Author
Satam, ShalakaIssue Date
2022Keywords
anomaly behavior analysisAutonomous vehicles
CAN bus
Cybersecurity
Intrusion detection system
Secure framework
Advisor
Hariri, Salim
Metadata
Show full item recordPublisher
The University of Arizona.Rights
Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction, presentation (such as public display or performance) of protected items is prohibited except with permission of the author.Abstract
The rapid growth of the Internet and Cloud Computing has started a data revolution, with data analytics playing a critical role in all areas, including transportation. Vehicles are increasingly relying on integration of data from an array of sensors (over different communication networks) to perform semi/fully autonomous operations. These vehicles use sensors like onboard cameras, LiDARs, Global Positioning System (GPS) deployed as Engine Control Units (ECUs) communicating over Controller Area Network (CAN) bus. As vehicles become increasingly autonomous, they will increasingly rely on V2X communications, including Vehicle to Vehicle communications, and Vehicle to Infrastructure communications, for information sharing and performing predictive analysis for a faster, safer, and more comfortable ride. However, this increased vehicle automation relying on sensors and communications has exposed them to cyberattacks. Researchers have successfully demonstrated attacks on the latest Jeep Cherokee, Tesla, and Lexus models, by disabling critical safety features in the vehicle, creating fatal accident-causing scenarios. Vehicle manufacturers rely (unsuccessfully) on encryption, obfuscation techniques, and individual intrusion detection systems to detect and prevent cyber-attacks. These approaches fail to secure the vehicles (as showcased in attacks on Tesla and Lexus), as these vehicular attacks are highly complex, where the attacker exploits multiple systems simultaneously. Such complex attacks are very hard to detect, and counter (once detected) as countermeasures taken to prevent the attack has the potential to disable a critical autonomous vehicle subsystem. Thus, there is a need for a security framework that takes into account a holistic perspective of vehicle operations before taking mitigating actions. This dissertation presents an Autonomous Vehicle Security Framework (AVSF) that uses a combination of highly granular anomaly behavior analysis based intrusion detection systems to detect cyberattacks on various vehicle subsystems. The proposed AVSF performs decision fusion of individual threats to obtain a global vehicle impact and risk analysis before taking mitigation actions to stop the cyberattack. To showcase the efficacy of the proposed AVSF, I present a threat model analyzing the potential threats (and attack vectors) targeting autonomous vehicles and present three anomaly-based intrusion detection systems to detect attacks on different components of autonomous vehicles. For the threat modeling process, I present an autonomous vehicle architecture that splits the complex vehicle into four layers: End Devices layers, Intra Vehicle Communications layer, Inter-Vehicle Communications layer, and applications layer. The presented threat model analyzes and rates each threat on every layer in the autonomous vehicle architecture using the DREAD framework. This dissertation presents an Intrusion Detection System to detect attacks on vehicle sensors and actuators (End Devices). This sensor intrusion detection system (IDS) models the sensor's normal behavior using Discrete Wavelet Transform (DWT). The DWT uses Biorthogonal, Daubechie, Coiflets, Discrete Meyer, Reverse Biorthogonal, and Symlets wavelets to model the spatial and temporal features of the sensor. Experimental analysis shows the IDS can detect attacks like Denial-of-Service attacks, Impersonation Attacks, Random signal attacks, and Replay attacks with One-Class SVM, Local Outlier Factor, and Elliptical Envelope. The One-Class SVM performed the best compared to the results of other machine learning techniques. This dissertation presents a second IDS to detect attacks on the Bluetooth Protocol (Inter-Vehicle Networks). This Bluetooth IDS uses an n-gram based approach to create a behavior model for characterizing the normal behavior of the AV using the Bluetooth protocol by monitoring the protocol's state transitions. Attacks on the Bluetooth network are detected using machine learning algorithms like Decision Trees, AdaBoostM1, SVM, Naïve Bayes, Ripper, and Bagging algorithm, with precision up to 99.6% and recall up to 99.6%. Lastly, I present an IDS to detect attacks on CAN-BUS (Intra Vehicle networks). Attacks on the CAN bus are detected using novelty detection algorithms like SVM, Isolation Forest, Local Outlier Factor, and Elliptic Envelope. I also use two class classifiers like SVC, Multilayer perceptron, Decision tree, Random Forest and AdaBoost to classify the data with precision up to 100% and recall up to 100%.Type
textElectronic Dissertation
Degree Name
Ph.D.Degree Level
doctoralDegree Program
Graduate CollegeElectrical & Computer Engineering