Accessible Unlicensed Requires Authentication Published by De Gruyter Oldenbourg December 5, 2020

Temporal-based intrusion detection for IoV

Mohammad Hamad ORCID logo, Zain A. H. Hammadeh, Selma Saidi and Vassilis Prevelakis

Abstract

The Internet of Vehicle (IoV) is an extension of Vehicle-to-Vehicle (V2V) communication that can improve vehicles’ fully autonomous driving capabilities. However, these communications are vulnerable to many attacks. Therefore, it is critical to provide run-time mechanisms to detect malware and stop the attackers before they manage to gain a foothold in the system. Anomaly-based detection techniques are convenient and capable of detecting off-nominal behavior by the component caused by zero-day attacks. One significant critical aspect when using anomaly-based techniques is ensuring the correct definition of the observed component’s normal behavior. In this paper, we propose using the task’s temporal specification as a baseline to define its normal behavior and identify temporal thresholds that give the system the ability to predict malicious tasks. By applying our solution on one use-case, we got temporal thresholds 20–40 % less than the one usually used to alarm the system about security violations. Using our boundaries ensures the early detection of off-nominal temporal behavior and provides the system with a sufficient amount of time to initiate recovery actions.

ACM CCS:

Funding source: Horizon 2020 Framework Programme

Award Identifier / Grant number: 833742

Award Identifier / Grant number: 786890

Award Identifier / Grant number: 830927

Award Identifier / Grant number: 823916

Funding statement: This work is partially supported by the European Commission through the following H2020 projects: nIoVe under Grant Agreement No. 833742, THREAT-ARREST under Grant Agreement No. 786890, CONCORDIA under Grant Agreement No. 830927, and SmartShip under Grant Agreement No. 823916.

References

1. Faraz Ahmed, Haider Hameed, M. Zubair Shafiq, and Muddassar Farooq. Using Spatio-temporal Information in API Calls with Machine Learning Algorithms for Malware Detection. In Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, pages 55–62. ACM, 2009.Search in Google Scholar

2. James P. Anderson. Computer Security Technology Planning Study. Volume 2. Technical report, DTIC Document, 1972.Search in Google Scholar

3. Neil C. Audsley, Alan Burns, Robert I. Davis, Ken W. Tindell, and Andy J. Wellings. Fixed Priority Pre-emptive Scheduling: An Historical Perspective. Real-Time Systems, 8(2-3):173–198, 1995.Search in Google Scholar

4. Felice Balarin, Luciano Lavagno, Praveen Murthy, Alberto Sangiovanni-Vincentelli, et al. Scheduling for Embedded Real-time Systems. IEEE Design & Test of Computers, 15(1):71–82, 1998.Search in Google Scholar

5. Dominique Bertrand, Sébastien Faucou, and Yvon Trinquet. An Analysis of the AUTOSAR OS Timing Protection Mechanism. In IEEE Conference on Emerging Technologies & Factory Automation, 2009 (ETFA 2009), pages 1–8. IEEE, 2009.Search in Google Scholar

6. R. I. Davis, K. W. Tindell, and A. Burns. Scheduling Slack Time in Fixed Priority Pre-emptive Systems. In Real-Time Systems Symposium, 1993, Proceedings, pages 222–231, Dec. 1993.Search in Google Scholar

7. Mohammad Hamad, Zain A. H. Hammadeh, Selma Saidi, Vassilis Prevelakis, and Rolf Ernst. Prediction of Abnormal Temporal Behavior in Real-time Systems. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing, pages 359–367, 2018.Search in Google Scholar

8. Mohammad Hamad and Vassilis Prevelakis. Implementation and Performance Evaluation of Embedded IPsec in Microkernel OS. In 2015 World Symposium on Computer Networks and Information Security (WSCNIS), pages 1–7. IEEE, 2015.Search in Google Scholar

9. Mohammad Hamad, Johannes Schlatow, Vassilis Prevelakis, and Rolf Ernst. A Communication Framework for Distributed Access Control in Microkernel-based Systems. In 12th Annual Workshop on Operating Systems Platforms for Embedded Real-Time Applications (OSPERT16), 2016.Search in Google Scholar

10. Mohammad Hamad, Marinos Tsantekidis, and Vassilis Prevelakis. Red-Zone: Towards an Intrusion Response Framework for Intra-vehicle System. In Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems, VEHITS 2019, Heraklion, Crete, Greece, May 3–5, 2019, pages 148–158. SciTePress, 2019.Search in Google Scholar

11. Moncef Hamdaoui and Parameswaran Ramanathan. A Dynamic Priority Assignement Technique for Streams with (m, k)-Firm Deadlines. IEEE Trans. Computers, 44(12):1443–1451, 1995.Search in Google Scholar

12. Hans Hansson, Mikael Åkerholm, Ivica Crnkovic, and Martin Torngren. SaveCCM-a Component Model for Safety-critical Real-time Systems. In Proceedings. 30th Euromicro Conference, 2004, pages 627–635. IEEE, 2004.Search in Google Scholar

13. Grant A. Jacoby, Randy Marchany, and Nathaniel J. Davis. Battery-based Intrusion Detection a First Line of Defense. In Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004, pages 272–279. IEEE, 2004.Search in Google Scholar

14. Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon Mccoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage. Experimental Security Analysis of a Modern Automobile. In Proceedings of IEEE Symposium on Security and Privacy, 2010.Search in Google Scholar

15. Krutartha Patel and Sri Parameswaran. SHIELD: a Software Hardware Design Methodology for Security and Reliability of MPSoCs. In 45th ACM/IEEE Design Automation Conference, 2008 (DAC 2008), pages 858–861. IEEE, 2008.Search in Google Scholar

16. Martin Pohlack, Björn Döbel, and Adam Lackorzynski. Towards Runtime Monitoring in Real-time Systems.Search in Google Scholar

17. Sophie Quinton, Matthias Hanke, and Rolf Ernst. Formal Analysis of Sporadic Overload in Real-time Systems. In 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE 2012), Dresden, Germany, March 12–16, 2012, pages 515–520, 2012.Search in Google Scholar

18. Lui Sha, Tarek Abdelzaher, Karl-Erik Årzén, Anton Cervin, Theodore Baker, Alan Burns, Giorgio Buttazzo, Marco Caccamo, John Lehoczky, and Aloysius K. Mok. Real Time Scheduling Theory: A Historical Perspective. Real-Time Systems, 28(2-3):101–155, 2004.Search in Google Scholar

19. Hyun Min Song, Ha Rang Kim, and Huy Kang Kim. Intrusion Detection System Based on the Analysis of Time Intervals of CAN Messages for In-vehicle Network. In 2016 International Conference on Information Networking (ICOIN), pages 63–68. IEEE, 2016.Search in Google Scholar

20. John A. Stankovic and Krithi Ramamritham. What is Predictability for Real-time Systems?, 1990.Search in Google Scholar

21. A. Taylor, N. Japkowicz, and S. Leblanc. Frequency-based Anomaly Detection for the Automotive CAN Bus. In 2015 World Congress on Industrial Control Systems Security (WCICSS), pages 45–49, Dec. 2015, doi:10.1109/WCICSS.2015.7420322.Search in Google Scholar

22. Hideyuki Tokuda, Makoto Kotera, and Clifford Mercer. A Real-time Monitor for a Distributed Real-time Operating System. In Proceedings of the 1988 ACM SIGPLAN and SIGOPS Workshop on Parallel and Distributed Debugging, pages 68–77, 1988.Search in Google Scholar

23. Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Mihai Christodorescu, and Lui Sha. Learning Execution Contexts from System Call Distribution for Anomaly Detection in Smart Embedded System. In Proceedings of the Second International Conference on Internet-of-Things Design and Implementation, pages 191–196. ACM, 2017.Search in Google Scholar

24. Clinton Young, Habeeb Olufowobi, Gedare Bloom, and Joseph Zambreno. Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes. In ACM Workshop on Automotive Cybersecurity (AutoSec ’19), 2019.Search in Google Scholar

25. Christopher Zimmer, Balasubramany Bhat, Frank Mueller, and Sibin Mohan. Intrusion Detection for CPS Real-time Controllers. In Cyber Physical Systems Approach to Smart Electric Power Grid, pages 329–358. Springer, 2015.Search in Google Scholar

Received: 2020-03-14
Revised: 2020-10-19
Accepted: 2020-10-20
Published Online: 2020-12-05
Published in Print: 2020-12-16

© 2020 Walter de Gruyter GmbH, Berlin/Boston