Researcher wants to protect cars against internet attacks with machine learning
The Chinese researcher Jun Li of the security company Qihoo360 presented a system at the Hack in the Box security conference, whereby cars should be protected against internet attacks. This system works on the basis of machine learning.
The system is called ‘CANsee’, named after the internal network of, for example, cars, which is also called ‘Controller Area Network’ or CAN. Li indicates that he has been interested in cars from an early age and has therefore started investigating their security. For this research, Li was involved in hacking into a Tesla model. To underline the necessity of his research, the researcher refers to the hack on a 2015 Jeep Cherokee, in which the brakes and engine could be switched off via the internet.
The systems of modern cars use an ECU, which processes data from various sensors from the car and ensures optimal engine performance. These devices are generally encrypted. However, the data read from the sensors can be falsified by an attacker through packet injection or parameter spoofing. According to Li, these attackers generally gain access to a car by using the connectivity options of an on-board infotainment system, for example through Bluetooth or Wi-Fi. This gives them access to the CAN of the car.
For example, the attack on the Jeep worked by faking the speed of the car to 5km/h in order to take advantage of the engine shutdown feature. Li explains that a security system against these types of attacks encounters a few difficulties. For example, it must work in real time and must track falsified data back to the source. The latter is difficult, because packets within a CAN do not contain source information, but only a message id. Finally, the system must be able to deal with a false positive in a normal way, so that a false alarm does not have significant consequences for the steering of the car.
Li proposes an IDS, or intrusion detection system, that predicts how the car should behave in certain circumstances. Based on these predictions, abnormal traffic on the car’s network must be detected by the system, which can then intervene. The hard part is that you can’t just build a mathematical model to make this prediction, because the clutch and gears of the car make it non-linear, Li said.
His solution is therefore to apply machine learning to make these predictions. During the presentation, Li demonstrated on the basis of a video how he equipped a test car with his system and how he ‘trained’ it by performing a number of test drives. In the end, it turned out that the neural networks were able to make an accurate prediction fairly quickly based on sensor data from the CAN, which matched the actual behavior of the car. In this way, deviations in behavior can be dealt with quickly. Li plans to make the code of his research publicly available soon.