Design Of Anomaly Detection System For SOME/IP And DoIP

In order to meet the increasing bandwidth requirements of in-vehicle networks,automotive Ethernet has broad application prospects due to its high bandwidth,low latency,low cost and high technological maturity.Communication protocols based on automotive Ethernet are gradually being implemented in in-vehicle networks.In order to ensure the security of intelligent cars,it is necessary to conduct research and abnormal detection on related communication protocols.The intrusion detection technology is relatively mature and has been applied to the automotive Ethernet by related research.However,there are some shortcomings in the existing detection schemes,such as the confidentiality of some technical details,the low degree of correlation between the design and the protocol specification,which still need to be further improved and perfected.Based on this,combined with the protocol specification,the thesis presents an anomaly detection system for SOME/IP and Do IP.The thesis first briefly introduces the automotive Ethernet technology and the two relatively mature automotive Ethernet protocols,SOME/IP and Do IP,and analyzes the structure and function of the open source intrusion detection system Snort.Then the thesis analyzes the security of the two protocols from the aspects of data integrity,level of standardization and potential vulnerabilities,explains the security measures in the protocol,points out security problems and summarizes abnormal behaviors.Then the overall structure of the system is designed,and the specific processes and implementation methods of the two anomaly detection modules are designed with reference to the security research results.The two detection preprocessors complete the header format,communication mechanism and frequency inspections of protocol messages,as well as the recording and warning of abnormal detection results.The user interface is also designed to realize the management of the whole system and the statistics and view of system’s events.Finally,the thesis builds a test platform for SOME/IP and Do IP anomaly detection system under the Linux operating system,generates offline test cases by simulating protocol communications,then verifies the various functions of the system.The thesis also combines the open source vsomeip framework to test the system’s detection of SOME/IP anomalies.The test results show that the system designed and implemented in the thesis can alert the known anomalies of the two protocols,and the known communication anomalies in the vsomeip framework,thus the design method is feasible and effective.