Philipp Meyer: Network Anomaly Detection in Cars

Network Anomaly Detection in Cars based on Time-Sensitive Ingress Control
  • When Sep 09, 2020 from 04:00 pm to 05:00 pm (Europe/Berlin / UTC200)
  • Where
  • Contact Name
  • Add event to calendar iCal

Connected cars need robust protection against network attacks. Network anomaly detection and prevention on board will be particularly fast and reliable when situated on the lowest possible layer. Blocking traffic on a low layer, however, causes severe harm if triggered erroneously by falsely positive alarms.
In this presentation, we introduce and evaluate a concept for detecting anomalous traffic using the ingress control of Time-Sensitive Networking (TSN). We build on the idea that TSN traffic descriptors for in-car network configurations are rigorous, and hence any observed violation should not be a false positive.  e use Software-Defined Networking (SDN) to evaluate anomaly reports, to identify the generating flows, and to ban them from the network. We evaluate our concept by simulating a real-world zonal network topology of a future car. Our findings confirm that abnormally behaving individual flows can indeed be reliably segregated with zero false positives.