Design And Implementation Of Intrusion Detection System For In-vehicle CAN Network

With the rapid development of Internet-connected and intelligent technologies,the connected vehicle has more interfaces to connect with the outside world,which also brings more security risks and more potential network security vulnerabilities.Controller area network(CAN)bus has its own protocol defects and universal use,becoming the preferred target of hacker research and attacks.Many attackers have penetrated into the in-vehicle CAN network through various wired and wireless interfaces to read network communication data and achieve monitoring and control of the network,which seriously threatened the information security and driving safety of vehicles.Therefore,the research on in-vehicle CAN network security has very important significance.To address the problems of insufficient real-time detection and difficult system integration of existing in-vehicle CAN network intrusion detection systems,this paper designs a lightweight online intrusion detection system and carries out offline software simulation of the system,and finally builds a hardware test platform to successfully integrate the intrusion detection system into the in-vehicle CAN gateway.The gateway successfully implemented the online intrusion detection function and also ensured the normal operation of the gateway routing function.The main research in this paper is as follows:1.The security flaws of the in-vehicle CAN network are analyzed from two aspects of the in-vehicle CAN network structure and communication protocol,and the scenario of network attacks by illegal attack devices is focused on.The in-vehicle CAN network attacks are divided into two categories: illegal ID message injection attacks and valid ID message injection attacks.2.The message ID-based intrusion detection algorithm is designed for illegal ID message injection attacks,and the attack messages are filtered and detected at both hardware detection and software detection levels.3.A double-threshold intrusion detection algorithm is designed for valid ID message attacks.The algorithm designs and establishes period thresholds for the normal CAN network communication message data of real vehicles,boundary thresholds for special boundary cases,and double-threshold detection for the time interval of messages.4.A physical test platform has been built and an algorithm integration strategy has been designed.The intrusion detection system has been successfully integrated into the in-vehicle CAN gateway.Finally the accuracy and real-time performance of the intrusion detection system has been tested and verified through Hardware in Loop(HIL)experiments.The HIL experiment results show that the intrusion detection system designed in this thesis has an accuracy rate of 97.95%,a precision rate of 99.74%,and a false alarm rate of 0.06% for the detection of illegal device attacks.The detection delay of the system under the STM32F413 hardware platform is about 6μs,which realizes the online realtime intrusion detection of attack messages.