REACT: Autonomous intrusion response system for intelligent vehicles
Mohammad Hamad, Andreas Finkenzeller, Michael Kühr, Andrew D. Roberts, Olaf Maennel, Vassilis Prevelakis, Sebastian Steinhorst
Abstract
Autonomous and connected vehicles are rapidly evolving, integrating numerous technologies and software. This progress, however, has made them appealing targets for cybersecurity attacks. As the risk of cyber threats escalates with this advancement, the focus is shifting from solely preventing these attacks to also mitigating their impact. Current solutions rely on vehicle security operation centers, where attack information is analyzed before deciding on a response strategy. However, this process can be time-consuming and faces scalability challenges, along with other issues stemming from vehicle connectivity. This paper proposes a dynamic intrusion response system integrated within the vehicle. This system enables the vehicle to respond to a variety of incidents almost instantly, thereby reducing the need for interaction with the vehicle security operation center. The system offers a comprehensive list of potential responses, a methodology for response evaluation, and various response selection methods. The proposed solution was implemented on an embedded platform. Two distinct cyberattack use cases served as the basis for evaluating the system. The evaluation highlights the system’s adaptability, its ability to respond swiftly, its minimal memory footprint, and its capacity for dynamic system parameter adjustments. The proposed solution underscores the necessity and feasibility of incorporating dynamic response mechanisms in smart vehicles. This is a crucial factor in ensuring the safety and resilience of future smart mobility. • In autonomous vehicles, autonomous Intrusion Response Systems will become necessary to react to cyber-attacks. • The selection of optimal countermeasures directly in the vehicle reduces the attack window. • A comprehensive analysis of intrusions and responses is necessary to select optimal countermeasures. • Linear programming with maximum benefit optimization provides effective responses to realistic attacks. • System state evaluation after response execution and dynamic parameter adaption allows optimized responses.