SaTC: CORE: Small: Collaborative: GOALI: Detecting and Reconstructing Network Anomalies and Intrusions in Heavy Duty Vehicles

SaTC：核心：小型：协作：GOALI：检测和重建重型车辆中的网络异常和入侵

• 批准号: 1951224
• 负责人: Jeremy Daily
• 金额: $ 9.28万
• 依托单位: Colorado State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-08-15 至 2021-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1951224&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Collaborative; GOALI

Heavy vehicles (e.g., trucks and busses) are a critical element of U.S. and worldwide logistics, often carrying cargo of high value or high risk (e.g., explosive liquids and gasses). Heavy vehicles often have hundreds of Electronic Control Units (ECUs) that communicate over an internal network to carry commands (such as "engage the brakes") or share sensor data (such as the temperature of pressurized cargo unit carrying petroleum). ECUs with access to the communication network can send any message they want. If the network or an ECU is compromised by an attack, the truck or a cargo container safety mechanism could malfunction. This project is gathering data from operational trucks to better understand communication among components of heavy vehicles and developing techniques to detect attacks in this environment.The project is working to accomplish three main objectives: (1) Collect representative Controller Area Network (CAN) bus data from operational heavy vehicles, (2) Develop detection systems that can distinguish anomalous CAN bus network traffic, and (3) Test and verify the detection systems to reduce the number of false positives. The team is developing a log algebra to efficiently assess live CAN traffic using embedded devices with limited resources. Data is being gathered from truck traffic during highway operation, enabling the application of machine learning algorithms for anomaly detection. The team is evaluating the effectiveness of their intrusion detection techniques in their heavy vehicle testbed, using synthetic attacks against testbed ECUs and real-world CAN traffic data.

重型车辆（例如卡车和公共汽车）是美国和全球物流的关键要素，通常运载高价值或高风险的货物（例如爆炸性液体和气体）。 重型车辆通常有数百个电子控制单元 (ECU)，它们通过内部网络进行通信以传送命令（例如“接合制动器”）或共享传感器数据（例如运载石油的加压货物单元的温度）。能够访问通信网络的 ECU 可以发送它们想要的任何消息。 如果网络或 ECU 受到攻击，卡车或集装箱安全机制可能会发生故障。该项目正在从运营卡车收集数据，以更好地了解重型车辆组件之间的通信，并开发检测该环境中攻击的技术。该项目致力于实现三个主要目标：(1) 从运营重型车辆收集代表性控制器局域网 (CAN) 总线数据，(2) 开发能够区分异常 CAN 总线网络流量的检测系统，以及 (3) 测试和验证检测系统以减少误报数量。该团队正在开发一种对数代数，以使用资源有限的嵌入式设备有效评估实时 CAN 流量。在高速公路运营期间从卡车交通中收集数据，从而能够应用机器学习算法进行异常检测。该团队正在评估其重型车辆测试台中入侵检测技术的有效性，使用针对测试台 ECU 和真实 CAN 流量数据的综合攻击。

项目成果

Secure Controller Area Network Logging

安全控制器局域网日志记录

• DOI: 10.4271/2021-01-0136
• 发表时间: 2021
• 期刊: SAE Technical Paper Series
• 作者: Daily, Jeremy;Van, Duy
• 通讯作者: Van, Duy