검색 상세

Graph-based Attack Classification and Prevention for In-vehicle Network: Focused on Flooding Attack

  • Park, Sung Bum (박승범, 정보보호대학원 정보보호학과)

초록/요약

Modern vehicles are equipped with numerous electronic control units (ECUs) to provide various functions related to user safety and convenience. These ECUs communicate with each other through the controller area network (CAN) protocol, which is the de facto standard for in-vehicle networks. However, the CAN protocol does not provide any security functions, and as a result, cyber-attacks on ECUs have increased. Therefore, in order to secure the in-vehicle network, there is a need for technology that can detect, classify, and mitigate attacks targeting the CAN protocol. To address this issue, this thesis proposes an attack detection and classification technology for securing in-vehicle CAN using graph theory, which is referred to as “GIDCS”. The proposed G-IDCS system integrates a threshold-based intrusion detection system and a machine learning-based attack type classifier. After detecting and classifying attacks, there need for a mitigation method in order to secure the CAN protocol. Among the attacks that can be launched on the CAN protocol, a flooding attack is known to be the easiest to perform because it continuously broadcasts a large number of CAN messages to the in-vehicle CAN without any traffic analysis. However, existing prevention methods that prevent attacks against CAN protocol cannot effectively mitigate flooding attacks. This thesis proposes a flooding attack mitigation technology that effectively mitigates flooding attacks while minimizing adverse effects on normal ECUs. The proposed approach leverages the fault confinement of the CAN protocol to achieve efficient mitigation of flooding attacks. Thus, this thesis is a comprehensive study on attack detection, classification, and mitigation techniques for the CAN protocol.

more

목차

1 Introduction 1
1.1 Motivation 5
2 Preliminaries and related work 8
2.1 Preliminaries 8
2.1.1 CAN Protocol 8
2.1.2 Graph Theory 19
2.2 Related Works 23
2.2.1 Attack Surface to access CAN bus 23
2.2.2 Research on in-vehicle intrusion detection methods 25
2.2.3 Research on in-vehicle intrusion preventive methods 29
2.3 System model 32
2.3.1 System Model 32
2.3.2 Adversary Model 33
2.3.3 Attack Scenario 34
3 Graph-based Intrusion Detection and Classification System 38
3.1 Contributions 38
3.2 Overview 40
3.3 G-IDCS 41
3.3.1 Graph features 41
3.3.2 Classifier Configuration Module 46
3.3.3 Classification Module 49
3.4 Experimental results and evaluation 51
3.4.1 Dataset 51
3.4.2 Performance metrics 53
3.4.3 Threshold selection of TH classifier 54
3.4.4 Attack detection with TH classifier 55
3.4.5 Attack detection in different types of vehicles 60
3.4.6 Attack type classification with ML classifier 61
3.4.7 Time to detect attack and classify attack type 62
3.5 discussion 63
3.5.1 Comparison of frequency-based IDSs and G-IDCS 63
4 Flooding Attack Mitigator 65
4.1 Contribution 65
4.2 Flooding Attack Scenarios 66
4.2.1 Attack scenarios 66
4.2.2 flooding-simple 68
4.2.3 flooding-advanced 68
4.3 Flooding Attack Mitigator 69
4.3.1 Flooding attack mitigator concept 69
4.3.2 Flooding attack mitigator 71
4.4 Experiment and Evaluation 77
4.4.1 Experiments in the lab environment 77
4.4.2 Experiments in a real vehicle environment 85
4.5 Discussion and Limitations 91
4.5.1 Mitigator threshold 91
4.5.2 DoS attack suspending the ECU 92
4.5.3 Risk during mitigator’s process to block flooding-advanced attacker 92
4.5.4 Bus-off attack abusing the mitigator’s process 93
5 Conclusion 95
Reference 97
A The feature used in G-IDCS 107
A.1 Number of the consecutive minimum IFS 107
A.2 Max edge 109
A.3 Number of node 109
A.4 Density 111

more
반출 Meta View 목록