A Lightweight Intrusion Detection System for In-Vehicle Communication on CAN

Abstract

In-vehicle networks (IVNs) are being equipped with an increasing number of electronic control units (ECUs) with each new generation of vehicles. This increase in ECUs contributes to a larger attack surface. Due to the lack of security mechanisms in the Controller Area Network (CAN) protocol, the most widely used communication bus for IVNs today, any ECU that is compromised can in turn compromise other parts of the network. As the attack surfaces of vehicles increase, so does the need for secure communications in the internal network to reduce the impact of attacks. One commonly proposed solution is the installation of an Intrusion Detection System (IDS) to detect attacks on the CAN bus. In this thesis, we investigate if it is possible to implement a data-driven intrusion detection algorithm for IVNs on low end hardware. Furthermore, we investigate what optimizations need to be done to the IDS for it to be able to detect attacks in a realistic environment in real-time. Using the state-of-the-art detection algorithm casad, we test whether it is able to reliably detect online attacks in a realistic environment. Having chosen four categories of attacks based on previous work within the field, the IDS was tested against them. The results of this thesis show that it is possible to detect at least three of the four attacks. The IDS was implemented on two different test benches where the first was used to verify our implementation, and the second to compare and evaluate the optimizations of the algorithm. The optimizations were done to meet the real-time requirements.