A Survey of Anomaly Detection for Connected Vehicle Cybersecurity and Safety.pdf

Libria

191

6页

0次

2021-02-22

50墨值下载

A Survey of Anomaly Detection for

Connected Vehicle Cybersecurity and Safety

Gopi Krishnan Rajbahadur

, Andrew J. Malton

, Andrew Walenstein

and Ahmed E. Hassan

Abstract— Anomaly detection techniques have been applied

to the challenging problem of ensuring both cybersecurity

and safety of connected vehicles. We propose a taxonomy

of prior research in this domain. Our proposed taxonomy

has 3 overarching dimensions subsuming 9 categories and 38

subcategories. Key observations emerging from the survey are:

Real-world datasets are seldom used, but instead, most results

are derived from simulations; V2V/V2I communications and in-

vehicle communication are not considered together; proposed

techniques are seldom evaluated against a baseline; safety of

the vehicles does not attract as much attention as cybersecurity.

I. INTRODUCTION

Velosa et al. [1] predicted that there will be a quarter of a

billion connected vehicles on the road by 2020. A connected

vehicle is one that is capable of connecting to a network, i.e.,

it can be used to communicate with other vehicles (V2V) or

the infrastructure (V2I) for purposes ranging from increased

infotainment capabilities to sophisticated applications like

collision and congestion avoidance [2]. In the case of V2V,

frequently vehicles are proposed to form a Vehicular Ad-hoc

Network (VANET).

While connected vehicles increase convenience and safety

of the passengers, they also present a greatly expanded

attack surface that could be exploited [3]. Some research [4],

[5], [6] already demonstrates exploitable vulnerabilities in

ordinary vehicles. The increased number of connections of

the connected vehicles only stand to increase the impact and

prevalence of such vulnerabilities. Furthermore, ensuring the

safety and security of connected vehicles become paramount

with increased efforts by governments to enable functional

VANETs [7].

In this paper, we survey and analyze the research since

early 2000’s, that are applying anomaly detection to the

problems of safety and cybersecurity of connected vehicles.

Anomaly detection is the process of identifying data points

or events which do not follow an expected pattern [8]. To the

best of our knowledge, this is the ﬁrst study to survey the use

of anomaly detection in this context. We propose a taxonomy

based on 3 overarching categories and 9 sub-categories. We

further have 38 dimensions into which we categorize all the

surveyed papers.

Our survey and analysis lead to the following inferences:

Gopi Krishnan Rajbahadur and Ahmed E. Hassan are with School of

Computing in Queen’s University, Canada krishnan@cs.queensu.ca,

ahmed@cs.queensu.ca

Andrew J. Malton and Andrew Walenstein are with BlackBerry

amalton@blackberry.com, awalenstein@blackberry.com

1) Most of the research (37 out of the 65 surveyed papers)

has been carried out on simulated datasets (Only 19 out

of the 65 surveyed papers used real-world datasets).

2) V2X and in-vehicle communications are largely not

explored together (except for 1 out of the 65 surveyed

papers), making the research fragmented.

3) The safety of connected vehicles is less well studied

(only 21 out of the 65 surveyed papers) than their

cybersecurity.

4) Newly proposed approaches that employ anomaly de-

tection techniques are seldom (only 4 out of the 65

surveyed papers) compared to a baseline, leading to

poor quantiﬁcation of the effectiveness of the proposed

approaches.

Therefore, we propose that greater attention could be spent

to establish benchmarks and baseline techniques against

which new techniques could be evaluated. Furthermore, we

also advocate for the increased utilization of real-world data

instead of simulated data.

The remainder of the paper is organized as follows.

We explore the related work and our survey methods in

Sections II and III, and propose our taxonomy in Section IV.

Finally we discuss our inferences in Section V, and conclude

the paper in Section VI.

II. RELATED WORK

Unlike the present survey, the prior surveys, since early

2000’s, consider VANET and in-vehicle networks separately.

For instance, Erritali et al. [9] surveyed a variety of intru-

sion detection methods proposed in VANETs, and Sakiz et

al. [10] comprehensively surveyed all the possible attacks

and proposed detection mechanisms pertaining to VANETs.

Neither of the studies considers possible in-vehicle network

based cybersecurity or safety issues. Few of the research

surveyed the possible threats and countermeasures in in-

vehicle networks. For instance Liu et al., McCune et al.

and Kelberger et al. [11], [12], [13] present the various

threats and possible countermeasures for in-vehicle (Con-

troller Area Network (CAN), Local Interconnect Network

(LIN), FlexRay etc.,) cybersecurity issues (VANET based

issue are not considered). Our present survey is the ﬁrst

to review anomaly detection techniques in general, in the

context of connected vehicles.

2018 IEEE

2018 IEEE Intelligent Vehicles Symposium (IV)

Changshu, Suzhou, China, June 26-30, 2018

III. SURVEY METHOD

To ensure reproducibility, our survey follows Wholin’s

snowballing method [14] as follows.

Scope deﬁnition: Following Chandola et al. [8] we deﬁne

anomaly detection as ”ﬁnding patterns in data that do not

conform to expected behavior.” A model is formed or learned

and then data are monitored for conformance.

Collecting initial set of studies: We identiﬁed an initial

set of papers by keyword search in Google scholar. We did so

to avoid publisher bias. The keywords used were: “Anomaly

detection”, “Connected vehicles”, “VANET”, “V2I”, “V2V”,

“Intrusion detection”, “Misbehavior detection”, “CAN bus”,

“In-Vehicle”, “safety”, “Security”.

Snowballing: The initial set collected through keyword

search might not be exhaustive. Therefore, we performed

backward and forward snowballing to collect all the ref-

erences that are cited by the initial set. Papers were then

included or excluded by reading the abstract followed by

a thorough reading with the scope in mind (thereby, elim-

inating papers that are out of our scope). This snowballing

process was iterated until no new relevant papers that were

added. There are 65 papers ﬁnally in our study.

Although Wholin [14] recommends contacting the promi-

nent researchers in the ﬁeld for more relevant literature, we

omitted this step as we could not conclusively establish the

most important researchers, given the diversity of the ﬁeld.

Data extraction and taxonomy development: Once

all the relevant papers were collected exhaustively through

Wholin’s survey methodology [14], we noted down the key

elements of each paper. We employed an open card sort

technique [15] with the collected key points to arrive at

the dimensions of our proposed taxonomy. The open card

sorting technique is the process of organizing key elements

into conceptual groups by consensus among the participants

in the process. We used this technique to arrive at our

38 dimensions (bottom-level). We then used a bottom-up

approach and grouped these dimensions into 9 sub-categories

(middle-level) which we later subsumed into 3 overarching

categories (top-level) based on multiple iterations of the

sorting. We carried out the process of open card sorting only

among the authors of this study, even though the process

typically involves a larger group [15]. Finally, we assigned

each of the collected papers into our taxonomy, by labeling

each with every assigned dimension it occupies.

IV. TAXONOMY

The process above yielded a taxonomy (see Figure 1) with

3 top-level categories, 9 sub-categories, and 38 dimensions.

The categories represent the higher level traits of the research

area. Our aim was to identify the addressed threat, solution,

and the research characteristics of each paper. Especially,

the captured the research characteristics, shine light on the

type and rigor of the conducted experiments.

Each of the proposed categories, in turn, comprises of

several sub-categories. The Threat Characteristics has 2

sub-categories, Solution Characteristics has 4, and research

characteristics has 3 each, that better capture the traits of

each category. The sub-categories further have dimensions

as illustrated in Figure 1, which capture and highlight the

technical differences that distinguish each sub-category, as

follows.

A. Threat Characteristics

This category concerns the threat addressed by each sur-

veyed paper. We divide it into two orthogonal sub-categories

as follows.

1) Attack surface: Attack surface identiﬁes the potential

points of vulnerability in a connected vehicle. For instance,

a paper might be addressing CAN bus (Other Buses not

considered due to lack of sufﬁcient literature) based attacks

whereas some other papers focus exclusively on attacks that

counterfeit a vehicle’s ECU (Electronic Control Unit) output.

2) Attack method: A paper may address more than

one attack method. We speciﬁcally call attention to the

Black/Grey/Worm hole attacks dimension in this sub-

category. These are routing based attacks that involve either

dropping, selectively forwarding or malicious rerouting of

communication packets in a VANET [16].

B. Solution Characteristics

This category represents the nature of the solution pro-

posed to counter the threat.

1) Motivation: Whether an anomaly detection technique

is used to detect a threat or to also provide a response to the

threat.

2) Deployment point: Which part of the connected vehicle

is the proposed solution deployed to. For instance, a solution

might be deployed in the ECU of a vehicle, or in the Central

Authority (CA) or the Road Side Unit (RSU) of a VANET.

3) Security goal: Whether the information security (in-

tegrity, conﬁdentiality, availability) [17] and/or safety of a

connected vehicle is safeguarded. Physical security is out of

the scope of this work.

4) Anomaly detection method: Anomalies may be de-

tected in multiple ways. The taxonomy distinguishes the

anomaly detection method used. We draw attention to the

rule-based methods dimension here, which, represents only

research which infers rules automatically from vehicles op-

eration, rather than those eliciting rules from the experts.

C. Research Characteristics

While the above-mentioned categories distinguished prior

research based on the addressed threats and the solutions by

identiﬁed dimensions, this category addresses the research

methods and the data.

1) Scientiﬁc character: This sub-category records

whether a paper is a theoretical, experimental, empirical or

survey paper. A paper may be a combination of types.

2) Data source: This sub-category records if paper uses

authentic (real data) or simulated data.

422