Automobile Intrusion Detection Jun Li Twitter @bravo_fighter - - PowerPoint PPT Presentation

automobile intrusion detection
SMART_READER_LITE
LIVE PREVIEW

Automobile Intrusion Detection Jun Li Twitter @bravo_fighter - - PowerPoint PPT Presentation

Nov 25, 2022 289 likes •930 views

Automobile Intrusion Detection Jun Li Twitter @bravo_fighter UnicornTeam Qihoo360 2 What this talk is about? Automotive intrusion detection Automotive cyber-security architecture From the highest viewpoint J 3 Outline Quick

slide-1
SLIDE 1

Jun Li

Twitter:@bravo_fighter

UnicornTeam

Qihoo360

Automobile Intrusion Detection

slide-2
SLIDE 2

2

What this talk is about? Automotive intrusion detection Automotive cyber-security architecture

slide-3
SLIDE 3

3

From the highest viewpointJ

slide-4
SLIDE 4

Outline

  • Quick recap of the status quo of

car security research

  • Little automobile working principle
  • CAN bus anomaly detection
slide-5
SLIDE 5

Performance Tuning by modifying firmware Immobilizer Cracking (Hitag, Keeloq) DARPA&UW OBD interface attack,etc. Karl et al. Remote attack via wireless OBD interface Telsa Qihoo360

BMW

ConnectedDrive

vuln

Mbrace

Jeep Uconnect Charlie&Chris

GM Onstar Vuln,Sammy More to come ? Sure!

Car hacking development

slide-6
SLIDE 6

Car explained

slide-7
SLIDE 7

Sensor security

slide-8
SLIDE 8

In automotive electronics, Electronic Control Unit (ECU) is a generic term for any secret system that controls one or more of the electrical system or subsystems in a transport vehicle Types of ECU include Electronic/engine Control Module (ECM), Powertrain Control Module (PCM), Transmission Control Module (TCM), Brake Control Module (BCM or EBCM), Central Control Module (CCM), Central Timing Module (CTM), General Electronic Module (GEM), Body Control Module (BCM), Suspension Control Module (SCM), control unit, or control module

ECU (Electronic Control Unit)

slide-9
SLIDE 9

Electronic Control Module Example

9

slide-10
SLIDE 10

Automotive Mechatronics

10

slide-11
SLIDE 11

Non-hackable hackable

11

Throttle position sensor

Drive-by-wire system

slide-12
SLIDE 12

12

Steering-by-wire system

Universal joint Steer-by –wire (with mechanical fallback clutch)

slide-13
SLIDE 13

Automotive Control System Architecture

slide-14
SLIDE 14

Vehicle CAN BUS System

slide-15
SLIDE 15

Vehicle Communication System

OBDII

MOST LIN CAN FlexRay Bluetooth Wifi SubGHz Infotainment System

slide-16
SLIDE 16

ESP TCU ACC

ESP(electronic stability program) TCU(transmission control unit) ACC(adaptive cruise control)

… CAN-C 网关 Speedometer CAN-B Infotainment System

Music Player

INS(Inertial navigation system)

INS EMU

EMU(engine management

system)

Seat Controller

Vehicle Communication System example

slide-17
SLIDE 17

CAN BUS Signaling

slide-18
SLIDE 18

CAN Frame Structure

slide-19
SLIDE 19

0 dominant 1 recessive 1 1 1 1 1 1 1 1 0 1 1 1 0 0 0 0 0 0

CAN Bus Access Arbitration

slide-20
SLIDE 20

Packets injection Parameter spoofing

CAN BUS Attack

slide-21
SLIDE 21

Jeep Uconnect Vulnerability

WiFi femotocell Sprint Internet CAN

Remote Attack Example

slide-22
SLIDE 22
slide-23
SLIDE 23
slide-24
SLIDE 24

Automotive intrusion detection researches

slide-25
SLIDE 25

Automotive intrusion detection researches

Not considering Temporal feature

slide-26
SLIDE 26
slide-27
SLIDE 27

Distributed architecture

slide-28
SLIDE 28

CAN总线安全防御模型 IDS IDS(Intrusion Detection System)

slide-29
SLIDE 29

① Real time requirements ② Hard to trace back to sender ③ High cost of false positive ④ …

Difficulties of CAN bus defence

slide-30
SLIDE 30

CAN Anomaly Detection

McAfee&Intel

slide-31
SLIDE 31

CAN bus defence

IDS

slide-32
SLIDE 32

CAN security architecture

Bluetooth WiFi Cellular V2X IDS

slide-33
SLIDE 33

Experiment Car

  • Cellular Connection
  • Cloud Service
  • Bluetooth Key
  • Hybrid
  • Electronic Brake
  • Electric Power

Steering

  • Electronic Throttle
slide-34
SLIDE 34

Experiment car’s CAN network

slide-35
SLIDE 35

The CAN database

slide-36
SLIDE 36

Why don’t we build a model Take the relation ship of rpm and speed , gear for example,we can create a model of the System‘s behavior

slide-37
SLIDE 37

汽车工作原理

slide-38
SLIDE 38

Anomaly detection system

Realtime data stream Cross Prediction Parameter extraction

slide-39
SLIDE 39

System model requirements

Gear

slide-40
SLIDE 40

Build the system model

Data Collection Data preprocess Data analysis Feature Selection

Model Training &Testing

slide-41
SLIDE 41

Data Acquisition

Parameter presence on different BUS

Parameter Speed Engine RPM Acceleration Pedal Intake Pressure Brake Pedal Steering Wheel Gear

BUS

Instrument

  • x

x

  • Comfort
  • x

x

  • x

x

Power

  • x

x

ECM

  • x
  • ESC
  • x
slide-42
SLIDE 42

Data Acquisition Setup

slide-43
SLIDE 43

Data Analysis

Can database is kept highly confidential

slide-44
SLIDE 44

Data Preprocess

slide-45
SLIDE 45

Data Preprocess

Interpolation Sampling Normalization

slide-46
SLIDE 46

Normalization Must make sure the maximum and minimum value,don’t calculate from the training data

slide-47
SLIDE 47

数据插值

Observation Interpolation

slide-48
SLIDE 48

Sub-Sampling

slide-49
SLIDE 49

Sub-Sampling

Time_ ms RPM Speed MAP MAF AccPeda l Throttle 13897 3 0.287983 8 0.134259 2 0.059055 1 0.167567 5 0.697107 0.137795 2 13897 4 0.287312 5 0.134259 2 0.055118 1 0.167567 5 0.697107 0.137795 2 13897 5 0.287312 5 0.134259 2 0.051181 1 0.167567 5 0.697107 0.137795 2 13897 6 0.285970 0.134259 2 0.047244 0.167567 5 0.697107 0.137795 2 13897 7 0.285970 0.134259 0.051181 1 0.167567 5 0.697107 0.137795 2

slide-50
SLIDE 50

Sub-Sampling

slide-51
SLIDE 51

Model training

slide-52
SLIDE 52

Model training

slide-53
SLIDE 53

Results

slide-54
SLIDE 54

Result

slide-55
SLIDE 55

Model testing

slide-56
SLIDE 56

Model testing

slide-57
SLIDE 57

Acknowledgement Professor Shuicheng Yan Doctor Ming Lin Doctor Zhanyi Wang Doctor Lin Huang

slide-58
SLIDE 58

Thank You! Q&A

slide-59
SLIDE 59

Reference

slide-60
SLIDE 60
  • 1. Karl Koscher, Alexei Czeskis, Experimental Security Analysis of a Modern

Automobile, 2010

  • 2. Stephen Checkoway,Damon McCoy,Brian Kantor, Comprehensive Experimental

Analyses of Automotive Attack Surfaces,2011.

  • 3. Charlie Miller,Chris Valasek,Adventures in Automotive Networks and Control

Units,2013.

  • 4. Charlie Miller,Chris Valasek,Remote Exploitation of an Unaltered Passenger

Vehicle,2015

  • 5. Dieter Spaar,Sicherheitslücken bei BMWs ConnectedDrive/ Beemer, Open

Thyself! – Security vulnerabilities in BMW's ConnectedDrive,2015.

  • 6. Iamthecarvalry.org , Five Star Automotive Cyber Safety Framework,2015.
  • 7. Pierre Kleberger,Security Aspects of the In-Vehicle Network in the Connected

Car,IEEE Intelligent Vehicles Symposium,2011

  • 8. Marc Rogers,Kevin Mahaffey,How to Hack a Tesla Model S,DEF CON

23,2015

  • 9. Charlie Miller Chris Valasek,Advanced CAN Injection Techniques for Vehicle

Networks,BlackhatUSA,2016

  • 10. Kyong-Tak Cho and Kang G. Shin, Fingerprinting Electronic Control Units for

Vehicle Intrusion Detection, 2016

slide-61
SLIDE 61
  • 11. Nobuyasu Kanekawa,X-by-Wire Systems,Hitachi Research Lab.2011
  • 12. Paul Yih, Steer-by-Wire: Implication For Vehicle Handling and Safety,Stanford

PHD Dissertation,2005

  • 13. Luigi Coppolion,Dependability aspects of automotive x-by-wire technologies,

2008.

  • 14. Jonas Zaddach,Andrei Costin,Embedded Devices Security and Firmware Reverse

Engineering,Blackhat Workshop,2013.

  • 15. Andrei costin,Jonas Zaddach,A large-Scale Analysis of the Security of

Embedded Firmwares,EURECOM,2014.

  • 16. Samy Kamkar,Drive It Like You hacked It,DEF CON23,2015
  • 17. David A Brown, Geoffrey Cooper, Automotive Security Best Practices, White

Paper by Intel & McAfee,2014.

  • 18. OpenGarages, Car Hacker’s Handbook,openGarage.org,2014.
  • 19. Henning Olsson, OptimumG,Vehicle Data Acquisition Using CAN,2010
  • 20. Varun Chandola,Arindam Banerjee,Vipin Kumar,Anomaly Detection :A

Survey,2009

slide-62
SLIDE 62
  • 21. Park, Ming Kuang, Neural learning of driving environment prediction for vehicle

power management, Joint Conf. on Neural Networks, 2008.

  • 22. Taylor, P., Adamu-Fika, F., Anand, S., Dunoyer, A., Griffiths, N., and Popham, T.

Road type classification through data mining,2012.

  • 23. Michael Muter, Naim Asaj,Entropy-based anomaly detection for in-vehicle

networks", IEEE Intelligent Vehicles Symposium (IV), 2011.

  • 24. Ulf E. Larson, Dennis K. Nilsson,An Approach to Specification-based Attack

Detection for In-Vehicle Networks, IEEE Intelligent Vehicles Symposium,2008.

  • 25. Y. L. Murphey, Zhi Hang Chen, L. Kiliaris, Jungme ,I. Tang and T. P. Breckon,

Automatic road environment classication, IEEE Trans. on Intelligent Transportation Systems, 2011.

  • 26. Salima Omar, Asri Ngadi, Hamid H.Jebur, Machine Learning Techniques for

Anomaly Detection: An Overview.

  • 27. Perter Harrington,Machine Learning In Action,2013.
  • 28. Jurgen Schmidhuber, Deep learning in neural networks: An overview, 2015.
  • 29. Kaiserslautern,Comparison of Unsupervised Anomaly Detection Techniques,

German Research Center for Artificial Intelligence, 2011

slide-63
SLIDE 63
  • 30. Sepp Hochreiter, Jurgen Schmidhuber, Long short-term memory,Neural

computation, 1997.

  • 31. Michael Husken, Peter Stagge,Recurrent neural networks for time series

classifcation, Neurocomputing, 2003.

  • 32. Felix A Gers, Jurgen Schmidhuber, Fred Cummins, Learning to forget:Continual

prediction with LSTM, Neural computation, 2000.

  • 33. David E Rumelhart, Geo_rey E Hinton, and Ronald J Williams.,Learning

internal representations by error propagation,1985.

  • 34. Christopher M Bishop,Pattern recognition and machine learning, springer, 2006.
  • 35. Simon Haykin and Neural Network. A comprehensive foundation. Neural

Networks, 2004.

  • 36. Eleazar Eskin,Andrew Arnold,Michael Prerau, A Geometric Framework for

Unsupervised Anomaly Detection-Detecting Intrusions in Unlabeled Data tection-Detecting Intrusions in Unlabeled Data,2002.

  • 37. Kingsly Leung, Christopher Leckie, Unsupervised Anomaly Detection in

Network Intrusion Detection Using Clusters, 2005