Indicators of Compromise of Vehicular Systems
Typ
Examensarbete för masterexamen
Program
Publicerad
2019
Författare
Hadi Sultani, Mohammad
Han, Lu
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Modern vehicles are no longer mere mechanical devices; they are equipped with
plenty of sensors and Electronic Control Units (ECUs) for their primary functions
such as powertrain and brake systems. Some legislation mandates the use of ECUs
in the modern vehicles because the pure mechanical solutions such as legacy carburetors
or hydraulic brake systems can neither comply with the safety and emission
regulations nor achieve the consumers’ demands. The number of ECUs in most
modern vehicles goes beyond one hundred. To achieve higher consumer satisfaction,
vehicle manufacturers also implement plenty of built-in advanced entertainment and
navigation systems which in most cases require an Internet connection.
By connecting to the Internet, to other vehicles, and to infrastructures, as well
as having hundred of millions of lines of code, vehicles have emerged as drivable
computers. Similar to ordinary computers, modern vehicles are also exposed to
different types of cyber-attacks which can cause safety issues for the driver, the
passengers, and other properties.
Nonetheless, there has been much research within this area; especially on Intrusion
Detection Systems (IDS). However, there are still some issues with the IDSs, and the
most significant one is the high rate of false alarms considering the massive number
of vehicles deployed in the market.
In this thesis project, we introduced many Indicators of Compromise (IOC) in vehicular
systems. Indicators of Compromise are simple artifacts whose presence in a
system is a sign of intrusion or infection by malicious software. The IOCs trigger if
the legitimate behavior of the system is violated; thus can mitigate the number of
false positives if implemented and deployed on the system. Also, we have defined a
set of criteria and methodologies in order to conduct a qualitative evaluation of the
IOCs in order to determine their quality. Additionally, we have identified where in
the overall architecture of a vehicle an indicator would fit. We have also proposed
a centralized IDS with logic for the central node to combine the IOCs that one of
them might not achieve the desired degree of confidence for raising an alarm. As
part of the research, we have studied previous work in the field as well as interviewed
industry experts. From this point,
Beskrivning
Ämne/nyckelord
IDS , Intrusion , Detection , ECU , IOC