Intrusion prevention system of automotive network CAN bus

Abstract

Automotive networks based on the Controller Area Network (CAN) bus (ISO 11898) family of protocols have been shown to be vulnerable to exploits by hackers who are outside the vehicle. These networks can be compromised in a manner which could jeopardize vehicle occupants. One well-publicized exploit led to a costly automotive recall that affected more than a million vehicles. Other exploits can allow criminals to steal cars without physically breaking into them. While no fatalities have yet occurred, hackers could trigger an event that led to accident involving serious injury or even death. The CAN bus connects electronic control units (ECUs), some of which are required for safety and emissions systems such as the anti-lock braking and fuel injection systems. In addition to controlling required functions, other ECUs provide consumer-oriented features such as infotainment and lighting. Whether factory installed or aftermarket add-ons, each ECU introduces attack vectors into the overall automotive network. This research focuses on securing these vehicle networks, specifically the CAN bus. This paper will analyze the current vulnerabilities and describe our design for a real-time intrusion prevention system (IPS) that neutralizes attacks by actively monitoring the CAN bus and eliminating malicious messages.