Two-Step Algorithm to Detect Cyber-Attack Over the Can-Bus: A Preliminary Case Study in Connected Vehicles

Abstract

Modern vehicles are connected to the network and between each other through smart sensors and smart objects commonly present on board. This situation has allowed manufacturers to send over-the-air updates, receive diagnostic information, and offer various multimedia services. More generally, at present, all this is indicated by the term “Vehicle to Everything” (V2X), which indicates a system of communication between a vehicle and any entity that may influence the vehicle and vice versa. However, it introduces problems regarding the vehicle’s IT security. It is possible, for example, by tampering with one of the electronic control units (ECUs) to take partial or total control of the vehicle. In this paper, we introduce a preliminary study case of a probabilistic approach in an intrusion detection system over the CAN-bus to guarantee cybersecurity inside connected vehicles. In particular, through the use of an innovative two-step detection algorithm that exploits both the variation of the status parameters of the various ECUs over time and the Bayesian networks can identify a possible attack. Starting from a domain analysis is possible to find out what are the parameters of interests and how these are related to each other. The first experimental results seem encouraging.