network bear the information interaction between key electronic control units, In-vehicle gateway connects not only the In-vehicle bus, but the outside network. Therefore, connected vehicle cyber security requires not only defense security threats from the outside, and In-vehicle bus network security problems need to be solved, especially the In-vehicle CAN bus cyber security issues.CAN bus is the most widely used technology for In-vehicle bus network, CAN bus is mainly used to control system and designed for the control system needs, it is lack of cyber security mechanisms and instruments. As the problem of cyber security in vehicle, attacker participates In-vehicle CAN bus which connects to key control units by using external access interface and sends malicious attack messages to interfere vehicle’s working condition, this action seriously endanger personal and property safety, and privacy security of vehicle drivers, passengers and traffic participants. So, the cyber security of In-vehicle CAN bus is one of the most important issues of connected vehicle cyber security, and research on In-vehicle CAN bus cyber security has important theoretical and practical significance.For now, many researches have implemented on CAN bus using encryption, identity authentication, message authentication and any other security defense mechanism to keep the cyber security of CAN bus. However, due to the constraint of the protocol characteristics of the In-vehicle CAN bus and the In-vehicle implementation environment, it is quite difficulty to apply encryption and authentication to In-vehicle CAN bus. Due to the fact that anomaly detection guarantees the system security by making judgments on suspicious attacks and alerting, making up for the deficiencies of authentication, encryption and other traditional defensive technologies, so it is necessary to find the appropriate anomaly detection technology for In-vehicle CAN bus.This dissertation makes the cyber security of connected vehicle as a starting point, and the information security threats to connected vehicle was detailed analysis. Meanwhile, this dissertation deeply analyzes and discusses the cyber security of In-vehicle CAN bus, and the feasibility of the current security measures in the vehicle bus environment. Otherwise, according to the characteristics of In-vehicle CAN bus, two kinds of In-vehicle CAN bus anomaly detection methods are proposed. The main contents and research work of this dissertation are as follows:(1) The domestic and international development present condition of connected vehiclecyber security are reviewed in this dissertation, and the In-vehicle CAN bus cybersecurity research status are summarized.(2) The external access interface of connected vehicle was classified according to theconnection of the attacker can be carried out. The access control, attack technique andpotential threats were detailed analysis. Based on the In-vehicle bus network, thisdissertation analyzed the current potential security threats, and the protectionmechanism of security threaten was proposed.(3) It further analyses In-vehicle CAN bus security issues. According to thecharacteristics of In-vehicle CAN bus, the CAN protocol security threats andavailability of current In-vehicle CAN bus security mechanism were discussed andanalyzed.(4) The In-vehicle CAN bus anomaly detection method based on information entropy isproposed. The method calculates the information entropy of In-vehicle CAN bus,through probability distribution of CAN message with different identifier. CAN busnetwork information entropy in a normal state as a baseline for anomaly detection,and gives the detection threshold value by reducing the time of the attack window.Theoretical analysis and experimental results show that the proposed method can beused to detect the flooding and replay attack of In-vehicle CAN bus.(5) The In-vehicle CAN bus message data anomaly detection method based on decisiontree is proposed. Combined with the CART decision tree model and thecharacteristics of CAN message data, the appropriate decision tree model of anomalydetection method for In-vehicle CAN bus is proposed. The pretreatment of CANmessage data solve the problems of complex data types, sparse, lack of abnormalsample. In order to show the anomaly location, the threshold value judgments areused. The experimental results show that the detection accuracy of the proposed method is 98.3%.