Aya Fathy, Marc Ashraf, Mostafa Ashraf, Omar Attia, Prof. Abdel Nasser H. Zaied, Eng. Haytham Tarek, Eng. Mostafa Badr

Publishing Date

28th October, 2020


The automotive industry has been in rapid development which has introduced security vulnerabilities in the in-vehicle network such as Controller Area Network (CAN) buses. These vulnerabilities expose the vehicle to malicious physical and remote attacks. The CAN bus controls all the communications between the vehicle ECUs, such as exchanging parameters and the state of the vehicle. Despite its sensitive role, the CAN bus is the most compromised component in the In-vehicle network as it lacks any form of cryptography methods to ensure integrity and confidentiality of the vehicle’s data. We aim to design a deep learning-based Intrusion Detection System (IDS) compatible with the limitations of the embedded electronics hardware. The proposed model will be trained to detect malicious traffic in the CAN bus indicating security attacks targeting the vehicle, in real time. The IDS will be introduced to different attack classes and tested in real-life environments.

1.1 Background

The automotive industry has been in a rapid development spree, from switching to heavy usage of embedded electronics instead of operating on machinery modules, to adapting technology trends that connects vehicles with each other and with the outside world such as Fleet Management Software, Self-Driving Cars, Over The Air (OTA) automotive Updates services, Remote Vehicle Diagnostic System, V2V, V2X,C-V2X, In-vehicle Infotainment Systems (IVI), Remote Engine Start and Parking Guidance Systems. Such technologies are all innovative vehicular communication applications that require frequent and fast syncing between the ECUs’ applications by exchanging parameters that communicate the current state of the car modules and sensors [1][2]. The syncing and communication between the ECUs are enabled through communications protocols, such as CAN protocols; which is our concern in this contribution, FlexRay and Local Interconnect Network (LIN). CAN was designed for closed communications, meaning it lacks security mechanisms other than Cyclic Redundancy Check (CRC) for verifying the integrity against transmission errors. Involving the CAN bus with external communications outside the boundaries of the in-vehicle net-work has opened many unsecured entry points and subjected the CAN to critical vulnerabilities from both within the vehicle and from outside it. Several researches were conducted to suppress the security issues of the CAN protocol. One of the popular approaches is building artificial intelligence-based intrusion detection systems (IDSs) to detect a variety of attack classes targeting the CAN bus. [3] Sniffing attacks, Denial Of Service (DOS) attacks, Injection attacks, Replay attacks, and Fuzzing attacks are some of many popular CAN attacks. However, researchers are falling short of exploiting IDSs in real life due to two main obstacles: detection latency and high computational and memory costs of IDSs which restrain integrating them into the in-vehicle network. In the proposed system we are tackling the two previously mentioned obstacles to provide the automotive industry with a feasible solution that complements their vehicles.

1.2 Motivation

Academic Motivation:

CAN protocol has been impacted by the emerging of high-tech technologies, such as Autonomous Cars Vehicle Telematics systems. These technologies require remote communication channels to the vehicle’s network controlled via the CAN bus. Such channels open many security backdoors in the network as CAN does not provide security mechanisms by design. This major issue can be resolved by introducing Intrusion Detection Systems to the CAN bus. IDSs identify abnormal behavior in the CAN traffic, decide if this behavior indicates malicious activity and take suitable actions to suppress the potential danger targeting the vehicle. Our work is motivated by [19], they built an intelligent framework for anomaly detection based on anew modified One-Class Vector Machine and with a significantly optimal detection computation time and is applicable for vehicles. Anselmann, Strauss, Dormann and Ulmer [20] proposed a neural network based IDS called ’CANet’ that can be paired with the strengths of some rule based IDSs. The authors of [21] introduced a LSTM neural network based attack detection  model that addresses attack on CAN bus that alters the data frame contents with high accuracy and precision.

Business Motivation:

CAN is the most used communication protocol for in-vehicle network; hence performing immense modifications on the CAN protocol or completely transitioning to another protocol is economically and technically infeasible. Consequently, automotive manufacturers and vendors needs to adapt a practical solution to ensure the safety of their products and customers. The proposed system provides a robust, feasible IDS deployed on a micro-controller. The interested parties can test the deployed model in real environment by integrating it into their vehicles.

1.3 Problem Statement

Deep learning-based models require high memory and computational resources that cannot be handled by the In-Vehicle network resources. IDSs need to operate in real-time to provide robust and reliable protection. However, due to the limited computational power of embedded electronics of the In-Vehicle network; IDSs tend to have computational latency. Accordingly, deploying IDSs have been a crucial task researchers have been attempting to accomplish. Our concern is designing a deep learning-based Intrusion Detection System that overcomes the mentioned limitations. This is done by accelerating IDSs models to achieve optimal computational costs, as well as low false negatives and false positives rates.