Intrusion and Anomaly Detection in Autonomous Vehicle Systems

Presented as part of the 2018 HCSS conference.

BIO

Sam Lauzon is a Sr. Engineer in Research at the University of Michigan Transportation Research Institute. His experience with vehicle cybersecurity, automotive software, system design, embedded electronics, and expertise in applied cybersecurity – as well as his leadership of the multi-million dollar Department of Homeland Security (DHS) S&T sponsored Uptane (https://uptane.org) project gives him a unique combination of hands-on expertise and an ability to rally the industry while creating a consensus about the implementation and use of new tools to further cybersecurity practice in the industry. He previously held a leading role in the development of automotive infotainment systems, specializing in vehicle interfaces, over-the-air update implementations and low level system support.

ABSTRACT

In today’s automotive research environment, considerable focus has been centered on achieving full and complete automation (i.e. SAE-Level 5), whereby all aspects of driving are completely under autonomous, computer control.

Additional efforts have been put into the research and development of new systems that will be added to complex, heterogeneous networks in order to identify anomalous behavior as a result of compromise or failure in one or more of the connected devices. These systems are being referred to as “IDS”, or Intrusion detection systems.

Currently, there are many types of anomaly and intrusion detection related technologies being investigated and tested. However, it is still not yet fully understood weather or not these technologies will be able to autonomously identify critical issues in such heterogeneous networks. As a result, The University of Michigan Transportation Research Institute (UMTRI) has been contracted by the National Highway Transportation Safety Administration (NHTSA), numerous vehicle manufacturers, and equipment suppliers to develop methods of testing and investigating the efficacy of these systems.

During our investigation over the last two years, we have found none of these systems have been developed to a sufficient degree of accuracy in which all true-positive and false-positive events are conclusively identified.

This research has led to the conclusion that a moderate failure or malicious attack occurring in a vehicle equipped with an intrusion detection system may or may not be positively identified, and thereby, mitigation procedures may not be confidently executed to prevent further compromise of the system. In fact, we have found that when mitigation procedures are deployed, an attacker may be able to use alternate techniques to create an attack vector using the mitigation system itself – having the intrusion detection system mitigate critical safety messages on behalf of the attacker.

These results have shown there may be extreme difficulty in an autonomous, heterogeneous system’s ability to self-identify complex issues pertaining to anomalous or malicious behavior, which leads to the concern relating to the safety and security implications of the use of such vehicles (or related systems) in a possibly hostile environment