DoS Detection on In-Vehicle Networks: Evaluation on an Experimental Embedded System Platform

Modern vehicles involve engine control units that communicate over multiple in-vehicle networks via a traditional Gateway. In this context, we develop an open, experimental distributed embedded platform that integrates CAN networks of different criticalities, populated with Raspberry Pi 3 nodes and an Odroid XU3 device that acts as the Gateway. During normal operation, a critical CAN (CAN2) emulates engine traffic (i.e., Korean car dataset). In contrast, a non-critical CAN (CAN1) sends packet requests related to the dashboard display (e.g., engine speed, RPM, temperature, airflow, etc.). Responses to these packets are forwarded back to CAN1, forming a request-response path. In our DoS attack scenario, a malicious CAN1 node broadcasts packet requests that are relayed by the Gateway towards CAN2. At the Gateway-level, we detect a DoS attack by monitoring perturbations of system metrics (Cortex-A15 power consumption, temperature gradients, and packet ID frequency) from pre-established thresholds using a sliding window-based cumulative sum approach. Also, we monitor variations of inter-arrival time in the request-response path at the periphery (CAN1). Our results on the experimental automotive platform indicate that frequency count at the Gateway and inter-arrival time at the network periphery are promising techniques for fast and accurate DoS detection using CUSUM. Furthermore, preliminary experimental results indicate that CUSUM is a more precise metric than entropy for detecting DoS.