Research On Defense Technology For Internal Network Of Intelligent Connected Vehicles

Despite the advantage of providing a higher level of driving efficiency and experience,the new information and communication technologies(ICT)also expose the vehicles to the risks introduced by the Internet.With the in-depth integration of information science and the automobile industry,vehicles are moving towards the cross-integration of the humanvehicle-computer ternary world.The risks of security will also threaten the safety of people and vehicles.Different from cyber attacks on traditional information equipment,the adversaries can obtain the ability to control the movement of vehicles by intruding into the safety-critical in-vehicle network.Based on this,the cybercriminal groups or car hackers can launch vicious attacks or even terrorist attacks via the hacked vehicles,which seriously threaten national security and the order of social production and life.The Controller Area Network(CAN)plays a key role in the safety-critical in-vehicle network that ensures the safety of vehicles for both the new generation of ICVs and traditional vehicles since CAN is deterministic,predictable and low-cost communication protocols.Therefore,ensuring the security of the CAN network is of fundamental and overall significance,and effective measures must be taken to ensure that the safety-critical in-vehicle network can defend against cyber-attacks.Lacking the message authentication mechanism and broadcast nature make CAN vulnerable when under cyber attack.Limited bandwidth and small payload pose challenges for deploying security enhancement methods on CAN.This paper aims to study defense technology for CAN.Specifically,this paper studies intrusion detection approaches based on the signal characteristics of the physical layer to protect the safety-critical in-vehicle network,so as to ensure that the movement of the vehicle is not manipulated by the attacker.This paper first comprehensively surveys the research work related to the attack and defense of the internal communication network of the ICV to deeply analyzes the vulnerability of the safety-critical in-vehicle network when under attack as well as the advantages and disadvantages of the existing protection schemes.The research idea is then focused on intrusion detection methods based on the physical layer.Next,in view of the limited resources and real-time constraints of the safety-critical in-vehicle network,three intrusion detection methods are proposed based on domain knowledge and statistical analysis methods,to study and solve the challenge of technology,resources and cost when protecting the safety-critical in-vehicle network.The main contributions of this paper are as follows:1.A novel intrusion detection approach based on clock skew is proposed in this paper.We firstly design a novel clock skew estimation method,which takes one single frame as the object to compute the clock skew of sending ECU.This can avoid the effect on the clock skew estimation process introduced by the data on the bus.Next,the digital fingerprint is generated by extracting the statistical features from the time domain.The trained classifier is used for sender identification.Finally,an intrusion detection approach based on a dynamic threshold is exploited to detect attacks.The experimental results show that our method can accurately identify the attacker and detect the intrusion,with an average recognition rate of over 99.7% when the sampling accuracy is sufficient.When the performance of our system drops due to an insufficient sampling rate,the error rate can be reduced by using dynamic threshold approach.2.A bit-time-based intrusion detection approach(BTMonitor)is proposed in this paper.BTMonitor specifically designs how to extract signal characteristics of the physical layer based on bite time.It divides one single CAN frame into a string of dominant bits and a string of recessive bits,and then extracts more comprehensive features for representing the sending ECU by measuring them separately.Thus,the requirements for high sampling rates can be mitigated.Next,BTMonitor extracts statistical features for fingerprinting ECUs.It then detects intrusion and pinpointing the attacker based on a supervised learning algorithm.To evaluate our method,we implement the BTMonitor based on an FPGA and computer.The experiments are carried out on a real car and a CAN prototype.The results show that BTMonitor can correctly identify the sender with an average probability of 99.76% on the real vehicle.3.A model-based method for sourcing the sender and detecting intrusion is proposed in this paper.We design a novel method for intrusion detection by building a model based on clock skews of sending nodes.Our method extracts the required signal characteristics from one single CAN frame firstly.After data preprocessing,we build a linear model to pinpoint the sender and report an intrusion by explicitly defining the relationship between the signal characteristics and the transmitting ECU.In particular,our approach does not require the use of tagged data to train the classifier for intrusion detection,and can be applied to a proprietary CAN network lacking of prior information.Our approach can also establish a relationship between CAN frames and sending nodes for unknown CAN networks.In this paper,we implement the data collector by a programmable digital oscilloscope,and evaluate our method on a CAN prototype and two production vehicles.Experimental results show that our approach can sourcing the sender for detected CAN frames on the bus and detect masquerade attack without prior knowledge.