{"title":"通过受损传感器数据重建实现重型车辆的弹性","authors":"H. Shirazi, W. Pickard, I. Ray, Haonan Wang","doi":"10.1145/3508398.3511523","DOIUrl":null,"url":null,"abstract":"Almost all aspects of modern automobiles are controlled by embedded computers, known as Electronic Control Units (ECUs). ECUs are connected with each other over a Controller Area Network (CAN) network. ECUs communicate with each other and control the automobile's behavior using messages. Heavy vehicles, unlike passenger cars, are constructed using ECUs manufactured by different Original Equipment Manufacturers (OEMs). For reasons of interoperability, the Society of Automotive Engineers (SAE) mandates that all ECUs should communicate using the standardized SAE-J1939 protocol that gives semantics to the signals transmitted on the CAN network. Security concerns have been historically ignored in protocols and standards. Consequently, an ECU having malicious code can spoof other ECUs, e.g., a message can be injected through the OBD-II port or the telematics unit into the internal network to interfere with the behavior of the vehicle. Intrusion Detection Systems (IDS) have been proposed and utilized to detect various types of security attacks. However, such systems are only capable of detecting attacks and cannot mitigate them. A compromised ECU may generate invalid data values; even if such invalid values are detected, there is still a need to counter their effects. Almost all prior works focus on detecting attacks. We demonstrate how to make the vehicle resilient to attacks. We analyze the log files of real driving scenarios and show ECUs are significantly dependent on other ECUs to operate. We demonstrate that parameters of a compromised ECU can be reconstructed from those of other non-compromised ECUs to allow the vehicle to continue operation and make it resilient to attacks. We achieve this by modeling the behavior of an ECU using the multivariate Long Short-Term Memory (LSTM) neural network. We then reconstruct compromised ECU values using information obtained from trustworthy ECUs. Despite some levels of errors, our model can reconstruct trustworthy data values that can be substituted for values generated by compromised ECUs. The error between the reconstructed values and the correct ones is less than 6% of the operating range for the compromised ECU, which is significantly low and can be substituted. Our proposed approach makes the vehicle resilient without requiring changes to the internal architecture.","PeriodicalId":102306,"journal":{"name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Towards Resiliency of Heavy Vehicles through Compromised Sensor Data Reconstruction\",\"authors\":\"H. Shirazi, W. Pickard, I. Ray, Haonan Wang\",\"doi\":\"10.1145/3508398.3511523\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Almost all aspects of modern automobiles are controlled by embedded computers, known as Electronic Control Units (ECUs). ECUs are connected with each other over a Controller Area Network (CAN) network. ECUs communicate with each other and control the automobile's behavior using messages. Heavy vehicles, unlike passenger cars, are constructed using ECUs manufactured by different Original Equipment Manufacturers (OEMs). For reasons of interoperability, the Society of Automotive Engineers (SAE) mandates that all ECUs should communicate using the standardized SAE-J1939 protocol that gives semantics to the signals transmitted on the CAN network. Security concerns have been historically ignored in protocols and standards. Consequently, an ECU having malicious code can spoof other ECUs, e.g., a message can be injected through the OBD-II port or the telematics unit into the internal network to interfere with the behavior of the vehicle. Intrusion Detection Systems (IDS) have been proposed and utilized to detect various types of security attacks. However, such systems are only capable of detecting attacks and cannot mitigate them. A compromised ECU may generate invalid data values; even if such invalid values are detected, there is still a need to counter their effects. Almost all prior works focus on detecting attacks. We demonstrate how to make the vehicle resilient to attacks. We analyze the log files of real driving scenarios and show ECUs are significantly dependent on other ECUs to operate. We demonstrate that parameters of a compromised ECU can be reconstructed from those of other non-compromised ECUs to allow the vehicle to continue operation and make it resilient to attacks. We achieve this by modeling the behavior of an ECU using the multivariate Long Short-Term Memory (LSTM) neural network. We then reconstruct compromised ECU values using information obtained from trustworthy ECUs. Despite some levels of errors, our model can reconstruct trustworthy data values that can be substituted for values generated by compromised ECUs. The error between the reconstructed values and the correct ones is less than 6% of the operating range for the compromised ECU, which is significantly low and can be substituted. Our proposed approach makes the vehicle resilient without requiring changes to the internal architecture.\",\"PeriodicalId\":102306,\"journal\":{\"name\":\"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-04-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3508398.3511523\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3508398.3511523","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
现代汽车的几乎所有方面都由嵌入式计算机控制,称为电子控制单元(ecu)。ecu之间通过CAN (Controller Area Network)网络连接。ecu之间相互通信,并使用消息控制汽车的行为。与乘用车不同,重型车辆使用不同原始设备制造商(oem)生产的ecu。出于互操作性的考虑,汽车工程师协会(SAE)要求所有ecu都应该使用标准化的SAE- j1939协议进行通信,该协议为CAN网络上传输的信号提供语义。安全问题历来被协议和标准所忽视。因此,带有恶意代码的ECU可以欺骗其他ECU,例如,可以通过OBD-II端口或远程信息处理单元将消息注入内部网络以干扰车辆的行为。入侵检测系统(IDS)已被提出并用于检测各种类型的安全攻击。然而,这样的系统只能检测攻击,而不能减轻攻击。受损的ECU可能会生成无效的数据值;即使检测到这样的无效值,仍然需要抵消它们的影响。几乎所有先前的工作都集中在检测攻击上。我们演示了如何使车辆抵御攻击。我们分析了真实驾驶场景的日志文件,并表明ecu的运行明显依赖于其他ecu。我们证明,受损ECU的参数可以从其他未受损ECU的参数中重建,以使车辆继续运行并使其具有抵御攻击的弹性。我们通过使用多元长短期记忆(LSTM)神经网络对ECU的行为建模来实现这一点。然后,我们使用从可信赖的ECU获得的信息重建受损的ECU值。尽管存在一定程度的错误,但我们的模型可以重建可信赖的数据值,这些数据值可以替代受损ecu生成的值。重建值与正确值的误差小于受损ECU工作范围的6%,非常低,可以替代。我们提出的方法使车辆具有弹性,而不需要改变内部架构。
Towards Resiliency of Heavy Vehicles through Compromised Sensor Data Reconstruction
Almost all aspects of modern automobiles are controlled by embedded computers, known as Electronic Control Units (ECUs). ECUs are connected with each other over a Controller Area Network (CAN) network. ECUs communicate with each other and control the automobile's behavior using messages. Heavy vehicles, unlike passenger cars, are constructed using ECUs manufactured by different Original Equipment Manufacturers (OEMs). For reasons of interoperability, the Society of Automotive Engineers (SAE) mandates that all ECUs should communicate using the standardized SAE-J1939 protocol that gives semantics to the signals transmitted on the CAN network. Security concerns have been historically ignored in protocols and standards. Consequently, an ECU having malicious code can spoof other ECUs, e.g., a message can be injected through the OBD-II port or the telematics unit into the internal network to interfere with the behavior of the vehicle. Intrusion Detection Systems (IDS) have been proposed and utilized to detect various types of security attacks. However, such systems are only capable of detecting attacks and cannot mitigate them. A compromised ECU may generate invalid data values; even if such invalid values are detected, there is still a need to counter their effects. Almost all prior works focus on detecting attacks. We demonstrate how to make the vehicle resilient to attacks. We analyze the log files of real driving scenarios and show ECUs are significantly dependent on other ECUs to operate. We demonstrate that parameters of a compromised ECU can be reconstructed from those of other non-compromised ECUs to allow the vehicle to continue operation and make it resilient to attacks. We achieve this by modeling the behavior of an ECU using the multivariate Long Short-Term Memory (LSTM) neural network. We then reconstruct compromised ECU values using information obtained from trustworthy ECUs. Despite some levels of errors, our model can reconstruct trustworthy data values that can be substituted for values generated by compromised ECUs. The error between the reconstructed values and the correct ones is less than 6% of the operating range for the compromised ECU, which is significantly low and can be substituted. Our proposed approach makes the vehicle resilient without requiring changes to the internal architecture.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
