Indicators of Compromise of Vehicular Systems

Examensarbete för masterexamen
Hadi Sultani, Mohammad
Han, Lu
Modern vehicles are no longer mere mechanical devices; they are equipped with plenty of sensors and Electronic Control Units (ECUs) for their primary functions such as powertrain and brake systems. Some legislation mandates the use of ECUs in the modern vehicles because the pure mechanical solutions such as legacy carburetors or hydraulic brake systems can neither comply with the safety and emission regulations nor achieve the consumers’ demands. The number of ECUs in most modern vehicles goes beyond one hundred. To achieve higher consumer satisfaction, vehicle manufacturers also implement plenty of built-in advanced entertainment and navigation systems which in most cases require an Internet connection. By connecting to the Internet, to other vehicles, and to infrastructures, as well as having hundred of millions of lines of code, vehicles have emerged as drivable computers. Similar to ordinary computers, modern vehicles are also exposed to different types of cyber-attacks which can cause safety issues for the driver, the passengers, and other properties. Nonetheless, there has been much research within this area; especially on Intrusion Detection Systems (IDS). However, there are still some issues with the IDSs, and the most significant one is the high rate of false alarms considering the massive number of vehicles deployed in the market. In this thesis project, we introduced many Indicators of Compromise (IOC) in vehicular systems. Indicators of Compromise are simple artifacts whose presence in a system is a sign of intrusion or infection by malicious software. The IOCs trigger if the legitimate behavior of the system is violated; thus can mitigate the number of false positives if implemented and deployed on the system. Also, we have defined a set of criteria and methodologies in order to conduct a qualitative evaluation of the IOCs in order to determine their quality. Additionally, we have identified where in the overall architecture of a vehicle an indicator would fit. We have also proposed a centralized IDS with logic for the central node to combine the IOCs that one of them might not achieve the desired degree of confidence for raising an alarm. As part of the research, we have studied previous work in the field as well as interviewed industry experts. From this point,
IDS, Intrusion, Detection, ECU, IOC
Arkitekt (konstruktör)
Geografisk plats
Byggnad (typ)
Teknik / material