CAVIDS: Real time intrusion detection system for connected autonomous vehicles using logical analysis of data

Abstract

In recent times, Connected Autonomous Vehicles (CAVs) have been gaining popularity and have already begun to revolutionize the transport industry, mainly using real-time monitoring, analysis and exchange of data through In-Vehicle Networks (IVN). IVN can also interact with the outside world and roadside infrastructures. With all these advantages, certain weaknesses also creep in as the communication in IVN lacks proper security measures like encryption and authentication. These lack of security measures in IVN makes CAVs vulnerable to cyber-attacks which may have fatal consequences. The de facto standard for communication in IVN is known as Controller Area Network or CAN, and it also lacks said security features to protect CAN from outside threats like cyber attacks, sensor tempering etc. Real-time intrusion detection with minimal computational resources is the need of the hour to prevent disruptive consequences and fatal crashes. In this paper, we propose an intrusion detection method based on Logical Analysis of Data (LAD) which facilitates real-time intrusion detection in CAVs using minimal computational resources. LAD is a two-class classification technique which uses the concept of a partially defined Boolean function (pdBf) to extract different rules for classification from a historical dataset consisting of CAN messages only. Usually, the normal behaviour of any CAV is specified using the extracted rules, and any unusual behaviour that does not conform with the extracted rules is treated as an anomaly. In this paper, we have extracted rules for anomaly and treated all behaviours that do not conform with these extracted rules as normal. The proposed method outperforms many state-of-the-art approaches, which include other rule-based methods, machine learning and deep learning methods both in terms of F1 score and detection time. For CarChallenge 2020 dataset, the proposed method requires lesser than 47.5 μs for detection using a Raspberry Pi device, which is far less than the average time difference between two consecutive CAN messages and thus can be considered as real-time intrusion detection. Real-time intrusion detection is important in preventing any untoward incidents in CAVs.