IRIS

The automotive industry is designing increasingly sophisticated electronic components in order to make modern vehicles safer and more connected. This means not only more functionality available but also an increased risk to vehicle security and driver safety. Over the years, academia and industry have identified security issues in Electronic Control Units (ECUs) software and the protocols they use to communicate. Many of the attacks proposed in the literature exploit weaknesses in the Controller Area Network (CAN), one of the most widely used protocols for internal network communication. Researchers have proposed techniques focused on using Machine Learning (ML) models to identify attacks that exploit vulnerabilities in the CAN protocol. However, these techniques are not enough, as it is necessary to introduce the knowledge of how these attacks occurred and propose remediations to counter them to design more secure components. So, it is necessary to use ML models that use a multi-class classification to obtain the attack typology to obtain information that aims to resolve or understand the threat. To this end, this paper proposes a Pachamama methodology that identifies CAN attacks by proposing a simulation environment in which an ML algorithm is deployed. Then, a Vehicle-Security Operation Center (Vehicle-SOC) allows the classification of the received message from the Intrusion Detection System (IDS) to propose remediations for security analysts or developers working in the automotive world.

Automotive Intelligence for supporting Vehicle-SOC analysts

Vita Santa Barletta
Investigation
;Danilo Caivano
Methodology
;Christian Catalano
Validation
;Mirko (De Vincentiis)
Writing – Original Draft Preparation
;Michele Scalera
Writing – Review & Editing
2025-01-01

Abstract

The automotive industry is designing increasingly sophisticated electronic components in order to make modern vehicles safer and more connected. This means not only more functionality available but also an increased risk to vehicle security and driver safety. Over the years, academia and industry have identified security issues in Electronic Control Units (ECUs) software and the protocols they use to communicate. Many of the attacks proposed in the literature exploit weaknesses in the Controller Area Network (CAN), one of the most widely used protocols for internal network communication. Researchers have proposed techniques focused on using Machine Learning (ML) models to identify attacks that exploit vulnerabilities in the CAN protocol. However, these techniques are not enough, as it is necessary to introduce the knowledge of how these attacks occurred and propose remediations to counter them to design more secure components. So, it is necessary to use ML models that use a multi-class classification to obtain the attack typology to obtain information that aims to resolve or understand the threat. To this end, this paper proposes a Pachamama methodology that identifies CAN attacks by proposing a simulation environment in which an ML algorithm is deployed. Then, a Vehicle-Security Operation Center (Vehicle-SOC) allows the classification of the received message from the Intrusion Detection System (IDS) to propose remediations for security analysts or developers working in the automotive world.
2025
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11586/555520
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact