SaTC: CORE: Small: Collaborative: GOALI: Detecting and Reconstructing Network Anomalies and Intrusions in Heavy Duty Vehicles

SaTC：核心：小型：协作：GOALI：检测和重建重型车辆中的网络异常和入侵

• 批准号: 1951224
• 负责人: Jeremy Daily
• 金额: $ 9.28万
• 依托单位: Colorado State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-08-15 至 2021-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1951224&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Collaborative; GOALI

Heavy vehicles (e.g., trucks and busses) are a critical element of U.S. and worldwide logistics, often carrying cargo of high value or high risk (e.g., explosive liquids and gasses). Heavy vehicles often have hundreds of Electronic Control Units (ECUs) that communicate over an internal network to carry commands (such as "engage the brakes") or share sensor data (such as the temperature of pressurized cargo unit carrying petroleum). ECUs with access to the communication network can send any message they want. If the network or an ECU is compromised by an attack, the truck or a cargo container safety mechanism could malfunction. This project is gathering data from operational trucks to better understand communication among components of heavy vehicles and developing techniques to detect attacks in this environment.The project is working to accomplish three main objectives: (1) Collect representative Controller Area Network (CAN) bus data from operational heavy vehicles, (2) Develop detection systems that can distinguish anomalous CAN bus network traffic, and (3) Test and verify the detection systems to reduce the number of false positives. The team is developing a log algebra to efficiently assess live CAN traffic using embedded devices with limited resources. Data is being gathered from truck traffic during highway operation, enabling the application of machine learning algorithms for anomaly detection. The team is evaluating the effectiveness of their intrusion detection techniques in their heavy vehicle testbed, using synthetic attacks against testbed ECUs and real-world CAN traffic data.

重型车辆（例如卡车和公共汽车）是美国和全球物流的关键要素，通常具有高价值或高风险的货物（例如，爆炸性液体和气体）。 重型车辆通常具有数百个电子控制单元（ECU），它们通过内部网络进行通信以携带命令（例如“制动器”）或共享传感器数据（例如携带石油的加压货物单元温度）。访问通信网络的ECU可以发送他们想要的任何消息。 如果网络或ECU因攻击而受到损害，则卡车或货物容器安全机制可能发生故障。 This project is gathering data from operational trucks to better understand communication among components of heavy vehicles and developing techniques to detect attacks in this environment.The project is working to accomplish three main objectives: (1) Collect representative Controller Area Network (CAN) bus data from operational heavy vehicles, (2) Develop detection systems that can distinguish anomalous CAN bus network traffic, and (3) Test and verify the detection systems to reduce the number of false positives.该团队正在开发日志代数，以使用嵌入式设备有限的资源来有效评估实时罐头流量。在高速公路运行期间，正在从卡车交通中收集数据，从而使机器学习算法用于异常检测。该团队使用针对测试台ECU和现实世界可以交通数据的合成攻击来评估其重型车辆测试中其入侵检测技术的有效性。

项目成果

Secure Controller Area Network Logging

安全控制器局域网日志记录

• DOI: 10.4271/2021-01-0136
• 发表时间: 2021
• 期刊: SAE Technical Paper Series
• 作者: Daily, Jeremy;Van, Duy
• 通讯作者: Van, Duy