Research And Implementation Of Intrusion Detection System For Connected Vehicle

With the rapid development of the Internet of Vehicle and unmanned technology,car will no longer be an isolated embedded system,but an integrated information network hub which will be connected with other cars,connected with person,connected with roadside unit.However,the openness of Internet will bring traditional network security problems to cars.In the CAN bus networks that are used in most vehicular critical systems,effective security measures that can detect and defense security threats from the Internet are still inadequate.Therefore,it is particularly important to increase security means for the CAN bus network in the car,and it is also one of the research focuses in the field of automobile.In the field of security,intrusion detection technology is an important method to solve the problem of information security.In this thesis,the attack methods and attack characteristics of CAN bus network are studied,and a complete intrusion detection system is designed and implemented to cover all these attack characteristics.This thesis focused on the research and implementation of intrusion detection system for connected vehicle and carried out the following work:(1)This thesis studied the security problem of CAN bus,mainly analyzed the vulnerability of CAN bus,summarized the common attack methods of CAN bus and the existing security solutions.This thesis studied and summarized the characteristics of CAN bus attacks,an intrusion detection engine is designed for these attack characteristics.In the intrusion detection engine,we designed access control module,security isolation and protocol conversion module,state-transition based intrusion detection module,rule based intrusion detection module and the load rate monitor module.These modules can cover the detection of all those attack characteristics.(2)This thesis studied the CAN communication matrix,and designed two intrusion detection rules based on the analysis of the communication matrix,which can effectively describe the CAN message and the threat information.The two rules are byte level rules and bit level rules.The byte level rules are binary formats,with the advantage of high efficiency in transmission and parsing,and the disadvantage of weak description ability.The bit level rules are text formats,and the advantages and disadvantages are contrary to the byte level rules.(3)A complete intrusion detection system based on CAN bus network is designed and implemented,including data acquisition module,data preprocessing module,intrusion detection engine,record and alarm module,rule updating module.Finally,the intrusion detection system is verified and tested.The experimental results show that the intrusion detection system provided in the thesis can effectively detect the attack characteristics of CAN bus.