The Internet of Vehicle (IoV) is an extension of Vehicle-to-Vehicle (V2V) communication that can improve vehicles’ fully autonomous driving capabilities. However, these communications are vulnerable to many attacks. Therefore, it is critical to provide run-time mechanisms to detect malware and stop the attackers before they manage to gain a foothold in the system. Anomaly-based detection techniques are convenient and capable of detecting off-nominal behavior by the component caused by zero-day attacks. One significant critical aspect when using anomaly-based techniques is ensuring the correct definition of the observed component’s normal behavior. In this paper, we propose using the task’s temporal specification as a baseline to define its normal behavior and identify temporal thresholds that give the system the ability to predict malicious tasks. By applying our solution on one use-case, we got temporal thresholds 20–40 % less than the one usually used to alarm the system about security violations. Using our boundaries ensures the early detection of off-nominal temporal behavior and provides the system with a sufficient amount of time to initiate recovery actions.
Funding source: Horizon 2020 Framework Programme
Award Identifier / Grant number: 833742
Award Identifier / Grant number: 786890
Award Identifier / Grant number: 830927
Award Identifier / Grant number: 823916
Funding statement: This work is partially supported by the European Commission through the following H2020 projects: nIoVe under Grant Agreement No. 833742, THREAT-ARREST under Grant Agreement No. 786890, CONCORDIA under Grant Agreement No. 830927, and SmartShip under Grant Agreement No. 823916.
About the authors
Dr.-Ing. Mohammad Hamad is a Postdoctoral Researcher in the Embedded Systems and Internet of Things group in the Faculty of Electrical Engineering and Information Technology at the Technical University of Munich (TUM). Mohammad received his Ph.D. from the Institute for Data Technology and Communication Networks at TU Braunschweig in 2020. Mohammad ’s research interests are in the area of Autonomous vehicle and IoT security.
Dr.-Ing. Zain A. H. Hammadeh a research scientist at the German Aerospace Center (DLR). In 2019, he received his Ph.D. degree (Dr.-Ing.) in real-time systems from TU Braunschweig, Germany with Prof. Rolf Ernst. Since Feb. 2019 he joined the Institute for Software Technology as a research scientist.
Prof. Dr. Selma Saidi Selma Saidi is a Professor of Embedded Systems in TU Dortmund. Her research focus involve the design, implementation and validation of innovative intelligent embedded systems. Key aspects are the development of novel hardware and software design methods for embedded and autonomous systems where performance, predictability and self-adaptability play an important role. Domains of applications are avionics, autonomous driving and Internet of Things. Selma Saidi received in 2013 a Ph.D. degree in computer sciences from the University of Grenoble in France conducted together with STMicroelectronics. After her PhD, She joined the Technical University of Braunschweig as a Postdoctoral researcher.
Prof. Dr. Vassilis Prevelakis is the professor of embedded computer security at the Technical University, Braunschweig, in Germany. He holds B.Sc. degrees with Honours in Mathematics and Computer Science and M.Sc. in Computer Science from university of Kent at Canterbury, U.K. and a Ph.D. in Computer Science from university of Geneva, Switzerland. He has worked in various areas of security in Systems and Networks both in his current academic capacity and as a freelance consultant. Prevelakis current research involves issues related to vehicular automation security, secure processors, security aspects of software engineering, auto-configuration issues in secure VPNs, etc.
1. Faraz Ahmed, Haider Hameed, M. Zubair Shafiq, and Muddassar Farooq. Using Spatio-temporal Information in API Calls with Machine Learning Algorithms for Malware Detection. In Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, pages 55–62. ACM, 2009.10.1145/1654988.1655003Search in Google Scholar
2. James P. Anderson. Computer Security Technology Planning Study. Volume 2. Technical report, DTIC Document, 1972.10.21236/AD0772806Search in Google Scholar
3. Neil C. Audsley, Alan Burns, Robert I. Davis, Ken W. Tindell, and Andy J. Wellings. Fixed Priority Pre-emptive Scheduling: An Historical Perspective. Real-Time Systems, 8(2-3):173–198, 1995.10.1007/BF01094342Search in Google Scholar
4. Felice Balarin, Luciano Lavagno, Praveen Murthy, Alberto Sangiovanni-Vincentelli, et al. Scheduling for Embedded Real-time Systems. IEEE Design & Test of Computers, 15(1):71–82, 1998.10.1109/54.655185Search in Google Scholar
5. Dominique Bertrand, Sébastien Faucou, and Yvon Trinquet. An Analysis of the AUTOSAR OS Timing Protection Mechanism. In IEEE Conference on Emerging Technologies & Factory Automation, 2009 (ETFA 2009), pages 1–8. IEEE, 2009.10.1109/ETFA.2009.5347159Search in Google Scholar
6. R. I. Davis, K. W. Tindell, and A. Burns. Scheduling Slack Time in Fixed Priority Pre-emptive Systems. In Real-Time Systems Symposium, 1993, Proceedings, pages 222–231, Dec. 1993.10.1109/REAL.1993.393496Search in Google Scholar
7. Mohammad Hamad, Zain A. H. Hammadeh, Selma Saidi, Vassilis Prevelakis, and Rolf Ernst. Prediction of Abnormal Temporal Behavior in Real-time Systems. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing, pages 359–367, 2018.10.1145/3167132.3167172Search in Google Scholar
8. Mohammad Hamad and Vassilis Prevelakis. Implementation and Performance Evaluation of Embedded IPsec in Microkernel OS. In 2015 World Symposium on Computer Networks and Information Security (WSCNIS), pages 1–7. IEEE, 2015.10.1109/WSCNIS.2015.7368294Search in Google Scholar
9. Mohammad Hamad, Johannes Schlatow, Vassilis Prevelakis, and Rolf Ernst. A Communication Framework for Distributed Access Control in Microkernel-based Systems. In 12th Annual Workshop on Operating Systems Platforms for Embedded Real-Time Applications (OSPERT16), 2016.Search in Google Scholar
10. Mohammad Hamad, Marinos Tsantekidis, and Vassilis Prevelakis. Red-Zone: Towards an Intrusion Response Framework for Intra-vehicle System. In Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems, VEHITS 2019, Heraklion, Crete, Greece, May 3–5, 2019, pages 148–158. SciTePress, 2019.10.5220/0007715201480158Search in Google Scholar
11. Moncef Hamdaoui and Parameswaran Ramanathan. A Dynamic Priority Assignement Technique for Streams with (m, k)-Firm Deadlines. IEEE Trans. Computers, 44(12):1443–1451, 1995.10.1109/12.477249Search in Google Scholar
12. Hans Hansson, Mikael Åkerholm, Ivica Crnkovic, and Martin Torngren. SaveCCM-a Component Model for Safety-critical Real-time Systems. In Proceedings. 30th Euromicro Conference, 2004, pages 627–635. IEEE, 2004.10.1109/EURMIC.2004.1333431Search in Google Scholar
13. Grant A. Jacoby, Randy Marchany, and Nathaniel J. Davis. Battery-based Intrusion Detection a First Line of Defense. In Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004, pages 272–279. IEEE, 2004.10.1109/IAW.2004.1437827Search in Google Scholar
14. Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon Mccoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage. Experimental Security Analysis of a Modern Automobile. In Proceedings of IEEE Symposium on Security and Privacy, 2010.10.1109/SP.2010.34Search in Google Scholar
15. Krutartha Patel and Sri Parameswaran. SHIELD: a Software Hardware Design Methodology for Security and Reliability of MPSoCs. In 45th ACM/IEEE Design Automation Conference, 2008 (DAC 2008), pages 858–861. IEEE, 2008.10.1145/1391469.1391686Search in Google Scholar
16. Martin Pohlack, Björn Döbel, and Adam Lackorzynski. Towards Runtime Monitoring in Real-time Systems.Search in Google Scholar
17. Sophie Quinton, Matthias Hanke, and Rolf Ernst. Formal Analysis of Sporadic Overload in Real-time Systems. In 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE 2012), Dresden, Germany, March 12–16, 2012, pages 515–520, 2012.10.1109/DATE.2012.6176523Search in Google Scholar
18. Lui Sha, Tarek Abdelzaher, Karl-Erik Årzén, Anton Cervin, Theodore Baker, Alan Burns, Giorgio Buttazzo, Marco Caccamo, John Lehoczky, and Aloysius K. Mok. Real Time Scheduling Theory: A Historical Perspective. Real-Time Systems, 28(2-3):101–155, 2004.10.1023/B:TIME.0000045315.61234.1eSearch in Google Scholar
19. Hyun Min Song, Ha Rang Kim, and Huy Kang Kim. Intrusion Detection System Based on the Analysis of Time Intervals of CAN Messages for In-vehicle Network. In 2016 International Conference on Information Networking (ICOIN), pages 63–68. IEEE, 2016.10.1109/ICOIN.2016.7427089Search in Google Scholar
20. John A. Stankovic and Krithi Ramamritham. What is Predictability for Real-time Systems?, 1990.10.1007/BF01995673Search in Google Scholar
21. A. Taylor, N. Japkowicz, and S. Leblanc. Frequency-based Anomaly Detection for the Automotive CAN Bus. In 2015 World Congress on Industrial Control Systems Security (WCICSS), pages 45–49, Dec. 2015, doi:10.1109/WCICSS.2015.7420322.Search in Google Scholar
22. Hideyuki Tokuda, Makoto Kotera, and Clifford Mercer. A Real-time Monitor for a Distributed Real-time Operating System. In Proceedings of the 1988 ACM SIGPLAN and SIGOPS Workshop on Parallel and Distributed Debugging, pages 68–77, 1988.10.1145/68210.69222Search in Google Scholar
23. Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Mihai Christodorescu, and Lui Sha. Learning Execution Contexts from System Call Distribution for Anomaly Detection in Smart Embedded System. In Proceedings of the Second International Conference on Internet-of-Things Design and Implementation, pages 191–196. ACM, 2017.10.1145/3054977.3054999Search in Google Scholar
24. Clinton Young, Habeeb Olufowobi, Gedare Bloom, and Joseph Zambreno. Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes. In ACM Workshop on Automotive Cybersecurity (AutoSec ’19), 2019.10.1145/3309171.3309179Search in Google Scholar
25. Christopher Zimmer, Balasubramany Bhat, Frank Mueller, and Sibin Mohan. Intrusion Detection for CPS Real-time Controllers. In Cyber Physical Systems Approach to Smart Electric Power Grid, pages 329–358. Springer, 2015.10.1007/978-3-662-45928-7_12Search in Google Scholar
© 2020 Walter de Gruyter GmbH, Berlin/Boston