A Concept for an Intrusion Detection System over Automotive Ethernet

Abstract: A modern automotive vehicle is a complex technical system, containing many electronic, mechanical, and software parts. Typically, a high-end vehicle contains 70 or more electronic control units (ECUs) on average. These are controlling a large number of distributed functions, of which many are safety-critical, and adding complexity, which is surpassing 100 million lines of code. Furthermore, the communication link in the automotive architecture is also being upgraded from the traditional controller area network (CAN) bus to Automotive Ethernet, in order to enable higher communication bandwidth and handle the increasing complexity. However, introducing Ethernet opens up for new attacks and loopholes to be exploited by hackers. Attacks on ECUs are even more dangerous than web attacks, as these involve the safety of the persons inside the vehicle. To secure the in-vehicle communication the automotive industry needs to look into traditional cybersecurity protection techniques from an automotive perspective. One security solution gaining more and more attention regarding in-vehicle security is the concept of an intrusion detection system (IDS).In this thesis, we propose a concept for a host-based IDS relying on two different detection methods. We suggest a combination of specification-based, focusing on message sequencing and allowed elapsed time in between a request and its respective response, and anomaly-based detection, evaluating the frequency, payload length and timeout for request-response pairs. To evaluate our IDS we execute five different attack scenarios, where we calculate binary classification metrics and measure its classification speed. Our evaluation shows that the proposed IDS successfully detects malicious events such as delay, packet injection, exhaustion and two different flooding attacks. Based on our experience designing an in-vehicle IDS, we describe potential difficulties, limitations and future improvements that engineers can use to implement or improve their adaptation of an in-vehicle IDS system. We believe the results of this master’s thesis can be applied in more advanced research, especially in the field of IDS for in-vehicle networks, and can hopefully contribute to a safer driving experience.