Abstract

Modern automobiles are controlled by computers that are increasingly connected to the outside world and therefore vulnerable to cyberattacks. Defending cars against such attacks requires a multifaceted approach to improving security, but the last line of defense is detecting those attacks within the data traffic exchanged by the vehicles controller computers. To identify this malicious traffic, the authors created anomaly detectors using recurrent neural networks and multivariate Markov chains. However, evaluating these detectors is difficult because there are currently few examples of attack traffic. The authors solved this by creating an attack framework that describes automotive cyberattack characteristics, thereby enabling the simulation of attacks and allowing comprehensive testing of our anomaly detectors.