AbstractThe rise in data usage and connectivity in cars has led to concerns about their risk to cyber-attack. The Controller Area Network (CAN), used by all cars for communication between safety-critical and performance-critical components, has been shown to be particularly vulnerable. Cyber-attacks have been demonstrated on the CAN that would compromise the safety of passengers, damage the car, or cause it to malfunction. This thesis proposes and evaluates methods that might be used to detect the presence of an attack by monitoring the CAN traffic. The methods proposed detect attack-resultant anomalies in the CAN packet timings and packet data payloads. A one-class classification approach is adopted since the CAN attack detection solution would need to cope with constraints that make the gathering of sufficient labelled attack-data samples unlikely. These constraints are also discussed in the thesis. The test data is generated from models devised
from studying the published attacks, which are reviewed. The attack detection is evaluated over a range of suitable machine learning algorithms and training options. Processes for capturing and parsing the CAN data for the detection are also proposed and tested. The results show that some of the methods offer the potential for attack detection and deployment in an in-vehicle system. However, additional research would be required to reduce the number of false alarms they generate. Possible ways to achieve this are discussed. The contributions of this thesis include the proposal of the detection methods suitable for the automotive CAN and their systematic evaluation, the creation and evaluation of algorithms for processing the CAN data into structures suitable for anomaly detection, and the synthesis of demonstrated attacks into representative models suitable for test data.
|Date of Award||2020|
|Supervisor||Jeremy Bryans (Supervisor) & Siraj Shaikh (Supervisor)|