Cyber-Physical attacks impact the physical domain by manipulating the cyber domain and vice versa. Checking only cyber properties like CAN message frequency might miss important attack vectors like manipulations of the control system. Examples are chip-tuning and power-boxing. IDS needs to target attack on the physical part. We solve this by comparing actual behavior of the CPS to a data-driven reference model, thus, enabling misbehavior detection.

1. Armin Wasicek
University of California, Berkeley
Technical University Vienna, Austria
MT-CPS Workshop
April 11, 2016
Context-aware Automotive Intrusion
Detection using Reference Models

2. 2015 Automotive Security Incidents
Armin Wasicek 2
► 2015 has been a break-through year for automotive security

3. What is Intrusion Detection?
Gathers and analyzes
information
• Identifies potential
security breaches
– Intrusions
– Misuse/Fraud
► Reports to users
3
System
Perimeter
Users
Sensor
IDS
Armin Wasicek

4. Manipulation and Fault tolerance
4
• Partition system in safe
and unsafe state
• Manipulations are subtle
• Maximizing damage is not
always an attack goal
• Stay within safe states,
but modified behavior
• Gain manipulated service
Armin Wasicek
NTHSA: Misbehavior Detection [DOT HS 812 014]
Development of the processes, algorithms, reporting requirements, and
data requirements for both local and global detection functions;

5. Types of IDS
• Knowledge-based IDS
– Patterns/Signatures of malicious activities
– Low false positive rate, needs frequent updates
• Heuristic-based IDS
– Look for abnormal behavior, e.g., higher entropy
– Detect new attack patterns
• Context-aware IDS
– Compare to reference model, include semantics
– Check against specifications and regulations
5Armin Wasicek
IDS
S

6. Automotive System Architecture
Armin Wasicek 6
ECU
Switch
Backbone
Cloud
Eth
GW
• Host-based IDS monitors ECU
– CPU & memory usage, syscalls, # processes, …
• Network IDS monitors communication
– Message frequency, patterns, entropy, …
Over-the-air Updates
Environmental info.
Malicious
devices
Board
computer
External
communication
On-board
networks
Segregation
Traditional IDS
are not
designed to
detect cyber-
physical attacks

7. Chip tuning
Modify control algorithm parameters in ECU
• Parameters are stored in a table in flash memory
• Reprogram ECU with new values
– Debug interface, 3rd party device
► Messages emitted by ECU seem original!
7Armin Wasicek

8. Power boxing
Modify commands to ECU
• Replace the ECU in the communication system
• Insert device between the ECU and actuators
► Communication pattern does not change!
8
Improves low end
torque. Plug-in
installation in less
than 30 minutes.
Armin Wasicek

9. Cyber-Physical Attacks
Cyber-Physical attacks impact the physical domain
by manipulating the cyber domain and vice versa.
• Checking only cyber properties like CAN message
frequency might miss important attack vectors
• IDS needs to target attack on the physical part
► Compare actual behavior to reference model
enabling misbehavior detection
Armin Wasicek 9

10. ECU
Switch
Backbone
GW
Context-aware, automotive IDS
Armin Wasicek 10
Cloud
• Integrate firewall, authentication, and detection
• Fuse information from diverse sources
• Use semantics of control msg to reason about manipulation
Threat defense
Over-the-air Updates
Detect misbehavior
Chip
Tuning
Wheel speed
RPM, torque
Road conditions
IDS

11. Feature Extraction
Convert a time series to a feature vector
Processing pipeline works on a time slice
► Compute feature vector storing the relations
between process variables
11Armin Wasicek

12. Frame as a one-class classification problem
Bottleneck ANN:
• Hidden layer generalizes
ratio between features
• Stores the typical behavior of an engine
• Trained using same vector for input X, output Y
• Anomaly score is error between input and output
Artificial Neural Networks
12Armin Wasicek

13. Intrusion Detection Layer
Compares current to reference behavior
• Monitor converts data to potential manipulations
• Detector uses context and state info to reduce FP
► Deep Learning approach could extend to Detector
13Armin Wasicek

14. Evaluation: Simulation
• Racing car simulation TORCS (Peugeot 406)
14Armin Wasicek

15. Evaluation: Car data
Data points
0 5 10 15 20 25 30 35 40 45 50 55
Min/maxvalues
0
5
10
15
20
25
30
35
40
45
original
modified
Armin Wasicek 15
Vehicle speed Calculated load value
Engine RPM Absolute throttle position
Fuel rate O2 sensor lambda wide range
Fuel/Air commanded equivalence Absolute throttle position B
Accelerator pedal position D Catalyst temperature

16. Recognition result
Armin Wasicek 16
Size of subset (% of dataset)
0 10 20 30 40 50 60 70 80 90
Anomalyscore
10
6
10
7
108
109
10
10
10
11
ANN w. 16 hidden
ANN w. 32 hidden
ANN w. 43 hidden
Iterations
1 2 3 4 5 6 7 8 9 10 11 12
RatioanomalyscoreofXmod
/Xval
0
1
2
3
4
5
6
7
8
9
ANN w. 43 hidden
ANN w. 32 hidden
ANN w. 16 hidden
ANN with 43 hidden nodes has 6-8 times higher
anomaly score than validation set. 16 ~ factor
1.5

17. Conclusion and Outlook
• CPS integrate physical and cyber processes
• IDS need to target both sides of the coin
• Integrate with other security mechanisms
• Intelligently use the cloud to recognize attacks
• Faults, ageing, and repair effects are challenging
17Armin Wasicek

18. Thanks for your attention!
Contact me: arminw@berkeley.edu