1 s2.0 S1570870518307091 Main

Ad Hoc Networks 84 (2019) 124–147
Contents lists available at ScienceDirect
Ad Hoc Networks
journal homepage: www.elsevier.com/locate/adhoc
A taxonomy and survey of cyber-physical intrusion detection

approaches for vehicles
George Loukas a,∗, Eirini Karapistoli b, Emmanouil Panaousis c, Panagiotis Sarigiannidis d,
Anatolij Bezemskij a, Tuan Vuong a
a
University of Greenwich, United Kingdom
b
Cyberlens Ltd, Research and Innovation, 10-12 Mulberry Green, Old Harlow, Essex, CM17 0ET, United Kingdom
c
University of Surrey, United Kingdom
d
University of Western Macedonia, Greece
a r t i c l e i n f o a b s t r a c t
Article history: With the growing threat of cyber and cyber-physical attacks against automobiles, drones, ships, driverless
Received 25 March 2018 pods and other vehicles, there is also a growing need for intrusion detection approaches that can facil-
Revised 14 September 2018
itate defence against such threats. Vehicles tend to have limited processing resources and are energy-
Accepted 1 October 2018
constrained. So, any security provision needs to abide by these limitations. At the same time, attacks
Available online 2 October 2018
against vehicles are very rare, often making knowledge-based intrusion detection systems less practical
Keywords: than behaviour-based ones, which is the reverse of what is seen in conventional computing systems.
Vehicles Furthermore, vehicle design and implementation can differ wildly between different types or different
Cyber-physical systems manufacturers, which can lead to intrusion detection designs that are vehicle-specific. Equally impor-
Intrusion detection tantly, vehicles are practically defined by their ability to move, autonomously or not. Movement, as well
Vehicular networks as other physical manifestations of their operation may allow cyber security breaches to lead to physical
VANET
damage, but can also be an opportunity for detection. For example, physical sensing can contribute to
Cyber security
Aircraft
more accurate or more rapid intrusion detection through observation and analysis of physical manifesta-
Unmanned aerial vehicles tions of a security breach. This paper presents a classification and survey of intrusion detection systems
Robotic land vehicles designed and evaluated specifically on vehicles and networks of vehicles. Its aim is to help identify ex-
Automobiles isting techniques that can be adopted in the industry, along with their advantages and disadvantages,
Driverless pods as well as to identify gaps in the literature, which are attractive and highly meaningful areas of future
research.
© 2018 Elsevier B.V. All rights reserved.
1. Introduction surface vessels via Global Positioning System (GPS) spoofing [3],
to overwhelming the lidar sensors of driverless vehicles [4]. Tra-
Cyber-physical attacks are breaches in cyber space that have an ditional approaches designed for conventional computing systems,
adverse effect in physical space [1]. Vehicles constitute attractive enterprise networks and the Internet at large are not always the
targets for such attacks primarily because of their mobility in phys- most appropriate in this context. Research on cyber security of
ical space. Beyond the impact on physical privacy or driver incon- vehicles has focused primarily on cryptography as a means for pre-
venience through fraudulent warnings, in extreme cases a remotely venting integrity and confidentiality threats, such as unauthorised
hijacked car can be steered off the road, a drone can be flown into unlocking of a vehicle or eavesdropping on the video streamed by
a crowd, and a driverless military vehicle can be directed to en- unmanned aerial vehicles (UAVs). As the attack surface for vehi-
emy lines to be captured. Examples of attacks documented in the cles becomes larger and more diverse, it is becoming less practi-
literature range from compromising a car’s in-vehicle network via cal to assume that prevention mechanisms are sufficient, and re-
malware-infected audio files [2], and hijacking the navigation of searchers are turning towards intrusion detection systems (IDSs)
designed specifically for vehicles.
In this paper, we make the following contributions:
∗
Corresponding author at: University of Greenwich, Old Royal Naval College, Lon-
don SE109LS, UK
E-mail addresses: [email protected] (G. Loukas), [email protected] • We present the first taxonomy of IDS characteristics and archi-
(E. Karapistoli). tectures designed for vehicles
https://doi.org/10.1016/j.adhoc.2018.10.002
1570-8705/© 2018 Elsevier B.V. All rights reserved.
G. Loukas et al. / Ad Hoc Networks 84 (2019) 124–147 125
• We produce the first systematic review of the broad landscape precision of the binary classification and, in more detail, by the
of IDS techniques designed for vehicles, with 66 techniques re- confusion matrix of true positive, true negative, false positive and
viewed in total false negative rates. Contrary to conventional computer networks,
• We identify open issues in developing IDS for vehicles where for cyber-physical systems and especially vehicles, an additional
further research can have considerable impact meaningful metric is detection latency, which is the time it takes
the IDS to correctly detect an attack. The specific design of an IDS
The adoption of computing in a diverse range of applications for vehicles depends on a number of factors, which are detailed in
has led to a similarly diverse range of related surveys, with Modi the following subsections.
et al. [5] specialising in threats to cloud computing, Mitchell and
Chen in wireless networks [6], and Butun et al. [7] in sensor net-
works. Other surveys have addressed different IDS from the an- 2.1. Vehicle application
gle of the technique used, with recent examples focusing on the
use of machine learning and data mining [8] and deep learning Vehicle architectures tend to differ as much as vehicle applica-
[9]. These surveys have not looked at techniques designed for ve- tions. For some, the differences are only in the name. Others dif-
hicles, but rather generalist computer networks. An exception is fer dramatically in terms of communication, sensing and actuation
the 2014 survey and taxonomy of IDS for cyber-physical systems technologies. The degree and nature of automation also plays an
by Mitchell and Chen [10], which, however, was published before increasingly significant role, especially in differentiating between
attacks against vehicles became the vibrant area for research that it the intrusion detection needs and possible architectures for remote
now is, and as a result, before the recent influx of IDS techniques control vehicles, connected cars, driverless cars, robotic cars, robo-
proposed specifically for vehicles. So, it included only three rele- cabs, robotrucks, podcars, deliverbots, driverless platoons, remote-
vant examples. Two more recent surveys are the works of Sakiz controlled UAV, fully autonomous UAV and other highly overlap-
and Sen [11], who have focused specifically on vehicular ad hoc ping vehicle types. For example, the IDS of a driverless car may
networks comprising smart vehicles and roadside units, and Thing have to rely on data collected on board or through interaction with
and Wu [12], who have included intrusion detection in their tax- a smart infrastructure or other driverless cars in the vicinity, while
onomy of attacks and defences for autonomous vehicles. a driverless platoon may also have the opportunity to distribute
Here, we expand the scope beyond a specific type of vehicle the processing load or share threat data between its vehicles. A
or existence of a supporting network infrastructure, and produce a fully autonomous UAV may need to take defence decisions com-
comprehensive taxonomy of IDS for vehicles, whether they operate pletely on its own, while for a remote-controlled one, it may be
individually or as parts of groups, and whether in land, sea or air. sufficient to collect data and visualise the threat picture to the
We place particular emphasis on the practicality of each proposed user piloting it. So, what is meaningful in terms of detection de-
IDS, not only from the perspective of the technique used and the pends first on the type of vehicle application, as defined by the
types of attacks it has been tested on, but also regarding the con- degree of automation, its proximity to other vehicles or infrastruc-
ceptual IDS architecture it can support and crucially how ready it ture, and whether there are human users involved as passengers
is for adoption or further development. In the next sections, we or as drivers/pilots.
start with a brief description of the key aspects of an IDS and then
the factors affecting IDS design before presenting our taxonomy of 2.2. Processing and energy constraints
vehicle IDS characteristics and design architectures. We continue
with a brief description of the different cyber attacks considered For a severely resource-constrained vehicle, such as a small
to date and with the main body of this work, which is the survey UAV, collecting security-relevant data may be prohibitive alto-
of different techniques for single vehicles and networks of vehi- gether, and even if the data can be collected, there may not be
cles, classified based on the taxonomy criteria. This is followed by sufficient power to perform meaningful processing of that data lo-
lessons learned and open issues that can be attractive areas of re- cally. For most vehicles, energy efficiency is a priority, whether be-
search. cause it can otherwise not achieve its mission (a reconnaissance
UAV will not loiter long enough over its target area) or because its
2. Factors affecting IDS design in vehicles potential buyer wishes to reduce the cost of fuel or damage to the
environment (today’s car commercials almost invariably emphasise
An IDS is a software or a physical device monitoring a sys- on the miles per gallon achieved). For a security measure to be
tem with the purpose to detect signs of attempts to compromise integrated in a vehicle, it is often a requirement that it will not
the integrity, confidentiality or availability of one or more of its noticeably affect the energy consumption.
resources, which may be important vehicle data, a vehicle’s sub-
system or an internal or external network. The assumption of its 2.3. Nature of cyber risk
existence is that intrusion prevention measures are not always suc-
cessful and as such, some attacks against a system (here, a vehi- Hijacking a deliverbot may cause inconvenience and may have
cle) do go through. The job of the IDS is to detect them when this financial cost, but is unlikely to cause mass physical damage. A hi-
is the case and accordingly inform an administrator or trigger an jacked driverless platoon, on the other hand, would. The perceived
appropriate countermeasure. In its simplest form, an IDS should risk in terms of the likelihood and potential impact of different at-
include data collection and aggregation components for monitor- tacks on a vehicle influences the configuration of its IDS. In this
ing a variety of often heterogeneous sources of data (referred to as example, the deliverbot might not need an IDS at all, especially
the “audit features”) that are relevant to the security of the vehi- considering the increase in financial, energy and processing cost, or
cle at hand, and a reasoning component for determining whether may have one that is lightweight and prioritises having a low false
the vehicle is currently under attack. The latter is typically a bi- positive rate even if that meant missing a few attacks. In contrast,
nary classification problem (attack vs. normal) and more rarely a a driverless platoon would certainly need an IDS, in addition with
multiclass classification problem when the aim is not only to de- other security measures, and would tolerate a few false positives
tect the existence of an attack, but also to identify its type. In the if that meant achieving a very high true positive rate. Minimising
vast majority of IDS solutions found in the literature, the aim has detection latency would also be a very important target, because
been to achieve correct detection as evaluated by the accuracy and delaying the detection of an attack that would hijack a critical sys-
126 G. Loukas et al. / Ad Hoc Networks 84 (2019) 124–147
Fig. 1. Taxonomy of IDS for vehicles.
tem, such as steering or braking, by a few seconds could be disas- dit type. Knowledge-based approaches assume that a vehicle is
trous. likely to be attacked in a manner that has been seen before and
as such, it makes sense to look for signatures of known attacks,
3. A taxonomy of vehicle IDS characteristics perhaps in the patterns of network traffic received or the impact
on the operation of the vehicle. This works very well in IDSs de-
Different vehicular systems tend to be most vulnerable to differ- signed for computer networks, as vast dictionaries of attack sig-
ent types of attacks, which in turn may lead to different audit ap- natures exist, but is not necessarily the case for vehicles, which
proaches, types and features for these attacks to be detected. Note can differ considerably between them and attacks against them are
that the taxonomy presented here (Fig. 1) is not exhaustive of all still extremely rare. Importantly, knowledge-based IDSs cannot nat-
the possible approaches, but rather a taxonomy of the approaches urally detect zero-day threats. Here, behaviour-based approaches
that have been proposed in the literature. have an advantage. Instead of knowing what an attack looks like,
A key characteristic of a vehicular IDS is the deployment lo- they know what the normal state looks like, and assume that sig-
cation, i.e., whether it is deployed onboard the vehicle or exter- nificant deviation from this normal state is sign of an intrusion.
nally. Local onboard deployment means that the vehicle can only The problem here is that what is normal cannot often be deter-
use the information collected on that vehicle and is limited to its mined accurately and also that not all deviations are of malicious
own processing power. The process of continuously trying to self- nature. As a result, behaviour-based approaches can exhibit high
detect attacks against itself can noticeably affect its performance false positive rates [10]. A particular subtype is behaviour specifi-
and energy consumption. For this reason, most local onboard IDS cation [10], where what is normal is determined by identifying the
approaches tend to be lightweight. In vehicular networks, where complete set of normal states of a vehicle based on its specifica-
there is the opportunity for multiple vehicles to collaborate with tion and checking whether the vehicle is not in one of these states.
each other, the data collection and processing can be shared be- Where choosing an only behaviour-based or only knowledge-based
tween them and the detection decisions can be taken in a dis- approach is impractical or ineffective, researchers have suggested
tributed manner. Where the vehicle itself is not powerful enough hybrid approaches, which combine the two.
to perform meaningful IDS onboard and there is no opportunity for Interestingly, in terms of audit features, when designing IDS
collaboration with other vehicles, then the IDS can be run exter- for vehicles and other cyber-physical systems, one does not need
nally, for example by the computing system of a human operator to be limited to cyber sources of data, such as those related to
controlling the vehicle remotely or by offloading the IDS processing network traffic or computation, but can also make use of phys-
to a remote cloud infrastructure [13]. ical sources of data, as monitored by the vehicle’s own sensors,
Naturally, it is the area of application in the form of category such as physical speed or energy consumption. The range of data
of vehicle that dictates the IDS requirements. The majority of the available influences the audit technique utilised, which is usually
published research focuses on aircraft, robotic vehicles and au- based on statistical and machine learning techniques (we referred
tomobiles, exhibiting varying degree of autonomy, from conven- to both as learning), as well as by checking whether particular
tional aircraft and automobiles, to semi-autonomous robotic rescue specified (rather than automatically learned) rules are satisfied or
vehicles, and fully autonomous UAVs and driverless cars, which op- broken, especially for behaviour-specification approaches. This also
erate in a mode of operation that can be as single vehicles or in depends on the expected types of attacks targeting a particular
vehicular networks. Note that by the latter we refer to a network vehicle. Here, attacks targeting integrity and availability can lead
of any type of vehicle, not only automobiles in the context of in- to serious physical damage, and as such the research community
telligent transportation. has prioritised them over attacks that target confidentiality.
The next key characteristic is whether it is more important to An important goal of this work is to help researchers and de-
detect attacks that have been seen before or attacks that are com- velopers of vehicles choose or improve on existing approaches. For
pletely new (zero-day threats). Here, the research community has this reason, we place particular emphasis on the evaluation ap-
largely settled in terms of knowledge-based versus behaviour-based proach (analytical, simulation or experimental) used for each pro-
approaches [10]. We refer to this category in the taxonomy as au-
Fig. 2. Aggregate view of the IDS architectural components that can be considered.
Table 1
Indicative levels of technological maturity of IDS for vehicles.
TRL Description
1 Basic IDS model in the form of mathematical formulations or

algorithms
2 IDS model evaluated via analytical predictions or early simulation
results
3 The IDS model has been evaluated in accurate simulation of vehicle
states and attack mechanisms, possibly using data from real vehicles
4 A prototype IDS has been implemented, partially integrated in a real
vehicle and evaluated against a small number of laboratory attacks on Fig. 3. Conceptual architecture of onboard self-detection.
the vehicle
5 The prototype IDS has been integrated in a real vehicle and evaluated
in high-fidelity experimental laboratory conditions
6 The prototype IDS has been integrated in a real vehicle and thoroughly
evaluated in relevant environment conditions (air, land, sea)
7 The prototype IDS has been demonstrated in a real vehicle and in
realistic operation/missions against a wide range of attacks
8 The system development of the IDS has been completed
9 Bug fixing has completed and the IDS is ready for
deployment/production
Fig. 4. Conceptual architecture of collaborative detection.
posed IDS, as well as the resulting technology readiness level (TRL)

at the time of publication. We use the TRL system for assessing the need network connectivity to recognise that it has been infected
maturity of different technologies proposed by Mankins in 1995 by malware or compromised otherwise, and the detection latency
[14], as adopted by U.S. government agencies and with minor vari- does not depend on the performance or reliability of the network.
ations by many other countries across the world, as well as the Eu- It may also be a more secure approach for intrusion detection, be-
ropean Union. For clarity, we have translated the generic TRL defi- cause it does not involve sharing security-sensitive data over an
nitions into indicative characteristics of IDSs for vehicles in Table 1. external communication medium. The key disadvantage is that the
complexity of the reasoning approach used is limited by the on-
3.1. IDS design architecture board data collection and processing capabilities.
The factors identified in Section 2 influence directly the choice 3.1.2. Collaborative detection
of architecture to be adopted. Fig. 2 summarises the conceptual el- In some application areas, such as platoons of driverless trucks
ements of an IDS architecture for vehicular systems. Note that this [16] or UAV swarms used in urban sensing [17], a vehicle may op-
is an aggregate view of all elements considered and that. There is erate as part of a network, where it can share the task of detection
no single proposed IDS that includes all and there may not need with other nodes (Fig. 4) [18] or carry out the detection for one of
to be. Also, note that the use of the image of a car rather than any its neighbours, assuming a “monitor node” role [19]. For example,
other type of vehicle is for presentation reasons only. Below, we it may ask other nodes to report whether it seems to be veering
summarise the main examples of architectures that can be derived off a route or it may participate in voting on whether another ve-
and have been used in the literature. hicle seems to be misbehaving. Research here benefits considerably
from prior work in other areas of distributed computing, such as
3.1.1. Onboard self-detection security in wireless sensor networks. The key advantage of collab-
In the conceptually simplest and often most desirable case, the orative detection is that it can help detect threats that are invisible
vehicle can self-detect threats against it based on onboard data to a particular vehicle and usually without considerable processing
collection, aggregation and reasoning (Fig. 3) [15]. The advantage load or the need to monitor many sources of data on each vehi-
of relying only on its own capabilities is that the vehicle does not cle. The key disadvantages are that other nodes cannot always be
for evaluation of IDS systems for vehicles. Note that this is not a
complete a list of all attacks that are possible or that have been
demonstrated against vehicles or vehicular networks. For a more
general list, albeit not specific to intrusion detection evaluation, the
interested reader can refer to [22].
5. Intrusion detection approaches by type of vehicle
In this section, we survey and classify the individual IDSs re-

ported in the literature, grouped in subsections based on the type
of vehicle they have been designed for, starting in each subsection
with individual vehicles here and extending to networks of vehi-
Fig. 5. Conceptual architecture of offloaded detection. cles. Below the description of each IDS, we include a bullet-point
summary based on the taxonomy of Section 3. To the extent that
this is possible based on only published information, we provide
trusted and some types of cyber threats may leave no trace that an estimate of the TRL of each IDS to give the reader an idea of
can be observed from outside the targeted vehicle. the maturity of the approach. For each type, we have produced a
table summarising the characteristics of the IDS approaches pro-
3.1.3. Offloaded detection posed and evaluated for it.
If being able to self-detect threats is not a requirement and col-
laboration with neighbouring nodes is not an option, then it may
5.1. Aircraft
be efficient to offload the detection process onto a remote service
(Fig. 5), as in [13]. A key benefit is that access to a more powerful
Aircraft depend on a variety of types of communication both
system (e.g., a cloud) means access to more powerful algorithms
for navigation and safety. For example, a very useful technol-
for intrusion detection, for example based on deep learning, which
ogy for air traffic management and safety is Automatic Depen-
may otherwise be prohibitive for a resource-constrained vehicle.
dent Surveillance-Broadcast (ADS-B). Using ADS-B, aircraft deter-
More powerful algorithms lead to lower false positive rates of de-
mine their position and broadcast it together with other situational
tection (thus, less potential disruption because of incorrect detec-
data, so that they are received by air traffic control ground stations
tion) and lower false negative rates. Offloading can also have ben-
as well as other aircraft, in this way supporting self-separation.
efits in terms of energy consumption and even detection latency,
ADS-B messages are unencrypted and unauthenticated, which the
but the latter depends on the reliability of the network supporting
Federal Aviation Administration considers to be necessary due to
it. If the network is reliable and fast enough, then sending all data
operational requirements [62]. As a result, a malicious user can
to a cloud and waiting to receive back the detection result may
generate fraudulent ADS-B messages to severely compromise the
be faster than doing all this with the limited resources available
safety of the aircraft, especially in less dense airspaces where it
onboard the vehicle. Also, the longer the task of processing data
may be the only means of air traffic surveillance.
onboard, the greater the energy consumption for the vehicle.
Lauf et al. [57] were the first to consider ADS-B data in intru-
On the other hand, offloading a cyber security task can be
sion detection. Their system, HybrIDS, has been designed gener-
challenging by itself. It requires access to a remote infrastructure,
ally for distributed detection in ad hoc networks, and uses inte-
which may be expensive to own or rent. If the network is too slow,
ger labelling with associated probabilities to define a probability
detection latency can increase beyond what is acceptable. More
density function of the data request interactions between nodes. It
importantly, the purpose of offloading a security task, such as in-
has been adapted to take into account ADS-B data. To be appropri-
trusion detection, is defeated if this process cannot be carried out
ate for resource-constrained devices, it does not take into account
securely enough, especially as the vehicle needs to communicate
the actual content, but only the type of request (e.g., “Request Al-
security-sensitive data about its operation over a wireless medium
titude” or “Request Velocity”). It first detects single intruders by
or to a third party cloud provider.
analysing peaks in the probability density function from statistics
generated from requests made by other nodes, assuming that a lo-
4. Security threats cal maximum in a normalised distribution indicates misbehaviour.
In a second phase, it uses cross-correlation between different nodes’
In summarising attacks against in-vehicle networks of automo- behaviours to detect potentially cooperating intruders. However,
biles, Liu et al. [20] have emphasised that frame sniffing can be applying this approach assumes a modification of ADS-B to in-
the foundation of most if not all other attacks (e.g., frame falsify- clude an extended list of data transmitted as well as, in addition
ing, frame injection, replay and denial of service attack, etc.). This to broadcast, a provision for direct data requests between aircraft,
is also how Koscher et al. started their analysis in [21], which led which at the moment is not the case.
to the identification of the valid CAN frames in the automobile
they used as testbed. Then, they used fuzz testing (fuzzing), which • Scope (S): Aircraft using ADS-B
is the process of creating CAN frames with all possible combina- • Deployment / design architecture (D/DA): Onboard (local or dis-
tions of bits in the command fields, and observing the physical tributed)/ Onboard self-detection
impact on the automobile. However, in intrusion detection, the as- • Audit type / technique (AT/T): Behaviour / (Learning) Deviation
sumption is that this type of confidentiality breach for the purpose from local maxima and cross-correlation
of reverse-engineering has already happened (e.g., the attacker al- • Audit features (AF): (Cyber) Type of ADS-B request
ready knows what frame does what), and as a result, most IDS pa- • Attacks addressed (AA): (Integrity) Fraudulent ADS-B messages
pers focus almost exclusively on attacks targeting the integrity or • Evaluation approach (EA): (Simulation) Matlab simulation of
availability of a vehicle’s computing systems that control its actua- mission data and (Experimental) evaluation of embedded sys-
tion while in operation. Table 2 presents a summary of the secu- tem implementation
rity threats that have been considered in the literature specifically • TRL: 2
Table 2
Indicative security threats used for evaluation of IDS for vehicles.
Attack Description References
Wormhole Force a node to transmit its data through a rogue tunnel by pretending to be [23–25]
the shortest and authentic route
Blackhole Compromise a node to drop all packets travelling through it without informing [23,25–28]
their sources
Greyhole Compromise a node to selectively drop some packets travelling through it [29],[28],[27]
without informing their sources
Rushing attack Flood a network with malicious messages so that they are delivered before a [29]
legitimate message is received and acknowledged
Sybil Attack Generate multiple pseudo-identities in a vehicular network that relies on a [24,25], [27]
reputation system for assessing reliability of information
Denial of Service Disrupt communication typically by overwhelming the network with large [26,27,30–35],
(incl. message volumes of meaningless or false data, such as fake alert messages about road [36,37]
flooding) accidents and congestion
Bus-off attack Exploit the error-handling scheme of in-vehicle networks, by deceiving an [38]
uncompromised ECU into thinking it is defective, and eventually forcing itself
or even the whole network to shut down
Message Distortion Generate distorted reliability message in a vehicular network and activate [39]
distribution of this message to a neighbouring vehicle
Timing attack An integrity attack that alters message timeslots [40]
Replay attack A valid data transmission, such as a command or a sensor reading, is recorded [15,41–44]
and maliciously repeated at a later point.
Command Injection Request execution of existing command with malicious intent, typically to [15,30–32]
affect actuation
Impersonation (or An adversary assumes successfully the identity of one of the legitimate nodes [36,41,44–49]
masquerade or in the vehicular network
spoofing) attack
Packet Duplication Transmit unnecessary network messages to exhaust bandwidth or trigger [23–25]
unnecessary processing
Selective Forwarding Retransmit data selectively in a vehicular network [23–25]
GPS Jamming Jam legitimate GPS signals; possibly followed by GPS spoofing [28]
GPS Spoofing Transmit false GPS signals to disrupt or hijack navigation of a GPS-dependent [28]
vehicle, such as a UAV
Fuzzing (Fuzz testing) Send random messages to the in-vehicle network to trigger critical instructions [21]
in a brute force manner)
False Data Injection Transmit false data to trigger malicious events or affect [28]
situational/environmental awareness
False Information Transmit false data, e.g. a reputation score, to affect a collaborative process in [28,50]
Dissemination a network
Location Spoofing Share false location coordinates within a vehicular network [39]
Malware Infect vehicle with malicious software/firmware by compromising supply chain [19,30,51–53]
or hijacking an update
Resource exhaustion Exhaust a vehicle’s battery/fuel, network, processing or other resource by [23–25]
attack repeating requests, infecting with malware, etc.
Ranging Share incorrect time tags within a vehicular network to disrupt a vehicle’s [39]
Manipulation ranging capabilities
Sensory channel Manipulate the physical environment so as to deceive a vehicle’s critical [4,46,54,55]
attack sensors, such as lidar or cameras used by driverless vehicles
Adversarial machine Maliciously craft input data to sensors specifically aiming to affect its machine [56]
learning attack on learning policies
driverless vehicle
Hardware Tampering Tamper with hardware or gain physical access to modify/damage components [51]
or infect with malware
Hardware Failure Physical damage or natural degradation of a vehicle’s components [51]
Fraudulent ADS-B Transmit false ADS-B messages to affect aircraft safety [57], [58]
Messages
AIS spoofing Transmit false AIS signals to impede vessel tracking [59–61]
Isolation attack Isolate a node from a network by dropping all messages going to or coming [41]
from it
Also for ADS-B, Strohmeier et al. [58] have used statistics re- RSS can be divided into two time series of rather different values.
lated to the received signal strength (RSS) as the only audit fea- A less sophisticated ADS-B spoofer would use only one antenna
tures, with the assumption that the RSS of spoofed ADS-B signals and would be unlikely to mimic this behaviour. Anomaly detection
coming from an attacker on the ground would differ to signals based on RSS measurements was shown to perform well with a
coming from aircraft. The authors have used standard statistical hy- variety of standard classifiers, including Parzen, K-Means, Minimax,
pothesis testing, where the detection system judges the probabil- Minimum Spanning Tree and K-Nearest Neighbours, with Parzen’s
ity that a collected RSS sample comes from a legitimate aircraft. false negatives dropping below 2% when the messages per flight
Pearson Correlation Coefficient can be used to test the veracity of exceed 100. To evade it, an attacker on the ground would need
the distance claimed via the ADS-B message against the RSS. Au- to put extraordinary effort to mimic accurately the statistical be-
tocorrelation Coefficient can then help identify repeated RSS pat- haviour of legitimate RSS signals.
terns, and hence, attackers that are stationary or do not adapt
their sending strength. Also, legitimate ADS-B users use two differ- • S: Aircraft using ADS-B
ent antennas transmitting alternatingly. So, a legitimate aircraft’s • D/DA: Onboard (local) / Onboard self-detection
• AT/T: Behaviour / (Learning) Five standard classifiers applied on • AA: (Integrity) Tampered hardware, hardware failures, suspi-
Pearson correlation coefficient and autocorrelation coefficient of cious flight control behaviour
the RSS • EA: Simulation enhanced in a hardware-in-the-loop fashion
• AF: (Physical) ADS-B RSS • TRL: 3
• AA: (Integrity) Fraudulent ADS-B messages
The same authors [54] have also argued that instead of look-
• EA: (Simulation) Attacks simulated in Matlab based on (Experi-
ing at flight data in isolation it is preferable to learn to identify
mental) crowdsourced ADS-B data (OpenSky Network)
the events that correspond to them. For example, aggregating from
• TRL: 3
several data points can help identify the elementary event “sharp
Differing considerably to manned aircraft, UAVs pose consid- left turn”, and then detecting “incline” and “turn” can merge into
erable challenges to national aviation authorities. In response to the more complex “spiralling upward” event, and so forth, up to
recommendations for information security controls introduced by the definition of the UAV’s mission. Then, detecting misbehaviour
the Federal Aviation Administration in the United States, Schu- is a matter of checking to what extent the events identified in real-
mann et al. [53] have set reliability, responsiveness and unobtru- time deviate from the flight plan specified beforehand, in terms of
siveness as the key goals of R2U2, their on-board security monitor- both UAV states and timings. The authors’ simulation results ex-
ing framework. R2U2 aims to detect attacks in real-time by mon- hibited no false positives in the conditions evaluated, but the false
itoring traffic on the flight computer and communication buses, negative rate increased considerably as the wind increased (from
including inputs from the GPS, the ground control station, sensor 3.3% without wind up to 14.4% for 10 m/s wind). Also, there was no
readings, actuator outputs, and flight software status. In terms of provision for telling whether the UAV’s misbehaviour were because
attacks, it looks for ill-formatted and illegal commands, dangerous of a cyber attack, unreliable sensor reading or other hardware fail-
commands that should not be run in-flight (e.g., “Reset Flight Soft- ure. The simulation was based on the JSBSim flight simulator, an
ware”), nonsensical or repeated navigation commands, and tran- ArduPlane autopilot and software in the loop model, the Mission-
sients in GPS signals. It also monitors system behaviour, including Planner ground control station, the FlightGear visualisation system,
oscillations of the aircraft around any of its axes, deviation from and the authors’ own Flight Analysis Engine.
the flight path, sudden changes or consistent drifts of sensor read- • S: Semi or fully-autonomous UAV
ings, as well as memory leaks, real-time failures and other un- • D/DA: Onboard (local) or external / Onboard self-detection or
usual software behaviour. The observations for each of these fea- offloaded detection
tures are fed into a Bayesian network engine which determines the • AT/T: (Hybrid) Knowledge-based identification of current state
likelihood of different attack scenarios based on prior experiments. and behaviour specification based checking against specified
To minimise the overhead, R2U2 has been implemented on a re- flight plan / (Learning) Identification of current state, and (Rule-
configurable field-programmable gate array. Performance evalua- based) deviation from specified flight plan
tion on a NASA DragonEye UAV has produced promising results in • AF: (Physical) Roll, pitch, yaw, aileron, rudder, elevator, throttle
detecting GPS spoofing, denial of service and malicious command • AA: Unspecified
injection. • EA: Simulation
• TRL: 3
• S: Semi or fully-autonomous UAV
• D/DA: Onboard (local) / Onboard self-detection Aircraft exhibiting full autonomy, such as UAVs, rely almost en-
• AT/T: Behaviour / (Learning) Bayesian Network tirely on the correctness of the GPS signal and their sensing ca-
• AF: (Cyber) Ill-formatted, nonsensical, repeated or dangerous pabilities. Along these lines, Muniraj and Farhood [63] have pro-
commands, memory leaks and other unusual software be- posed a framework for self-detecting GPS spoofing attacks onboard
haviour, (Physical) oscillations, deviation from flight path, sud- a UAV, using three anomaly detectors, based on the sequential
den changes in sensor readings probability ratio test, the cumulative sum, and binary hypothesis
• AA: (Integrity) Command injection, GPS spoofing, (Availability) testing. To minimise the effect of uncertainties on detection ac-
denial of service, GPS jamming curacy, any attack indicators identified are fed to a Bayesian net-
• EA: Experimental work. The initial learning for the anomaly detectors was developed
• TRL: 5 based on a simulation dataset but can be re-tuned based on data
from flight tests to improve their accuracy. The key assumption is
In the same space, Birnbaum et al. [51] have focused on ad- that the sensors of the UAV that require no external input are not
dressing hardware failure, malicious hardware and attacks against vulnerable to malicious interference and can be trusted, in con-
the flight control computer of a UAV. Their approach monitors fea- trast to GPS which cannot be trusted because it depends on an
tures that allow both mechanical degradation and cyber attacks external signal. The IDS uses attack signatures, which correspond
affecting flight control by identifying and tracking flight dynam- to abnormal behaviour in the time evolution of measurements on
ics. The technique followed uses the recursive least squares statis- the trusted sensors, as well as anomaly detection using residuals
tical method to estimate actual UAV airframe and control parame- based on GPS data and the output of a state estimator (an Ex-
ter values, so as to then compare against corresponding nominal tended Kalman Filter). The effectiveness of the approach has been
values specified beforehand. The feasibility of the approach was assessed on a small fixed-wing UAV subjected to two types of GPS
demonstrated in a hardware-in-the-loop fashion using the Ardu- spoofing (with constant bias and with linearly increasing bias on
Plane open source flight simulation platform flashed on an Ar- the latitude measurements) in the presence of a variety of exoge-
duino micro controller board for the plane autopilot system, and nous disturbances. The IDS was evaluated based on the data col-
the Flight Gear open source simulator for the generation of the lected during the flights, but was not at the time implemented to
flight data. run itself on the actual UAV.
• S: Semi or fully-autonomous UAV • S: Fully-autonomous UAV
• D/DA: Onboard (local) or external / Onboard self-detection or • D/DA: Onboard (local) / Onboard self-detection
offloaded detection • AT/T: Hybrid / (Learning) Sequential probability ratio test, cu-
• AT/T: Behaviour specification / Rule-based mulative sum and binary hypothesis testing, and a Bayesian
• AF: (Physical) Roll, pitch, yaw, aileron, rudder, elevator, throttle network
• AF: (Physical) Body-axis velocities, angular rates, attitude an- different environmental conditions. It also assumes that there is a
gles, position and altitude “monitor node” in the vicinity, which observes the UAV at hand
• AA: (Integrity) GPS spoofing and runs its IDS externally.
• EA: (Simulation) Attacks simulated using mathematical model,
but based on actual flight data previously gathered on a fixed- • S: Semi or fully-autonomous UAV network
wing UAV • D/DA: External / Collaborative
• TRL: 4 • AT/T: Behaviour specification / Rule-based
• AF: (Physical) 18 features, including altitude, rudder, destina-
One of the attractive benefits of using UAVs in a wide range of
tion, bank, pitch, yaw etc.
applications is that they can operate in teams, communicating with
• AA: Attacks affecting confidentiality (e.g., mission data exfiltra-
each other and sharing airspace according to predefined rules, for
tion) and integrity (e.g., unauthorised actuation and wasting en-
example to maximise coverage or to avoid collisions. In the case
ergy to decrease endurance).
of collision avoidance, there can be interaction rules, such as “turn
• EA: Simulation
left”. The problem here is that a member of the team may misbe-
• TRL: 3
have, in the sense that it will not abide by such interaction rules,
and the rest of the UAVs will need to detect this misbehaviour Sedjelmaci et al. [28] have focused on civilian applications
in time. Martini et al. [18] have worked on this challenge assum- where UAVs explore an isolated zone to collect and transmit crit-
ing the constraint that there can be no centralised mechanism for ical information to a ground station for analysis and decision
misbehaviour detection. Instead, the UAVs need to collaborate with processing. They have proposed a hierarchical intrusion detection
each other, in this case using a Boolean consensus protocol, where scheme, which relies on two IDS mechanisms, one running at
each UAV relies not only on its own sensors, but also on data the UAV node level, and one running at the ground station level.
shared by its neighbours to predict the allowed trajectories that The scheme combines knowledge (rule-based for each attack, run-
another UAV should follow if it abides by the agreed interaction ning on each UAV) with behaviour-based detection (running at the
rules. If it does not, then the other UAVs should detect it by notic- ground station and based on support vector machines), with the
ing that its actual trajectory is among the ones predicted for it, and aim to categorise each monitored UAV as normal, suspect, abnor-
thus labelling it as uncooperative. The researchers have evaluated mal, or malicious. Monitoring can be in promiscuous mode, where
this method on a network of four UAVs (two real and two simu- a UAV acting as detection agent can hear all traffic within radio
lated), where one was uncooperative. Providing an implementation range and can observe UAVs traversing, and additionally in mu-
on an actual UAV network is very useful, even if two UAVs were tual monitoring mode, where each UAV monitors its neighbours.
virtual, but the evaluation has not taken into account different en- The authors have shown that their hierarchical scheme can out-
vironmental conditions, percentages of uncooperative UAVs or re- perform a fully distributed one, where ground stations are not in-
alistic network conditions, which may not allow one-hop commu- volved, and does not incur considerable communication overhead.
nication between any pair of UAVs and at any time. In their evaluation, which was based on NS-3 simulation, the false
• S: Autonomous UAV Network positive rate was consistently below 4%. The particular work has
• D/DA: Onboard (distributed) / Collaborative been extended in [25], where the focus was on the optimal next
• AT/T: Behaviour / Rule-based steps following detection, ejecting any node that is anticipated to
• AF: (Physical) Onboard sensor data commence an attack. Misbehaviour can be permanent if the node
• AA: (Integrity) Malicious tampering of flight control is always considered malicious, or transitory, where the node is
• EA: Experimental considered malicious if the rate of switching into malicious mode
• TRL: 4 is higher than the rate of switching to a normal mode. Whether
a UAV node is ejected depends on the expected accuracy of the
An interesting alternative approach is to use behaviour spec-
detection and the networking overhead that will be incurred, as
ification, such as in the work of Mitchell and Chen [52], which
addressed using game theory to optimally activate monitoring (not
uses a behaviour rule state machine. Some of the attack states
all UAVs perform monitoring) and optimally eject attackers (not all
utilised were “weapons being armed while not in the target lo-
detected attackers are ejected) before they damage the network,
cation”, “thrust being over a threshold while in loitering mode”,
subject to resource constraints of other network nodes.
“gear being deployed while not near the airbase”, “destination not
belonging to a whitelist”, etc. Using a modest range of values for • S: Autonomous UAV network
each audit feature (e.g., only thrust being low, medium or high), • D/DA: External and onboard (distributed) / Collaborative
the state machine produced consisted of 165 safe and 4443 un- • AT/T: (Hybrid) Knowledge-based at UAV level and behaviour-
safe states, with probabilities assigned for getting from one state based at ground station level / Rule-based combined with
to another. Then, each state was binary graded as completely safe learning (support vector machines)
or completely unsafe, and the measure of compliance to each be- • AF: (Physical) GPS Signal strength, consistency between neigh-
haviour rule was defined as the proportion of time being in safe bours’ sensor value reports, (Cyber) number of packets sent,
states. The technique for deciding whether there is an attack or number of packets dropped, jitter, packet round trip time, and
not was based on maximum likelihood. In their simulation, the false each UAV’s history as detection agent
positive rate was 7.39% and the false negative rate varied from be- • AA: (Integrity) False information dissemination, GPS spoofing,
low 0.001 up to 44.3% depending on the sophistication of the at- (Availability) jamming, and black/greyhole attacks
tacker, as represented by a random attack probability parameter. • EA: Simulation
This work was extended in [19], which emphasised on the flexibil- • TRL: 3
ity of the approach on aiming for low false positives if targeted by
low-impact attacks or low false negatives if targeted by more so- Table 3 summarises the characteristics of the different IDSs pro-
phisticated attackers. Although theoretically very interesting, this posed for aircraft. It is worth observing that all follow behaviour-
approach has not been evaluated experimentally on an actual UAV, based or hybrid approaches, because even though determining
which is important because it has the significant disadvantage that what is a normal state for an aircraft is very challenging, re-
it needs an extremely large number of states to accurately cap- searchers have found it even more impractical to rely solely on
ture the behavioural specifications with greater granularity and for signature patterns of known attacks.
Table 3
Comparative analysis of intrusion detection systems for aircraft.
Table 4
Comparative analysis of intrusion detection systems for robotic land vehicles.
5.2. Land vehicles the nature of the attacks, it is not surprising that the cyber fea-
tures have proven to be the most relevant, especially the network-
Research on IDS for land vehicles has focused on robotic related ones, but the authors have also shown that introducing
land vehicles, and automobiles, including driverless vehicles and physical features too, such as battery consumption and physical vi-
vehicular networks. Note that up to now, all current research bration of the chassis, noticeably increases the detection accuracy
on intrusion detection for driverless vehicles [26,27,29,64–66] has and reduces the detection latency. An example physical manifesta-
been addressed from the perspective of vehicular networks, tion of a cyber attack that was observed in the particular case was
whether as platoon networks or as networks of individual driver- a minute physical vibration caused by the vehicle continuously los-
less vehicles, and as such is included in the corresponding subsec- ing network connection to its remote controller and having to en-
tion. ter fail-safe mode for extremely short periods of time. Having used
a real robotic vehicle in the evaluation is significant, but the par-
ticular were run with the vehicle on stands for reproducibility and
5.2.1. Robotic land vehicles to minimise environmental effects. Also, accuracy varied consider-
Such vehicles (Table 4) are particularly attractive for research, ably between different attacks. Indicatively, the false positive rate
because they have a large variety of applications, from surveil- was only 5.4% for malware, but reached as high as 29.6% for com-
lance, to emergency response and defence-oriented missions, as mand injection, and similarly the false negative rate for command
well as because they are often less expensive to purchase or de- injection was only 5.7%, but reached as high as 41.4% for denial of
velop and easier to conduct experiments with in the constrained service.
physical spaces typically afforded to researchers. An example is the
work by Vuong et al. [30–32], who have used a small 4-wheel • S: Remote-controlled robotic vehicle
drive robotic vehicle controlled via an on-board Intel Atom com- • D/DA: Onboard (local) or external / Onboard self-detection or
puter running Linux, and have subjected it to denial of service, offloaded detection
false data injection and malware attacks. The vehicle’s onboard de- • AT/T: Knowledge / (Learning) Rules generated by decision trees
tection method is based on decision trees with a training phase • AF: (Cyber) CPU consumption, network traffic, disk usage,
that involves learning the signatures of a range of attacks based on (Physical) encoder value for each wheel, vibration and power
their impact on a set of both cyber and physical features. Given consumption
• AA: (Integrity) Command injection and malware, (Availability) Contrary to previous approaches that prioritise lightweight ap-
denial of service proaches, Loukas et al. [13,67] have shown that very accurate, but
• EA: Experimental also computationally heavy machine learning algorithms, such as
• TRL: 4 deep learning, can be used if the detection task is offloaded to a
more powerful infrastructure, such as a remote server or cloud.
Along the same lines, Bezemskij et al. [55,68] have also shown
The authors argue that computation offloading can be extremely
that it is highly beneficial to use both cyber features and physical
useful for demanding, real-time and continuous tasks required by
features, and have additionally placed emphasis on the processing
resource-constrained and time-critical cyber-physical systems. To
and memory efficiency requirements for implementing IDS on a
demonstrate the effectiveness of offloading, they have conducted
resource-constrained vehicle. For this, they have proposed onboard
experimental evaluations, which reduced both the detection la-
detection mechanisms to first monitor data related to four cy-
tency and the energy consumption for a particular robotic vehicle.
ber (communication and computation) and 13 physical (actuation
Of course, it has the drawback that it depends on the availability of
and sensing) indicators of the robot in real-time and then using
an offloading infrastructure, which is impractical in many applica-
lightweight heuristic techniques decide whether a vehicle is in an
tion areas of robotic vehicles. The authors have presented a mathe-
attack state or not. As an extension, in [15], they have presented a
matical model, which predicts the benefits in terms of energy con-
method based on Bayesian Networks to additionally determine the
sumption and detection latency based on the complexity of the
domain (cyber or physical) from which the attack originated from.
deep learning processing required, the processing capabilities of
Using a purpose-built 4-wheel drive semi-autonomous robotic ve-
the vehicle and the offloading infrastructure, and the performance
hicle following the military-oriented Generic Vehicle Architecture
of the network. The differences in configuration and condition of
[69], they have shown the feasibility of the approach for most at-
the latter were emulated using wide area network emulation soft-
tacks that the vehicle has been subjected to. Represented in the
ware. Obviously, the more reliable the network and the more de-
form of Receiver Operating Characteristics graphs, their experimen-
manding the processing, the more useful the offloading becomes.
tal results yielded area under the curve of 0.995 for attacks com-
Comparison between different deep learning and standard machine
ing from the cyber domain and 0.953 or attacks coming from the
learning classification approaches (decision trees, support vector
physical domain.
machines, logistic regression, random forest) showed experimen-
• S: Semi-autonomous robotic vehicle tally that recurrent neural networks enhanced with long short
• D/DA: Onboard (local) / Onboard self-detection term memory can greatly improve detection accuracy. The authors
• AT/T: (Hybrid) Behaviour-based detection of attack, followed by have reported average accuracy of 86.9% across three different at-
knowledge-based identification of domain of origin / (Learning) tack types, up from a best of 79.9% achieved by the second best,
Bayesian network which was support vector machines, for the same attacks.
• AF: (Cyber) packet arrival time, action indicator, sequence num-
ber, packet rate, (Physical) Battery voltage, pitch, roll, tempera- • S: Remote-controlled robotic vehicle
ture, compass bearing, distances, motors • D/DA: External / Offloaded detection
• AA: (Integrity) False data injection, replay attack, rogue node, • AT/T: Knowledge / (Learning) Deep learning in recurrent neural
physical compass manipulation, (Availability) Denial of service network architecture
• EA: Experimental • AF: (Cyber) CPU consumption, network traffic, disk usage,
• TRL: 5 (Physical) encoder value for each wheel, vibration and power
consumption
Autonomous vehicles are almost entirely dependent on the ro- • AA: (Integrity) Command injection
bustness of their sensing processes. This makes them particularly • EA: (Experimental) evaluation with real attacks on real vehicle
attractive targets to sensory channel attacks and network-based but emulated network conditions
false data injection attacks that affect the integrity or availabil- • TRL: 4
ity of a vehicle’s sensor data, for instance to disrupt its collision
avoidance subsystem. One approach that is commonly used to de-
5.2.2. Automobiles
tect attacks on sensors is to treat them as standard sensor failure
The vast majority of large-scale automotive security research
events and utilise statistical anomaly detection methods. For exam-
projects have focused on cryptographic approaches for ensuring
ple, if it can be assumed that the rate of change of a sensor’s data
authenticity, integrity, confidentiality and privacy [70]. In recent
cannot exceed a particular value, then the recursive least-square
years, researchers have also started looking into intrusion detection
filter can be used to discard data that do. Gwak et al. [46] have
for automobiles’ in-vehicle networks (Table 5), mostly in relation to
demonstrated this approach on small robotic vehicles operating as
the Controller Area Network (CAN), which is the most prevalent of
a platoon, and using a simple obstacle avoidance system that is
the related protocols. Here, the challenge is that CAN is a broadcast
limited to only ultrasonic sensors and does not have the luxury
protocol which does not require unique identifiers for the various
of cross-checking between different types of sensing. The simple
electronic control units (ECUs). This impedes network-based intru-
approach followed is that if a sensor’s data is deemed to be un-
sion detection and facilitates attacks that exploit anonymity, such
reliable, the particular sensor is excluded from the collision avoid-
as denial of service and node masquerading.
ance processes. However, in terms of the origin of a sensor’s fail-
One approach is to use behaviour specification with particular
ure, there is no provision to distinguish between malicious threats
detection rules checked on each ECU. For instance, in the first rele-
of cyber origin and natural sensor failures, making this work rather
vant IDS in the literature proposed in 2008, Larson et al. [42] have
impractical in this context.
defined detection rules based on the specifications of both the net-
• S: Fully autonomous robotic vehicle (as part of platoon) work protocol (individual, dependent and inter-object fields of a
• D/DA: Onboard (local) / Onboard self-detection message) and the behaviour of each ECU (message transmission,
• AT/T: Behaviour / Learning message reception, and rates of message transmission and recep-
• AF: (Physical) Sensor values tion). Their rather insightful observation was that gateway devices
• AA: (Integrity) Sensor spoofing are more critical for the security of the in-vehicle network than
• EA: Experimental other ECUs, because they require more complex intrusion detec-
• TRL: 3 tion rulesets, and if compromised, they would allow a more di-
Table 5
Comparative analysis of intrusion detection systems for automobiles.
verse range of attacks to be performed. Indeed, it was a gateway (the current frequency and content of the last eight messages to
device (the multimedia interface) that was exploited a year later the targeted ECU). Although perhaps too simple and too limited in
in [21] in the first publication detailing high-impact cyber-physical scope, this was the first actual implementation of IDS for a vehicle.
attacks on a conventional automobile. Larson et al. also observed
that in most cases, a single ECU is not able to detect an attack, • S: Automobile using CAN bus
and that cooperation between multiple ECUs is needed. However, • D/DA: Onboard (local) / Onboard self-detection
the particular IDS proposed was presented at conceptual level and • AT/T: Behaviour specification / Rule-based.
was not evaluated in simulation or experiments with real vehicles. • AF: (Cyber) Message frequency, content of last eight messages
• AA: (Integrity) Command injection
• S: Automobile using CAN bus • EA: Experimental
• D/DA: Onboard (local) / Onboard self-detection • TRL: 4
• AT/T: Behaviour specification / Rule-based.
• AF: (Cyber) Message structure and content and ECU object di- Miller and Valasek [73] have also focused on message frequency
rectory communication parameters as an audit feature and have produced a prototype IDS device,
• AA: Confidentiality, integrity and availability breaches at indi- which can be attached to an automobile’s onboard diagnostics port
vidual ECU or gateway level to detect attacks based on only this feature. The rationale is that
• EA: Analytical ECUs communicate with each other continuously and at a rela-
• TRL: 2 tively predictable rate. So, any maliciously injected message will
increase the rate of messages received. So, the particular IDS learns
Also in 2008, Hoppe et al. [71] demonstrated proof of concept normal message rates and determines that there is an anomaly if
cyber-physical attacks through exploitation of CAN bus. These in- the message rate measured is considerably higher, that is 20–100
cluded preventing the actuation of the warning lights, disabling times higher in their experiments. The fact that there is a work-
the airbag control module, and malicious code automatically issu- ing prototype of IDS based on a single feature is indicative of how
ing an “open driver window” command every time a “close drive straightforward detection can be for some types of attacks, and
window” command is transmitted. The authors observed particular hence there is little excuse for the complete absence of intrusion
patterns on the network corresponding to each attack, which they detection in production automobiles. Of course, for attacks that are
proposed to use in an IDS. Some examples include increased mes- more sophisticated or involve no significant change in message fre-
sage frequency, misuse of message IDs, and communication charac- quency, there is a need for equally sophisticated intrusion detec-
teristics at the physical layer, such as the degree of signal attenua- tion.
tion, the shape of clock edges and propagation delays. In [72], they
progressed with evaluation of their IDS concept on a single attack • S: Automobile using CAN bus
(suppressing the warning lights) and using only two audit features • D/DA: Onboard (local) / Onboard self-detection
• AT/T: Behaviour / Learning. The simplicity of the approach has an obvious advantage in speed,
• AF: (Cyber) CAN Message frequency with the authors’ experiments showing detection latency as low as
• AA: (Integrity) Command injection 40μs, which is important considering automobiles’ very strict real-
• EA: Experimental time requirements. Their IDS module was implemented as part of
• TRL: 4 a CAN controller on a prototype CAN system produced in the labo-
ratory. The modification proposed is compliant with the CAN pro-
Moore et al. [74] have also focused on the regularity of mes-
tocol.
sages on CAN bus and specifically observed that with the vehicle
engine being on, the majority of process IDs’ signals are regularly • S: Conventional automobiles
occurring, i.e. repeatedly, at a fixed rate and with little noise. So, • D/DA: Onboard (local) / Onboard self-detection
the authors have built a model for each process ID’s signal stream • AT/T: Behaviour specification / Rule-based
as a Markov process. If the inter-signal arrival time is too short or • AF: (Cyber) CAN ID
too long in comparison to a learned value (plus/minus a predefined • AA: (Integrity) Masquerade and replay attacks
15% of the absolute error from expectation), then this is flagged as • EA: (Experimental) on a CAN system prototype with synthetic
an anomaly and an alert is raised when three consecutive anoma- vehicle behaviour
lies are detected. • TRL: 3
Lee et al. [75] have developed OTIDS, which is an IDS based
• S: Automobile using CAN bus
on the observation that in normal cases of remote frame, every
• D/DA: Onboard (local) / Onboard self-detection
ECU has a fixed response offset ratio and time interval between
• AT/T: Behaviour / (Learning) in the form of Markov process
request and response, and that these values vary when under at-
models
tack. The detection decision is then taken based on whether the
• AF: (Cyber) CAN inter-signal arrival times
average time intervals are out of range, as specified by prede-
• AA: (Integrity) Regular-frequency signal injection
fined thresholds, or the Pearson correlation coefficient between
• EA: Simulation
offsets and time intervals is under a threshold. For evaluation, they
• TRL: 3
have developed a prototype based on Raspberry Pi 3 with PiCAN2
Along the same lines, Song et al. [37] have also based their shield and a KIA Soul. Importantly, the authors have released the
IDS for CAN in-vehicle networks on the message frequency, but in datasets1 they developed as part of this work for others to use in
a hybrid fashion, detecting both deviation from normal behaviour their research.
and known signatures of attacks. The rationale is that if the time
interval of a new message is shorter than what is deemed to be
normal, then this is evidence of message injection, and if it is
• AT/T: Behaviour / Rule-based.
considerably shorter, then this is evidence of denial of service. By
• AF: (Cyber) Message response offset ratio and frequency
way of evaluation, they have tried three types of message injec-
• AA: (Integrity) Command injection and false data injection (im-
tion attacks (injecting messages of single CAN ID, injecting ran-
personation and fuzzy attacks), (Availability) denial of service
dom or pre-ordered messages of multiple CAN IDs, and injecting
• EA: (Experimental) Attacks using Arduino with CAN shield, and
massive rates of messages in the form of denial of service). The
detection based on Raspberry Pi3 implementation partially in-
dataset used was normal speed driving of a production automobile
tegrated on a KIA Soul.
for 40 min. The attacks involved injecting messages 30 times for
• TRL: 4
5–10 s each. Afterwards, 100 one-min samples were chosen ran-
domly and were separated into normal and attack, depending on Instead of the message frequency in an in-vehicle network,
whether they contained attack messages. The IDS then determines Muter and Asaj [36] turned their attention to their randomness.
that there is a message injection attack if the message frequency The logic is that, unlike network traffic in computer networks, in-
is above double what has been learned to be normal, and that vehicle network traffic exhibits less and somewhat predictable ran-
there is a denial of service if it is above five times the normal. domness. Timings, message lengths and types of packets are highly
Importantly, the particular method achieved 0% false positive and predictable. So, their assumption was that a significant change in
0% false negative rates for the particular vehicle and the particular entropy is a sign of potential malicious activity. Based on this,
configuration of detection rules. their proposed IDS collects data at the level of individual bits,
fixed size groups of bits, signals and protocols, and uses a vari-
• S: Automobile using CAN bus ety of metrics from information theory, including conditional self-
• D/DA: Onboard (local) / Onboard self-detection information (how much information has been transferred with a
• AT/T: Hybrid / Learning. message), entropy (the expected value of self-information), and rel-
• AF: (Cyber) CAN message frequency ative entropy for measuring the distance between two datasets.
• AA: (Integrity) message injection, (Availability) denial of service Another important dimension is the status of the vehicle, as the
• EA: (Simulation) Learning of what is normal based on real ve- number of messages expected is much lower when the vehicle is
hicle, but attacks were offline not moving than when it is, so what is a normal value for entropy
• TRL: 3 needs to be learned for every possible vehicle status. Evaluation on
a real vehicle showed that for attacks that involve flooding or re-
In CAN, receiver nodes may require certain kinds of infor-
peating messages, entropy can indeed be very helpful. This is ex-
mation to run a given task, and for this reason, they need to
pected, especially for simple flooding attacks where the attacker
broadcast a remote frame on the bus, which typically has the
does not inject randomness in the type, rate or source of traffic
identifier of its target ECU. Ansari et al. [44] have proposed an ap-
used. What is also expected, and was shown in the authors’ ex-
proach which uses the principle of self-identifier violation. It as-
periments is that false data injection cannot be detected unless
sumes that frames with a high value in the Remote Transmission
the data injected were highly unrealistic (e.g., injecting a 70 mph
Request (RTR) flag are remote frames. If γ is the CAN ID of a node,
speed value immediately after a 30 mph value).
any frame that is not a remote frame received from another CAN
node with CAN ID γ is assumed to be a masquerade or replay
attack. This detection decision is then broadcast on the CAN Bus. 1
http://ocslab.hksecurity.net/Dataset/CAN- intrusion- dataset.
• S: Automobile using CAN bus into a time series machine learning problem and used Hidden
• D/DA: Onboard (local) / Onboard self-detection Markov Models to generate a model of normal behaviour. That is
• AT/T: Behaviour / (Learning) entropy in non-attack conditions because the physical movement of a vehicle can be considered as a
and comparing against learned value sequence of states that are dependent on the previous state. Data
• AF: (Cyber) Network traffic entropy, (Physical) Sensor value en- collection was based on vehicles from different automotive man-
tropy ufacturers, and included speed, load, engine coolant temperature
• AA: (Integrity) Increased message frequency, command injec- and other physical sensor values. The features used to train the
tion, (Availability) Message flooding model were their gradients rather than their absolute values. The
• EA: Experimental authors collected CAN message data from real vehicles and used
• TRL: 4 Hidden Markov Models (HMMs) to generate a model for the pre-
diction of anomalous states in vehicles. Upon detecting unsafe and
Marchetti and Stabili [43] have placed their focus on the CAN
anomalous states while monitoring CAN messages, the proposed
message ID sequences for detecting malicious message injections.
technique aims to issue alerts while the vehicle is in operation.
In a training phase, the IDs of all frames captured on a vehicle’s
Matlab simulations have shown very high accuracy in detecting
CAN bus are stored in the form a transition matrix, which contains
false sensor values or unsafe states.
all legitimate transitions between the message IDs of two consec-
utive CAN messages. From then on, the matrix can be considered • S: Automobile using CAN bus
as a whitelist, and sequence analysis can be based on comparing • D/DA: Onboard (local) / Onboard self-detection
against it. Evaluation in simulation has shown that this approach’s • AT/T: Behaviour / (Learning) Hidden Markov Models
detection percentage can reach 95% for attacks that involve two • AF: (Physical) Speed, load, engine coolant temperature, engine
or more simple message injections per second, but drops below RPM, intake air temperature, absolute throttle position and O2
40% for replay attacks. Also, analysis of the memory and computa- voltage
tional requirements of the approach has shown that integration in • AA: (Integrity) False data injection
a real vehicle’s ECUs should be practical, but this has not yet been • EA: (Simulation) Matlab, using the normal behaviour data from
confirmed with a real implementation. The authors have suggested three automobiles
that further improvements in efficiency can be achieved by decen- • TRL: 3
tralising the mechanism, to run detection on one ECU per network
branch, rather than on a gateway. Cho and Shin [45] have proposed a behaviour-based clock-based
IDS (CIDS), which takes into account the intervals of periodic in-
• S: Automobile using CAN bus vehicle messages for fingerprinting ECUs. These are used for con-
• D/DA: Onboard (local) / Onboard self-detection structing a baseline of ECUs’ clock behaviours with the Recursive
• AT/T: Behaviour / Learning Least Squares algorithm. In practice, an ECU’s clock skew is its fin-
• AF: (Cyber) CAN bus messages gerprint. CIDS then uses Cumulative Sum to detect small persistent
• AA: (Integrity) Replay, command injection and false data injec- changes, which are assumed to be signs of intrusion. This allows
tion quick identification of in-vehicle network intrusions with a low
• EA: (Simulation) of attack conditions, but normal behaviour col- false positive rate of 0.055%, as measured experimentally on a 2013
lected from real production automobile Honda Accord and on data from another two vehicles. The authors
• TRL: 3 have argued that it is not enough to detect that there is an attack
on the CAN bus, and that a detection system needs to also identify
Boudguiga et al. [41] have developed an IDS model for detecting
from which exact ECU the attack originates from, so as to facilitate
the types of attacks where an attacker impersonates a legitimate
response to the detected attack or facilitate forensics. The finger-
ECU by forging or replaying legitimate CAN frames. The model sug-
printing of ECUs provided by CIDS can help in this direction too,
gests a CAN extension, where every legitimate ECU registers itself
but the same authors have produced a more specialised solution
periodically with other ECUs, and from then on checks with each
for attacker identification in [49]. They have shown that it is possi-
ECU register whether any data frames have been sent containing
ble to pinpoint the attacker ECUs by monitoring their voltage pro-
its own identifier. The authors have assumed that each ECU has an
files, which can be sufficiently unique. To evaluate the practicality
embedded hardware security module dedicated for cryptographic
of this approach, they have produced Viden, a prototype implemen-
computation and key storage, which is the case for newer auto-
tation, which first determines whether the measured voltage sig-
motive microcontrollers, and allows authentication of each ECU
nals come from the genuine transmitter ECU, then constructs the
to other ECUs. The decision to determine that there is an attack
voltage profiles for each transmitter ECU to be used as their finger-
is based on whether the number of violations detected exceed a
prints, and uses these to identify the compromised ECU, when an
threshold. Such a provision would indeed help protect against a
attack is detected. Viden takes into account both the momentary
range of impersonation, denial of service, but not against isolation
behaviour of the voltage outputs and its trend. Experimental eval-
attacks preventing traffic to reach the targeted ECU, because the
uation on two real vehicles has yielded a false identification rate of
proposed IDS relies on the targeted ECU checking the bus itself.
only 0.2%. However, Viden can only work well if the compromised
Evaluation of the approach was based on security analysis.
ECU transmits at least one message.
• AT/T: Behaviour specification / Rule-based
• AT/T: Behaviour. (Learning) a parameter reflecting the number
• AF: (Cyber) CAN frame identifiers
of standard deviations intended to detect
• AA: (Integrity) Impersonation, replay, and (Availability) denial
• AF: (Physical) Timing and voltage measurements
of service
• AA: (Integrity) ECU masquerading, (Availability) rushing attack
• EA: Analytical
and isolation/suspension of targeted ECU
• TRL: 2
• EA: Thorough experimental evaluation on a CAN bus prototype
Narayanan et al. [48] have analysed message streams from dif- and real vehicles
ferent ECUs as sequences of events, which they have formulated • TRL: 5
Taylor et al. [76] have proposed a method that uses a Long • AT/T: Behaviour / Learning
Short-Term Memory (LSTM) neural network to predict the next bits • AF: (Physical) Sensors measurements, such as oxygen, throttle
expected by a sender on the CAN bus. Any next bits to appear that position and tyre pressure
are deemed to be highly “surprising” (forming sequences of bits • AA: (Integrity) Malware affecting integrity of systems or sensor
that have never been seen before or are seen very rarely) are as- values
sumed to be anomalies due to malicious attacks. The introduction • EA: Unknown
of a LSTM block can help “remember” values over arbitrary time • TRL: Unknown
intervals, which makes it very useful for predicting in the presence
In [78], Markovitz and Wool have described an IDS, which first
of time lags of unknown size and duration. Evaluation was based
identifies the boundaries and field types of the 64-bit CAN mes-
on real-world data for normal behaviour from a 2012 Subaru Im-
sages of each ECU, and based on this builds a model for these
preza and synthetic data for attacks that were created according to
messages, based on Ternary Content-Addressable Memory (TCAM).
the related literature, including adding messages, erasing messages,
TCAM is a special type of high-speed memory usually used for fast
replaying messages and modifying the contents of messages.
look-up tables and packet classification in switches and routers.
• S: Automobile using CAN bus The rationale is that the positional bit fields of CAN messages make
• D/DA: Onboard (local) / Onboard self-detection them easy to represent as TCAMs. For each ECU, a TCAM database
• AT/T: Behaviour / (Learning) Neural network enhanced with of normal traffic patterns is constructed and used to detect mes-
LSTM sages that do not match the TCAM-based model. The authors have
• AF: (Cyber) CAN data sequences evaluated their system using an ECU traffic simulator that they
• AA: (Integrity) False data injection, replay (Availability) ECU have developed. In their experiments, it was able to detect irreg-
suppression ular changes in CAN bus messages with a false positive rate that
• EA: (Simulation) based on data from a 2012 Subaru Impreza did not exceed 2.5%, but it has not been evaluated against specific
and synthetic attack data attacks.
• TRL: 3
Martinelli et al. [47] have argued that normal CAN messages • D/DA: Onboard (local) / Onboard self-detection
that are triggered by human action can be modelled well by fuzzy • AT/T: Behaviour / Learning
techniques. So, they have formulated the problem as a fuzzy clas- • AF: Cyber and Physical features, as represented in the different
sification problem and have applied four fuzzy classification algo- CAN fields
rithms to distinguish between legitimate CAN messages generated • AA: No attack model was implemented
as a result of action taken by the human driver and injected ones • EA: (Simulation) using synthetic CAN data
generated by an attacker ECU. As features, they have used a specific • TRL: 3
eight bytes from the CAN frames, and the evaluation was carried
In contrast to almost all other IDSs designed for CAN, which
out offline based on the KIA Soul dataset offered by Lee et al. [75].
opt for very lightweight behaviour-based approaches, Kang and
The performance was generally high across most types of data in-
Kang [79] have proposed the use of a Deep Neural Network in a
jection attacks tried, with, indicatively, their fuzzy NN algorithm’s
knowledge-based fashion. Their neural network is trained on high-
precision ranging from 0.963 to 1 for injection attacks.
dimensional CAN frame data to figure out the underlying statis-
• S: Automobile using CAN bus tical properties of normal and attack CAN frames and extract the
• D/DA: Onboard (local) / Onboard self-detection corresponding features. After the very lengthy training has been
• AT/T: Knowledge / (Learning) Four fuzzy classification algo- completed offline, the IDS monitors the frames transmitted in the
rithms network to decide whether it is under attack or not. Though very
• AF: (Cyber) Eight bytes selected from the CAN frame promising from the perspective of detection accuracy, deep neural
• AA: (Integrity) false data injection, (Availability) denial of ser- networks are computationally heavy, and such an IDS is challeng-
vice ing to integrate in a real vehicle, especially if it is meant to op-
• EA: Simulation erate continuously. In the particular case, the authors have used a
• TRL: 3 deep neural network with a small number of layers, so as to keep
complexity low and still have acceptable detection accuracy. For 5
Malinowski and Xaypanya [77] have filed a patent on a mon-
hidden layers, the false positive and false negative rates were mea-
itoring and analysis system for detecting both malicious activ-
sured around 2%.
ity and harmful hardware/software modifications to a vehicle.
The proposed IDS engine looks for inconsistencies when receiv- • S: Conventional automobiles
ing emergency conditions from the vehicle’s sensors, by compar- • D/DA: Onboard (local) / Onboard self-detection
ing the processed output of one of the sensors to the unpro- • AT/T: Knowledge / (Learning) Deep neural networks
cessed observed value, so as to detect malware attacks that may • AF: (Cyber) CAN bus frames extracted as binary bitstream
not have the ability to affect the unprocessed value (e.g., an input • AA: (Integrity) Message injection
to the sensor). The patent specifies that artificial intelligence can • EA: (Simulation) Evaluation runs on a PC and using the OCTANE
be used to determine that an emergency state has been declared CANbus sniffer and injector [81]
maliciously and is incorrect, but does not detail how, and due to • TRL: 3
the nature of the publication, no evaluation results have been dis-
A very different problem has been tackled by Abedi et al. [80],
closed, and there is no indication as to how malware will be dif-
who have focused on the security of charging of plug-in electric
ferentiated from other types of misbehaviour or natural faults. As
vehicles and specifically false data injection attacks in relation to
a result, it is not possible to evaluate the maturity of the approach.
energy measurement reporting in the smart grid. For this, they
Interestingly, the design suggests that detection can run onboard
have used two approaches. The first is model-based, making use
or offloaded to a cloud computing system.
of the chi-square distribution test to detect whether there is an
• S: Automobile using CAN bus attack and the largest normal residual test to identify what data
• D/DA: Onboard (local) / Onboard self-detection or Offloaded de- it has affected. The variable with the largest measurement resid-
tection ual is assumed to be the suspicious one. The second approach is
signal-based, using discrete wavelet transform for timeline analy- driverless and semi-driverless vehicles. For this, they have used
sis, where the detail coefficient values are compared with prede- the Integrated Circuit Metrics (ICMetric) technology, which is capa-
fined thresholds to detect anomalies. ble of uniquely identifying a system’s behaviour. Specifically, they
have added the bias reading of magnetometer sensors to the cy-
• S: Plug-in electric vehicle
ber features used in their previous work, and have applied a sim-
• D/DA: External / Offloaded detection
ple machine learning approach based on k-nearest neighbours to
• AT/T: Behaviour specification / Rule-based
detect anomalous conditions. For evaluation, they have used mea-
• AF: (Physical) Smart meter data, such as line active/reactive
surements from a real sensor system and NS-2 simulation of the
power flows
rest of their setup. Their results have shown considerable improve-
• AA: (Integrity) False data injection
ment in the detection accuracy when using ICMetric. In [64], they
• EA: Simulation
have additionally evaluated the use of gyroscope sensors with sim-
• TRL: 3
ilarly positive results.
5.2.3. Automobile vehicular networks • S: Autonomous and semi-autonomous VANET
Increased automation in vehicles is followed by increased use • D/DA: Onboard (local) / Onboard self-detection
of vehicular networks, especially for automobiles, which raises the • AT/T: Behaviour / (Learning) k-nearest neighbours in [27], and
question of what happens when one of the vehicles is compro- additionally feedforward neural networks in [64]
mised or launches cyber attacks on neighbouring vehicles. Here, • AF: (Physical) Sensor bias readings and (Cyber) another 16 fea-
we review representative approaches for intrusion detection in ve- tures, including payload size, packet ID, source, destination, hop
hicular ad hoc networks (VANETs). We have prioritised IDSs that counts, etc.
have been evaluated against specific technical breaches of cyber • AA: Availability
security. For completeness, we also include a small number of rep- • EA: (Simulation) NS-2 enhanced with bias measurements from
resentative examples of misbehaviour detection systems (MDSs), real sensors
which consider cyber security breaches, but do not distinguish • TRL: 3
against other unidentified misbehaviour attributed to normal fail-
ures, physical attacks or selfish drivers wilfully disseminating false Security research in VANETs is often geared towards MDSs,
information [50]. For more complete surveys of general MDSs in where it is not necessary that a particular vehicle has been com-
VANETs, we refer the reader to [11,82]. Here, our emphasis is on promised by a cyber attack, but it may also be the driver/operator
the audit techniques and features used for the detection of the at- that selfishly disseminates false information, for example to gain
tacks rather than the reputation, trust-oriented or cluster-head se- access to a particular lane. For several MDSs, there is no distinc-
lection algorithms. tion as to the cause of the misbehaviour. Indicatively, Raya et al.
While there is little doubt that the future for driverless ve- [83] have used entropy to represent the anomalous and normal
hicles is promising, what it will exactly look like is still uncer- behaviours of nodes, and k-means clustering to identify outliers,
tain, and as a result, researchers need to make assumptions as which are assumed to be the attackers that should be evicted. An-
to how the interactions between them will be affected by secu- other important assumption for the approach to work is that there
rity breaches. Alheeti et al. [29] have focused on driverless and is an honest majority. Eviction of a suspected node is based on dis-
semi-driverless vehicles communicating warning messages and co- tance enlargement and deviation from the majority.
operative awareness messages between each other in a vehicular • S: Automobile VANETs
ad hoc network (VANET). Here, the challenge is to detect greyhole • D/DA: Onboard (distributed) / Collaborative
and rushing attacks which aim to disrupt the communication be- • AT/T: Behaviour. Rule-based and (Learning) k-means clustering
tween vehicles and with roadside units. The proposed approach’s • AF: (Physical) Coordinates and timestamps
training and testing was based on machine learning (support vec- • AA: (Integrity) False information dissemination
tor machines and feedforward neural networks), but the authors • EA: Simulation using NS-2
have also employed fuzzification for the pre-processing stage, so as • TRL: 3
to increase the detection rate and reduce false positives. Evaluation
based on NS-2 simulations yielded false positive rate of 1.21% and Also, geared towards rogue nodes disseminating false informa-
false negative rate of 0.23%. This work was extended in [26], which tion, is the MDS proposed by Ruj et al. [50], all nodes are moni-
uses linear discriminant analysis and quadratic discriminant anal- tored for their actions after sending out an alert message. Lack of
ysis. The evaluations included different types of mobility models consistency of recent messages and new alerts with regard to the
(urban, highway and rural), with rushing attacks and greyhole at- reported and estimated vehicle positions is an indication of misbe-
tacks in [29], and denial of service and blackhole attacks in [26] in haviour, which is penalised with fines by the Certification Author-
networks of 30–40 vehicles on two-lane roads. ity.
• S: Autonomous and semi-autonomous VANET • S: Automobile VANETs

• D/DA: Onboard (local) / Onboard self-detection • D/DA: Onboard (local) / Onboard self-detection
• AT/T: Behaviour / (Learning) Support Vector machine and feed- • AT/T: Behaviour / Rule-based
forward neural network in [29], and Linear and Quadratic Dis- • AF: (Physical) node location, event location, and (Cyber) alert
criminant Analysis in [26] type and time
• AF: (Cyber) up to 21 features, incl. payload size, packet ID, • AA: (Integrity) False information dissemination
source, destination, hop counts, etc. • EA: Simulation
• AA: (Availability) Greyhole, rushing, blackhole and denial of ser- • TRL: 3
vice
Kim et al. [84] have combined several of key MDS concepts
• EA: (Simulation) NS-2
integrated into a single model, which filters messages based on
• TRL: 3
a confidence level for a received message, as derived by six data
In [27], Alheeti et al. have extended their IDS techniques for ex- sources, both on-board and external. In a linear approach, the con-
ternal communication attacks to also include measurable proper- fidence level for each message is calculated by each vehicle in iso-
ties extracted from sensors, such as the magnetometers used by lation, while in a cumulative approach, greater confidence is placed
on a message reporting an event that has been previously reported learning. Each vehicle is assumed to be equipped with a learning
by other vehicles. Simulation involving the injection of false Elec- automaton, which is code able to take decisions by learning the
tronic Emergency Brake Light (EEBL) messages has shown that the optimal action through repeated interaction with the environment
cumulative approach can achieve a noticeably higher true positive [97]. Tuning of the detection is based on Collaborative Trust Index,
rate of detection. However, it requires keeping track of all alerts a parameter computed for each vehicle according to the success
about events sent by others. or failure of each operation. Any value below a threshold is con-
sidered to be an indication of malicious behaviour. The threshold
• S: Automobile VANETs
depends on the reliability requirements of the application at hand.
• D/DA: Onboard (distributed), external / Collaborative
This approach has performed well in terms of both detection accu-
racy and scalability.
• AF: (Cyber) Authentication, other vehicles’ messages, reputa-
tion, (Physical) location, on-board sensors, RSU-based sensors • S: Automobile VANETs
• AA: (Integrity) False information dissemination • D/DA: Onboard (distributed) / Collaborative
• EA: Simulation • AT/T: Behaviour / Learning
• TRL: 3 • AF: (Physical) Density, mobility, direction
• AA: Integrity
A common weakness of collaborative MDSs is that they require
• EA: Simulation
a provision for estimating, storing and sharing securely the levels
• TRL: 3
of trust or reputation for each vehicle. So, a primary motivation
for the work of Zaidi et al. [85] was to detect misbehaviour with- Sedjelmaci and Senouci [23,24] have proposed AECFV, an intru-
out relying on trust or reputation. For this, they have proposed a sion detection framework which takes into account node mobil-
detection mechanism running on each vehicle that uses data col- ity and frequent changes in network topology. At its core, there
lected from other nodes in the vicinity to model the traffic around is a clustering algorithm, where cluster-heads are selected based
it. Hypothesis testing is then employed to decide whether the re- on each vehicle’s trust level and a boundary distance. Trust levels
ceived data is correct and should be accepted or not. The rationale are evaluated based on majority voting and a reputation protocol
is that if all data shared is correct, then each vehicle’s estimate of and are broadcast periodically within the network. Similarly to the
the traffic flow (vehicles per hour) should not differ considerably same research team’s IDS for UAVs [28], it makes use of two de-
from the other vehicles in the vicinity as determined by the fact tection systems; (a) a local one running at each cluster member
that they are within communication range. This is expressed as a and monitoring its neighbouring vehicles and the cluster-head, and
rule that the flow values need to lie within two standard devia- (b) a global one running at cluster-head level, evaluating the trust-
tions of the mean. Then, a statistical t-test can be used to detect worthiness of its cluster members. Then, a global decision system
false values reported by misbehaving vehicles. Evaluation of this running at road side unit (RSU) level, computes the level of trust
technique in the OMNeT++ simulator based on simulations under for each vehicle and classifies them based on this. Together, these
varying vehicular and network traffic conditions showed that it can systems constitute a network IDS as they take a decision based on
achieve high accuracy with relatively low overhead, as long as the monitoring of behaviours of nodes within their radio range. The
ratio of misbehaving vehicles is not extremely high. Indicatively, two IDSs use rules and support vector machines to model normal
for a ratio of attackers below 25%, the true positive rate was above behaviour. The authors have implemented AECFV in the NS-3 net-
98% and the false positive rate did not exceed 2%. work simulator and have reported its performance in terms of ac-
curacy and detection latency to be superior to T-CLAIDS [87] for se-
lective forwarding, blackhole, packet duplication, resource exhaus-
• D/DA: Onboard (distributed) / Collaborative
tion, wormhole and Sybil attacks. For a ratio of attackers between
10% and 30%, the false positive rate ranged between 1.5% and 3.5%
• AF: (Physical) speed, flow, density, location
respectively.
• AA: (Integrity) False information dissemination
• EA: (Simulation) OMNeT++ • S: Automobile VANET
• TRL: 3 • D/DA: Onboard (distributed) and externally at RSUs / Collabo-
rative
Daeinabi and Rahbar [86] have focused on detecting attacks
• AT/T: Hybrid / Learning and Rule-based
that affect packet forwarding in VANETs, including blackhole, du-
• AF: (Cyber) packet drop ratio, packet sent ratio, message dupli-
plication of packets and isolation from honest vehicles. The ap-
cation ratio, (Physical) signal strength intensity
proach is based on the existence of verifier nodes, which are
• AA: (Integrity) Sybil, packet duplication, wormhole, (Availabil-
“trustier’ vehicles in the vicinity that can detect their neighbours’
ity) selective forwarding, blackhole, resource exhaustion
abnormal behaviour. Every time a vehicle is deemed to be behav-
ing abnormally, its distrust value is decreased, and when this ex-
• TRL: 3
ceeds a threshold, it is reported to the corresponding Certification
Authority. Detection of abnormal behaviour is based on monitoring Kerrache et al. [88] have also developed a trust-based mecha-
the number of packets received, missed or duplicated by a neigh- nism that is geared specifically towards denial of service attacks
bouring vehicle, as observed by a verifier. by preventing the forwarding of malicious data and by rapidly re-
voking nodes deemed to be dishonest. For this, they have proposed
adding an “opinion” field in the packet header, which corresponds
to a message’s trustworthiness as evaluated by its last forwarder.
• AT/T: Behaviour / Rule-based
The detection is based on both a knowledge-based element look-
• AF: (Cyber) Packets received, missed or duplicated
ing for signatures of known attacks, and a behaviour-based ele-
• AA: (Availability) Blackhole, packet duplication, isolation
ment with a predefined threshold for the maximum number of
• EA: Simulation
messages considered normal for a specific type of traffic and condi-
• TRL: 3
tions. If a node receives more packets from a particular neighbour
Kumar and Chilamkurti [87] have developed T-CLAIDS, which than normal, then the latter’s honesty score is decreased. There is
is a collaborative IDS using a Learning Automata type of machine also a similar approach for the overall quality of packets received
from a particular neighbour. The two parameters are periodically Recent work by Subba et al. [35] has combined several promis-
combined into a single weight used to decide whether a denial of ing ideas for VANET IDSs into a single multi-layered framework,
service attack exists in the network. Evaluations run on the NS-2 which they have shown to be effective against a variety of differ-
simulator have shown this approach to outperform [87] and [24] in ent attacks. In all cases, detection is based on comparison of au-
the presence of high ratios of dishonest nodes, with a true positive dit features against thresholds. These include packet delivery rates
rate of 88% for a dishonest vehicle ratio of 50%. (PDR) and Received Signal Strength Information (RSSI) for selec-
tive forwarding (greyhole) and blackhole attacks; duplicate packet
• S: Automobile VANETs rate and packet forwarding rate for denial of service; RSSI and PDR
• D/DA: Onboard (distributed) / Collaborative for wormhole attack; and the z-score of RSSI for Sybil attack. Eval-
• AT/T: (Knowledge) and (Behaviour) / Rule-based. uation based on NS-3 simulation has shown that this framework
• AF: (Cyber) Counters for neighbours’ messages sent can achieve greater accuracy and lower overhead in terms of IDS-
• AA: (Availability) Denial of service specific network traffic generated than [86,24], and [87]. The re-
• EA: (Simulation) NS-2 duction of IDS traffic overhead is the result of adopting a game
• TRL: 3 theoretic approach in modelling the interaction between the IDS
and the malicious vehicle as a two-player non-cooperative game
Verma et al. [89] have proposed detecting denial of service at-
and using the Nash Equilibrium to inform the choice of monitor-
tacks by checking whether the number of TCP SYN packets that ing strategy.
have not been acknowledged within a certain amount of time ex-
ceeds a predefined threshold, as well as the IP addresses of the • S: Automobile VANETs
sources in [90]. To record the behaviour of each message and • D/DA: Onboard (distributed) / Collaborative
achieve very low rate of false positives, they have based their clas- • AT/T: Behaviour / Rule-based
sification on a Bloom filter, which can check very rapidly whether • AF: (Cyber) Packet delivery/forwarding rates, duplicate packet
a message belongs to a set or not. Deployment is assumed to be on rate, (Physical) RSSI
an edge router, such as on a RSU. The training of the system is car- • AA: (Integrity) Wormhole, Sybil, (Availability) Grey/blackhole,
ried out on a lightweight neural network with back-propagation. Denial of service
NS2 simulation results yielded a false positive rate of between 4% • EA: (Simulation) NS-3
and 25% as the ratio of malicious vehicles increased from 5 to 30% • TRL: 3
respectively.
The majority of IDSs designed specifically for detecting Sybil
• S: Automobile VANETs attacks in VANETs look for similarities in motion trajectories, as
• D/DA: External / Offloaded inferred from messages shared and timestamps, so as to detect
• AT/T: Knowledge / Learning. “Sybil” communities. An example of such work is Footprint, pro-
• AF: (Cyber) Rate of unacknowledged SYN packets, IPs posed by Chang et al. [93], which uses a network of trusted RSUs
• AA: (Availability) Denial of service to track a vehicle’s trajectory through active demand of an autho-
• EA: (Simulation) NS-2 rised message from the RSU as proof of its appearance time. Foot-
• TRL: 3 print has placed particular emphasis on preserving the vehicles’
location privacy by comparing their trajectories anonymously. In
Bissmeyer et al. [91,92] have produced a MDS, which com- terms of accuracy, using the best check window size and the best
bines local short-term detection of misbehaviour of neigh- trajectory length limit, this approach could achieve minimum false
bouring nodes with centralised long-term identification. Their positive rate of 3% and minimum false negative rate of 1%.
detection uses plausibility checks in individual modules, which are
integrated in a fusion phase, and employs Kalman filters, Particle
• D/DA: External (at RSUs) / Offloaded
filters, and a method that detects overlaps of vehicles appearing to
• AT/T: Knowledge / Rule-based
virtually drive through each other. Significantly, while the vast ma-
• AF: (Cyber) Authorisation timestamps, (Physical) locations
jority of IDSs and MDSs for VANETs have been evaluated only in
• AA: (Integrity) Sybil
simulation, the authors have instead opted to evaluate this work
• EA: Simulation
in field experiments with real vehicles in a dedicated test area
• TRL: 3
which allowed low-speed and high-speed tests without endanger-
ing public road traffic. For their evaluation, they have also devel- The IDS for Sybil attacks proposed by Grover et al. [94] does
oped VANET-specific malware, which when deployed on an attack not need an established infrastructure of RSUs. Instead, its aim
vehicle, it analyses the network and automatically selects a victim is to identify vehicles with fake identifies by looking for similar-
vehicle, in front of which it creates a fake (“ghost”) vehicle. After ities in neighbourhood information of nodes at incremental inter-
some lead time, the attack vehicle broadcasts spoofed EEBL notifi- val of time. The assumption is that a node that is simultaneously
cation messages on behalf of the ghost vehicle, so as to display a observed by neighbouring nodes for significant duration of time
false driver warning on the victim vehicle. Experiments were run is very likely to be a Sybil node. Through simulation with traf-
over 15 weeks with approximately 17 billion messages checked, in fic traces based on Swiss road maps, the authors have produced
a rare example of published IDS research for vehicles progressing a methodology for choosing a time threshold for varying number
to high TRL. of attackers and number of Sybil identities per attacker. The lower
the threshold, the higher the true positive rate, but also the more
common the false positives, especially in the case of high normal
• D/DA: Onboard (distributed) / Self-detection, collaborative
vehicle density. Indicatively, the false positive rate for a 15% ratio
of Sybil attackers and 500 m transmission range was 3%.
• AF: (Physical) Location
• AA: (Integrity) False information dissemination • S: Automobile VANETs
• EA: (Experimental) Three test vehicles equipped with VANET • D/DA: Onboard (distributed) / Collaborative
communication • AT/T: Knowledge / Rule-based
• TRL: 7 • AF: (Cyber) Neighbourhood information
• AA: (Integrity) Sybil

• EA: Simulation
• TRL: 3
Kong and Jun [39] have focused on cooperative vehicular po-
sitioning networks and potential malicious attacks targeting these
networks. Examples of such attacks may be incorrect time-tags
that make ranging with neighbouring vehicles erroneous, or dis-
torted location coordinates and distorted reliability messages sent
to neighbouring vehicles. In the proposed detection technique, ev-
ery vehicle evaluates the reliability of its neighbours in a weighted
manner and based on the Mahalanobis distance [98] of the dif- Fig. 6. Conceptual architecture of a vehicular IDS hub.
ference observation between the measured range and the Euclid-
ian distance, using the vehicles shared location coordinates. It then
distributes these reliability estimates within the network. The aim • S: Automobile VANETs
is to distinguish inaccuracies caused by non-line-of-sight delays • D/DA: Onboard (local) / Self-detection
and genuine attacks. The authors have used Monte Carlo simu- • AT/T: Behaviour / Rule-based
lations with vehicle-to-vehicle radio parameters that were deter- • AF: (Cyber) Packet delivery ratio
mined empirically to demonstrate that the proposed approach can • AA: (Availability) Jamming
protect cooperative positioning against malicious manipulation. • EA: Simulation
• TRL: 3
• D/DA: Onboard (distributed) / Collaborative In the special case of a platoon where only the leading vehicle
• AT/T: Behaviour / Learning has a driver, the safe cooperation between the vehicles depends
• AF: (Physical) measured LOS range and Euclidean distance on periodic broadcast messages containing vehicle positions and
• AA: Location spoofing, ranging manipulation, message distor- velocities. In this context, a jamming attack can have severe con-
tion sequences by delaying transmission of these messages beyond the
• Attacks targeting: Integrity delay requirements of automotive control systems. This is particu-
• EA: Simulation larly the case for platoons because of both their highly autonomous
• TRL: 3 nature and the fact that a jammer placed on one of the vehicles
Bouali et al. [95] have taken a very different approach to detec- can always be within range of the whole platoon. Lyamin et al.
tion, which they have called proactive detection, by extending its [66] have proposed mounting a sniffer device on the leading ve-
scope to include prediction of a vehicle’s potential misbehaviour hicle listening to the channel and recording the identifiers of the
and classification into white, grey and black. As area of applica- vehicles for which these messages have been successfully received.
tion, they have used the threat of authenticated vehicles launch- In addition, the platoon’s vehicles are divided into groups in such
ing denial of service in the network of a cooperative intelligent a way that messages from different groups never collide with each
transportation system. Their technique uses a clustered architec- other. Then, if there is at least one group where exactly one such
ture, where each cluster-head is responsible for the classification message has not been received, this is assumed to be due to a
of vehicles that are members of its cluster. The classification is ef- jamming attack. Otherwise, at least two nodes should have been
fectively a trust scoring mechanism based on past experience with involved in a legitimate collision within the same group.
each member and recommendations from specific other vehicles,
which are trusted to act as monitoring agents. From an algorithmic
• D/DA: Onboard (local, on leading vehicle) / Collaborative
perspective, it uses basic Kalman filtering to integrate the different
• AT/T: Knowledge / Rule-based
data sources. To predict misbehaviour in the form of denial of ser-
• AF: (Cyber) Messages lost
vice, the primary audit feature is the packet delivery ratio for each
• AA: (Availability) Jamming
vehicle, as monitored by its neighbours. Evaluation using NS-3 in
• EA: Simulation
a Manhattan grid has shown that the inclusion of prediction can
• TRL: 3
reduce the impact of the attack by evicting some of the malicious
vehicles before they take part, with the true positive rate ranging
from 79% for 400 vehicles to 97% for 100 vehicles. 5.3. Watercraft
The cyber security of the maritime sector has only recently
started featuring in governmental and research agendas. The sector
is still largely at the point of trying to identify the realistic cyber
• AF: (Cyber) Packet delivery ratio
threat scenarios [99], unique challenges [100] and generalist de-
• AA: (Availability) Denial of service
fences that are applicable. Ntouskas and Gritzalis have found that
the main vulnerabilities in the maritime sector are lack of security
• TRL: 3
awareness programs, weak protection of physical access to ship in-
VANET availability can also be affected by a wireless com- formation systems, lack of backup systems and existence of several
munication jamming attack. There, the challenge is to determine assets that can be “single points of failure” [101].
whether a disruption is the result of a genuine attack or a poor ra- Civil maritime transportation depends heavily on the reliability
dio link. Mokdad et al. [96] have proposed differentiating between of GPS signals. Having demonstrated the vulnerability of a real sur-
the two by monitoring the ratio of packets received that pass the face vessel to GPS spoofing using the White Rose of Drachs yacht
Cyclic Redundancy Check. The jamming attack is modelled based as their testbed, Bhatti and Humphreys [3] have proposed a GPS
on Markov Chains and the aim of the authors’ analysis is to set spoofing detection framework that is appropriate for integrating in
the appropriate packet delivery ratio threshold for considering a the Electronic Chart Display and Information System (ECDIS) soft-
detected disruption as a jamming attack. ware available to ships. The framework uses a maritime dynamics
Table 6
Comparative analysis of intrusion detection systems in VANETs.
model to take into account wind, ocean currents and other envi- The data used were from real AIS reports for the normal behaviour,
ronmental disturbances. with synthesised reports for the attack behaviour. Indicatively, the
• S: Semi-autonomous ship (equipped with course autopilot) us- true positive rate for spoofing distance of 200 m exceeded 80%.
ing GPS
• S: Ship using AIS
• D/DA: External / Unknown
• AT/T: Behaviour / Learning
• AF: (Physical) ECDIS sensor measurements
• AF: (Physical) Locations as reported by radar
• AA: (Integrity) GPS spoofing
• AA: (Integrity) AIS spoofing
• EA: Experimental (for the demonstration of the attack) and
• EA: Simulation
Monte-Carlo simulations (for the evaluation of the detection)
• TRL: 3
• TRL: 3
Automatic Identification System (AIS) is a system that supple- Iphar et al. [60,61] have proposed a methodology for detecting
ments marine radar for the purpose of vessel tracking and colli- AIS spoofing, which takes into account positions, trajectories and
sion avoidance. It broadcasts signals containing the ship’s unique monitoring the link between conceptual specification of a situation
identification, position, course, and speed, which are received by and its implementation, as well as comparison of AIS data with
other ships and land based systems to help them track it on their historical and predicted data. The detection is based on whether
display systems. However, these signals are unauthenticated and each single data field value is consistent with the possible field
unencrypted, which makes them easy to spoof [59], as a result of values provided by the technical specifications, and whether there
a cyber security breach or on purpose by the crew (e.g., a fishing is any discrepancy between the fields, between messages of the
boat entering a no-fishing zone). Katsilieris et al. [102] have formu- same type, as well as between the fields values of different kinds
lated detecting AIS spoofing as a hypothesis testing problem, using of messages. Initial results have shown that it was able to detect
as input any data coming from available radars, as well as informa- the simple case of a vessel changing its identity during travel, but
tion from the tracking system. For detection based on a single AIS evaluation is still at an early stage.
report, they have used a Clairvoyant likelihood ratio test for one
radar and K radars, and extended as a generalised likelihood ratio • S: Ship using AIS
test to account for the unknown spoofing distance. This was then • D/DA: External / Unknown
further extended to account for sequences of AIS reports. However, • AT/T: Behaviour / Rule-based
the approach developed is not naturally designed for ships chang- • AF: Cyber and physical, as included in AIS signal content
ing directions or speeds. Evaluation in the form of Receiver Oper- • AA: (Integrity) AIS spoofing
ating Characteristics (ROC) curves was based on varying the spoof- • EA: Simulation of AIS spoofing and offline detection
ing distance, the number of radars and the sample data available. • TRL: 2
Mazzarella et al. [103] have additionally tackled the problem of and types of vehicles. This mismatch in skills can be a barrier for
AIS unavailability where AIS is jammed or maliciously turned on or research teams. Out of the IDSs surveyed here, only 11 were based
off. Their approach aims to detect when a reduction in received AIS on actual testbeds. These include NASA’s DragonEye UAV [53], the
reports is natural or an indication of malicious manipulation. For White Rose of Drachs yacht [3], a remote-controlled [30] and a
this, it monitors the RSSI available at the AIS base stations, taking semi-autonomous robotic vehicle [15] at the University of Green-
into account the natural electromagnetic propagation phenomena wich, a platoon of small robotic vehicles at Daegu Gyeongbuk In-
involved in AIS transponders to base station communication, in the stitute of Science and Technology [46], a 2013 Honda Accord and a
form of path loss propagation (due to curvature of the Earth, mul- 2015 Chevrolet Trax at the University of Michigan [49], a produc-
tipath effects and ducting from the varying refractive index of the tion automobile at Daimler AG [36], three production automobiles
air), as well as the behaviour of each vessel and of the base sta- (from Toyota, Honda and Chevrolet) at the University of Maryland
tion. The detection decision depends on whether deviation from [48], a production automobile at Korea University [37], and three
a single vessel’s normality model and a base station’s normality test automobiles at TU Darmstadt [92]. Beyond acquiring a vehicle
model (based on One-Class Support Vector Machines and geospa- or group of vehicles for research, there is the even greater chal-
tial distribution of historical RSSI data) corresponds to a level of lenge of gaining access to appropriate space for experiments, espe-
risk above a set threshold. In their evaluation, they have used data cially if these involve automobiles at speed, UAVs in flight or wa-
collected from several base stations, which indicated comparable tercraft in proximity to land or other vessels. Here, what would
RSSI dynamics between them, albeit with some degree of asym- help is high-fidelity simulation software to minimise this barrier
metry. The one-class support vector machine algorithm was shown to entry for researchers, with some attempts already made in [81],
to achieve particularly high detection accuracy. as well as industrial collaboration with vehicle manufacturers for
real-world prototype implementations, and vehicle testing facilities
• S: Ship using AIS for collection not only of real normal behaviour data but also of
• D/DA: External / Unknown real attack behaviour data.
• AF: (Physical) RSSI 6.2. Strengthening knowledge-based approaches with a vehicular IDS
• AA: (Availability) AIS on/off manipulation hub
• EA: Simulation
• TRL: 3 The preference shown by researchers for behaviour-based over
knowledge-based approaches is natural. Even though they tend
6. Lessons learned and open issues to exhibit high false positive rates, they are more practical than
knowledge-based approaches due to the absence of a large enough
Research for vehicular IDSs is centred on a rather narrow range dictionary of attack signatures. This problem can potentially be ad-
of applications, primarily geared towards the in-vehicle network of dressed by extending the offloaded detection scenario into a vehic-
automobiles and VANETs. This is not surprising. The body of work ular IDS hub scenario, whereby the centralised reasoning benefits
on IDSs for aircraft, watercraft and robotic land vehicles is grow- from data collected from other vehicles too (Fig. 6). A supervised
ing steadily, but it is the security of automobiles that has already machine learning based detection system running onboard a vehi-
captured the interest of the general public. At the same time, cy- cle may have never been trained on a specific attack and may miss
ber security in VANETs is a key requirement for their successful it when the vehicle encounters it. This will not be the case if de-
adoption. It is also not surprising that researchers prefer collabo- tection is offloaded to a centralised IDS hub, which has seen this
rative detection for the already naturally collaborative VANETs or attack previously on another vehicle of the same type, and as a re-
that in-vehicle automobile IDSs are designed for self-detection, as sult has access to a more complete or more up to date dictionary
any other design architecture might introduce additional security of relevant known threats. The IDS hub approach has not been im-
requirements and detection latencies. What is perhaps surprising plemented in the context of vehicles yet, but similar concepts have
is that despite the cyber-physical nature of most attacks affecting been adopted by collaborative threat intelligence platforms, such
vehicles, the percentage of IDSs using both cyber and physical au- as Hewlett Packard’s Threat Central [104], and have been briefly
dit features is a remarkably low 26% (only 17 out of 66). Below, we discussed in [77].
detail what we consider four key lessons learned and correspond-
ing areas where further research can be highly beneficial. 6.3. Addressing confidentiality
6.1. Shortage of research testbeds The vast majority of IDSs for vehicles have largely omitted
confidentiality-related security threats. There are two reasons for
The majority of proposed work published in the literature is of this. The first is that cyber threats against vehicles are still in their
relatively low maturity, usually at TRL 3. This is primarily because infancy and naturally the more important ones in the short-term
the evaluation for most research is limited to simulation and often are the ones affecting the integrity or availability of a vehicle’s sub-
in generalist network simulation packages, such as NS-2 or NS-3. systems and hence its safety. However, it is a confidentiality breach
For more of the proposed IDS solutions to reach higher TRL, to- that allows reverse-engineering a protocol or understanding what
wards 6 (“technology demonstrated in relevant environment”) or subsystem affects what when it is disabled. Also, the more con-
7 (“system prototype demonstration in operational environment”), nected a vehicle is, the greater the threat to the passengers’ or
there is a need for testbeds to become available to more research drivers’ privacy, from their contact address book to their presence
teams. If purchasing a commercially available vehicle is impractical in the vehicle, their location and even their biometrics [105]. The
(e.g., due to costs) or unsuitable (e.g., because it is not possible to second reason is that current IDSs depend heavily on looking for
meaningfully modify its software or components), the only other physical manifestations of a security breach, e.g., in a UAV’s de-
option is to build a testbed. However, most researchers specialis- viation from the specified flight plan or a robotic vehicle’s exces-
ing in IDS design come from computer networks, computer secu- sive energy consumption. However, confidentiality breaches do not
rity and mathematical/algorithmic backgrounds, while developing have physical manifestations, and as such cannot be detected with
a vehicle testbed requires electronics, embedded system and me- approaches that rely heavily on physical behaviour monitoring. For
chanical knowledge that can vary significantly in different domains example, out of the eight IDSs proposed for UAVs, only one has
Table 7
Comparative analysis of intrusion detection systems for watercraft.
been evaluated on a data exfiltration attack [19], even though most References
of the first real-world attacks against UAVs have targeted specifi-
cally the confidentiality of their video streaming [106]. In this di- [1] G. Loukas, Cyber-Physical Attacks: A Growing Invisible Threat, Butter-
worth-Heinemann (Elsevier), 2015.
rection, we anticipate that IDS techniques will need to emphasise [2] S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage,
less on physical features and waiting for an attack’s physical man- K. Koscher, A. Czeskis, F. Roesner, T. Kohno, et al., Comprehensive experimen-
ifestation, and more on looking for (cyber) traces of the earlier tal analyses of automotive attack surfaces., USENIX Security Symposium, San
Francisco, 2011.
stages of the attack (e.g., of probing or of attempting to install mal- [3] J. Bhatti, T.E. Humphreys, Covert Control of Surface Vessels Via Counterfeit
ware). Civil GPS Signals, University of Texas, 2014.
[4] J. Petit, B. Stottelaar, M. Feiri, F. Kargl, Remote attacks on automated vehi-
6.4. Integrating IDSs for vehicular networks with IDSs for single cles sensors: experiments on camera and lidar, in: Black Hat Europe, 11, 2015,
p. 2015.
vehicles [5] C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, M. Rajarajan, A survey of
intrusion detection techniques in cloud, J. Netw. Comput. Appl. 36 (1) (2013)
The vast majority of IDSs (and MDSs) for vehicular networks, 42–57.
[6] R. Mitchell, R. Chen, A survey of intrusion detection in wireless network ap-
such as VANETs, focus exclusively on the availability and integrity
plications, Comput. Commun. 42 (2014) 1–23.
of data shared on the network, with particular emphasis on vari- [7] I. Butun, S.D. Morgera, R. Sankar, A survey of intrusion detection systems
ations of false data injection. However, there are several onboard in wireless sensor networks, IEEE Commun. Surv. Tutorials 16 (1) (2014)
IDSs designed for detecting a much larger variety of attacks on in- 266–282.
[8] A.L. Buczak, E. Guven, A survey of data mining and machine learning methods
dividual vehicles. So, it would seem natural to integrate them in for cyber security intrusion detection, IEEE Commun. Surv. Tutorials 18 (2)
VANET IDSs. For example, if a VANET IDS has access to the onboard (2016) 1153–1176.
CAN bus IDS detection results collected from individual vehicles, [9] D. Kwon, H. Kim, J. Kim, S.C. Suh, I. Kim, K.J. Kim, A survey of deep learn-
ing-based network anomaly detection, Cluster Comput. (2017) 1–13.
then it might be able to determine when anomalous behaviour is [10] R. Mitchell, I.-R. Chen, A survey of intrusion detection techniques for cyber–
the result of a cyber security breach or of a driver purposefully physical systems, ACM Comput. Surv. 46 (4) (2014) 55.
sharing false information, or modify the trust estimate of a vehi- [11] F. Sakiz, S. Sevil, A survey of attacks and detection mechanisms on intelligent
transportation systems: VANETs and IoV, Ad Hoc Netw. 61 (2017) 33–50.
cle before its neighbours or the VANET is affected. Tables 6 and 7 [12] V.L.L. Thing, J. Wu, Autonomous vehicle security: a taxonomy of attacks
should be a good place to start for researchers interested in explor- and defences, in: 2016 IEEE International Conference on Internet of Things
ing such integration. (iThings) and IEEE Green Computing and Communications (GreenCom) and
IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data
(SmartData), IEEE, 2016, pp. 164–170.
7. Conclusion [13] G. Loukas, Y. Yoon, G. Sakellari, T. Vuong, R. Heartfield, Computation offload-
ing of a vehicles continuous intrusion detection workload for energy effi-
As is commonly the case for any relatively young research area, ciency and performance, Simul. Modell. Pract. Theory 73 (2017) 83–94.
[14] J.C. Mankins, Technology Readiness Levels, White Paper, April, 1995.
the landscape of IDSs for vehicles is fragmented into isolated fam-
[15] A. Bezemskij, G. Loukas, D. Gan, R. Anthony, Detecting cyber-physical threats
ilies of research ideas employed on a single type of vehicle, and in an autonomous robotic vehicle using bayesian networks, in: 2017 IEEE In-
usually evaluated on generalist network simulators. By proposing a ternational Conference on Internet of Things (iThings) and IEEE Green Com-
single IDS taxonomy for all types of vehicles and identifying areas puting and Communications (GreenCom) and IEEE Cyber, Physical and Social
Computing (CPSCom) and IEEE Smart Data (SmartData), IEEE, 2017.
of future research, we have aimed to help researchers from a di- [16] A. Broggi, P. Cerri, M. Felisa, M.C. Laghi, L. Mazzei, P.P. Porta, The vislab inter-
verse range of backgrounds identify where they can contribute in continental autonomous challenge: an extensive test for a platoon of intelli-
the overall architecture of a vehicle’s IDS, adopt ideas tried previ- gent vehicles, Int. J. Veh. Auton. Syst. 10 (3) (2012) 147–164.
[17] D. Wu, D.I. Arkhipov, M. Kim, C.L. Talcott, A.C. Regan, J.A. McCann, N. Venkata-
ously on different types of vehicles, as well as extend existing solu- subramanian, Addsen: adaptive data processing and dissemination for drone
tions with both cyber and physical audit features, more diverse de- swarms in urban sensing, IEEE Trans. Comput. 66 (2) (2017) 183–198.
sign architectures, and evaluation in more realistic conditions and [18] S. Martini, D. Di Baccio, F.A. Romero, A.V. JimȨnez, L. Pallottino, G. Dini,
A. Ollero, Distributed motion misbehavior detection in teams of heteroge-
against a greater range of realistic attacks. neous aerial robots, Rob. Auton. Syst. 74 (2015) 30–39.
[19] R. Mitchell, I.R. Chen, Adaptive intrusion detection of malicious unmanned
Acknowledgements air vehicles using behavior rule specifications, IEEE Trans. Syst. Man Cybern.:
Syst. 44 (5) (2014) 593–604.
[20] J. Liu, S. Zhang, W. Sun, Y. Shi, In-vehicle network attacks and countermea-
This research has been funded and supported by the Defence sures: challenges and future directions, IEEE Netw. 31 (5) (2017) 50–58.
Science and Technology Laboratory as part of DSTL-10 0 0 086863 [21] K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy,
project “Safeguarding military autonomous vehicles against cy- B. Kantor, D. Anderson, H. Shacham, S. Savage, Experimental security analysis
of a modern automobile, in: Security and Privacy (SP), 2010 IEEE Symposium
ber attacks”, as well as by the European Commision as part of
on, IEEE, 2010, pp. 447–462.
the Horizon 2020 project ROBORDER under grant agreement no. [22] G. De La Torre, P. Rad, K.-K.R. Choo, Driverless vehicle security: challenges and
740593. future research opportunities, Future Gener. Comput. Syst. (2018).
[23] H. Sedjelmaci, S.M. Senouci, A new intrusion detection framework for ve- aircraft systems, in: Proceedings of the first ACM MobiHoc workshop on Air-
hicular networks, in: 2014 IEEE International Conference on Communications borne Networks and Communications, ACM, 2012, pp. 31–36.
(ICC), IEEE, 2014, pp. 538–543. [53] J. Schumann, P. Moosbrugger, K.Y. Rozier, R2u2: monitoring and diagnosis of
[24] H. Sedjelmaci, S.M. Senouci, An accurate and efficient collaborative intrusion security threats for unmanned aerial systems, in: Proceedings of 15th Inter-
detection framework to secure vehicular networks, Comput. Electr. Eng. 43 national Conference on Runtime Verification, Springer, 2015.
(2015) 33–47. [54] Z. Birnbaum, A. Dolgikh, V. Skormin, E. O’Brien, D. Muller, C. Stracquo-
[25] H. Sedjelmaci, S.M. Senouci, N. Ansari, Intrusion detection and ejection frame- daine, Unmanned aerial vehicle security using behavioral profiling, in: Un-
work against lethal attacks in UAV-aided networks: a bayesian game-theoretic manned Aircraft Systems (ICUAS), 2015 International Conference on, IEEE,
methodology, IEEE Trans. Intell. Transp. Syst. 18 (5) (2017) 1143–1153. 2015, pp. 1310–1319.
[26] K.M.A. Alheeti, A. Gruebler, K. McDonald-Maier, Using discriminant analysis [55] A. Bezemskij, G. Loukas, R.J. Anthony, D. Gan, Behaviour-based anomaly de-
to detect intrusions in external communication of self-driving vehicles, Digit. tection of cyber-physical attacks on a robotic vehicle, in: International Confer-
Commun. Netw. (2017). ence on Ubiquitous Computing and Communications and 2016 International
[27] K.M.A. Alheeti, K. McDonald-Maier, An intelligent intrusion detection scheme Symposium on Cyberspace and Security (IUCC-CSS), IEEE, 2016, pp. 61–68.
for self-driving vehicles based on magnetometer sensors, in: Students on Ap- [56] G. Clark, M. Doran, W. Glisson, A malicious attack on the machine learn-
plied Engineering (ICSAE), International Conference for, IEEE, 2016, pp. 75–78. ing policy of a robotic system, in: 2018 17th IEEE International Confer-
[28] H. Sedjelmaci, S.M. Senouci, N. Ansari, A hierarchical detection and response ence on Trust, Security and Privacy in Computing and Communications/12th
system to enhance security against lethal cyber-attacks in UAV networks, IEEE IEEE International Conference on Big Data Science and Engineering (Trust-
Trans. Syst. Man Cybern.: Syst. (2017). Com/BigDataSE), IEEE, 2018, pp. 516–521.
[29] K.M.A. Alheeti, A. Gruebler, K. McDonald-Maier, Intelligent intrusion detection [57] A.P. Lauf, R.A. Peters, W.H. Robinson, A distributed intrusion detection sys-
of grey hole and rushing attacks in self-driving vehicular networks, Comput- tem for resource-constrained devices in ad-hoc networks, Ad Hoc Netw. 8 (3)
ers 5 (3) (2016) 16. (2010) 253–266.
[30] T. Vuong, G. Loukas, D. Gan, Performance evaluation of cyber-physical intru- [58] M. Strohmeier, V. Lenders, I. Martinovic, Intrusion detection for airborne com-
sion detection on a robotic vehicle, in: Proceedings of 13th International Con- munication using PHY-layer information, in: 12th Conference on Detection of
ference on Pervasive Intelligence and Computing (PICOM), IEEE, 2015. Intrusions and Malware & Vulnerability Assessment (DIMVA), Springer, 2015.
[31] T. Vuong, A. Filippoupolitis, G. Loukas, D. Gan, Physical indicators of cyber [59] M. Balduzzi, A. Pasta, K. Wilhoit, A security evaluation of AIS automated iden-
attacks against a rescue robot, in: IEEE International Conference on Pervasive tification system, in: Proceedings of the 30th annual computer security appli-
Computing and Communications, IEEE, 2014, pp. 338–343. cations conference, ACM, 2014, pp. 436–445.
[32] T. Vuong, G. Loukas, D. Gan, A. Bezemskij, Decision tree-based detection of [60] C. Iphar, A. Napoli, C. Ray, On the interest of data mining for an integrity
denial of service and command injection attacks on robotic vehicles, in: Pro- assessment of AIS messages, in: 2016 IEEE 16th International Conference on
ceedings of 7th International Workshop on Information Forensics and Secu- Data Mining Workshops (ICDMW), IEEE, 2016, pp. 368–373.
rity (WIFS), IEEE, 2015. [61] C. Iphar, A. Napoli, C. Ray, Integrity assessment of a worldwide maritime
[33] K.M.A. Alheeti, A. Gruebler, K.D. McDonald-Maier, An intrusion detection sys- tracking system for a geospatial analysis at sea, in: 20th AGILE International
tem against malicious attacks on the communication network of driverless Conference on Geographic Information Science (AGILE 2017), 2017. 4–pages
cars, in: Proceedings of the 12th Consumer Communications and Networking [62] D. McCallie, J. Butts, R. Mills, Security analysis of the ADS-b implementation
Conference (CCNC), IEEE, 2015, pp. 916–921. in the next generation air transportation system, Int. J. Crit. Infrastruct. Prot.
[34] K.M.A. Alheeti, K. McDonald-Maier, Hybrid intrusion detection in connected 4 (2) (2011) 78–87.
self-driving vehicles, in: 22nd International Conference on Automation and [63] D. Muniraj, M. Farhood, A framework for detection of sensor attacks on small
Computing (ICAC), IEEE, 2016, pp. 456–461. unmanned aircraft systems, in: 2017 International Conference on Unmanned
[35] B. Subba, S. Biswas, S. Karmakar, A game theory based multi layered intrusion Aircraft Systems (ICUAS), IEEE, 2017, pp. 1189–1198.
detection framework for VANET, Future Generation Computer Systems (2017). [64] K.M.A. Alheeti, R. Al-Zaidi, J. Woods, K. McDonald-Maier, An intrusion detec-
[36] M. Muter, N. Asaj, Entropy-based anomaly detection for in-vehicle networks, tion scheme for driverless vehicles based gyroscope sensor profiling, in: 2017
in: Intelligent Vehicles Symposium, IEEE, 2011, pp. 1110–1115. IEEE International Conference on Consumer Electronics (ICCE), IEEE, 2017,
[37] H.M. Song, H.R. Kim, H.K. Kim, Intrusion detection system based on the analy- pp. 448–449.
sis of time intervals of CAN messages for in-vehicle network, in: International [65] K.M.A. Alheeti, M.S. Al-Ani, K. McDonald-Maier, A hierarchical detection
Conference on Information Networking (ICOIN), IEEE, 2016, pp. 63–68. method in external communication for self-driving vehicles based on TDMA,
[38] K.-T. Cho, K.G. Shin, Error handling of in-vehicle networks makes them vul- PLoS One 13 (1) (2018) e0188760.
nerable, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer [66] N. Lyamin, A. Vinel, M. Jonsson, J. Loo, Real-time detection of denial-of-ser-
and Communications Security, ACM, 2016, pp. 1044–1055. vice attacks in IEEE 802.11 p vehicular networks, IEEE Commun. Lett. 18 (1)
[39] S.-H. Kong, S.-Y. Jun, Cooperative positioning technique with decentralized (2014) 110–113.
malicious vehicle detection, IEEE Trans. Intell. Transp. Syst. (2017). [67] G. Loukas, T. Vuong, R. Heartfield, G. Sakellari, Y. Yoon, D. Gan, Cloud-based
[40] M.-C. Chuang, J.-F. Lee, Team: trust-extended authentication mechanism for cyber-physical intrusion detection for vehicles using deep learning, IEEE Ac-
vehicular ad hoc networks, IEEE Syst. J. 8 (3) (2014) 749–758. cess (2018).
[41] A. Boudguiga, W. Klaudel, A. Boulanger, P. Chiron, A simple intrusion detec- [68] A. Bezemskij, R.J. Anthony, G. Loukas, D. Gan, Threat evaluation based on
tion method for controller area network, in: 2016 IEEE International Confer- automatic sensor signal characterisation and anomaly detection, in: The
ence on Communications (ICC), IEEE, 2016, pp. 1–7. Twelfth International Conference on Autonomic and Autonomous Systems
[42] U.E. Larson, D.K. Nilsson, E. Jonsson, An approach to specification-based attack (ICAS 2016), IARIA, 2016.
detection for in-vehicle networks, in: Intelligent Vehicles Symposium, IEEE, [69] F. Bergamaschi, D. Conway-Jones, N. Peach, Generic vehicle architecture for
2008, pp. 220–225. the integration and sharing of in-vehicle and extra-vehicle sensors, in: Proc.
[43] M. Marchetti, D. Stabili, Anomaly detection of CAN bus messages through of SPIE Vol, 7694, 2010, pp. 76940B–1.
analysis of ID sequences, in: Intelligent Vehicles Symposium (IV), 2017 IEEE, [70] O. Henniger, A. Ruddle, H. SeudiȨ, B. Weyl, M. Wolf, T. Wollinger, Securing
IEEE, 2017, pp. 1577–1583. vehicular on-board IT systems: the EVITA project, in: VDI/VW Automotive Se-
[44] M.R. Ansari, W.T. Miller, C. She, Q. Yu, A low-cost masquerade and replay at- curity Conference, 2009.
tack detection method for CAN in automobiles, in: 2017 IEEE International [71] T. Hoppe, S. Kiltz, J. Dittmann, Security threats to automotive CAN networks
Symposium on Circuits and Systems (ISCAS), IEEE, 2017, pp. 1–4. - practical examples and selected short-term countermeasures, SAFECOMP,
[45] K.-T. Cho, K.G. Shin, Fingerprinting electronic control units for vehicle intru- 2008.
sion detection., in: USENIX Security Symposium, 2016, pp. 911–927. [72] T. Hoppe, S. Kiltz, J. Dittmann, Applying intrusion detection to automotive IT
[46] C. Gwak, M. Jo, S. Kwon, H. Park, S.H. Son, Anomaly detection based on re- - early insights and remaining challenges, J. Inf. Assur. Secur. 4 (6) (2009)
cursive least-square filter for robust intelligent transportation systems, in: 226–235.
Proceedings of the 2015 Korea Institute of Communication Sciences Summer [73] C. Miller, C. Valasek, A survey of remote automotive attack surfaces, BlackHat
Conferences, KICS, 2015, pp. 438–440. USA, 2014.
[47] F. Martinelli, F. Mercaldo, V. Nardone, A. Santone, Car hacking identification [74] M.R. Moore, R.A. Bridges, F.L. Combs, M.S. Starr, S.J. Prowell, Modeling in-
through fuzzy logic algorithms, in: 2017 IEEE International Conference on ter-signal arrival times for accurate detection of CAN bus signal injection at-
Fuzzy Systems (FUZZ-IEEE), IEEE, 2017, pp. 1–7. tacks: a data-driven approach to in-vehicle intrusion detection, in: Proceed-
[48] S.N. Narayanan, S. Mittal, A. Joshi, OBD SecureAlert: an anomaly detection ings of the 12th Annual Conference on Cyber and Information Security Re-
system for vehicles, IEEE Workshop on Smart Service Systems (SmartSys search, ACM, 2017, p. 11.
2016), IEEE, 2016. [75] H. Lee, S.H. Jeong, H.K. Kim, Otids: a novel intrusion detection system for
[49] K.-T. Cho, K.G. Shin, Viden: attacker identification on in-vehicle networks, in: in-vehicle network by using remote frame, in: 15th International Conference
24th ACM Conference on Computer and Communications Security (CCS17)., on Privacy, Security and Trust (PST), 2017.
ACM, 2016, pp. 164–170. [76] A. Taylor, S. Leblanc, N. Japkowicz, Anomaly detection in automobile control
[50] S. Ruj, M.A. Cavenaghi, Z. Huang, A. Nayak, I. Stojmenovic, On data-centric network data with long short-term memory networks, in: 2016 IEEE Interna-
misbehavior detection in VANETs, in: IEEE Vehicular technology conference tional Conference on Data Science and Advanced Analytics (DSAA), IEEE, 2016,
(VTC Fall), IEEE, 2011, pp. 1–5. pp. 130–139.
[51] Z. Birnbaum, A. Dolgikh, V. Skormin, E. O’Brien, D. Muller, Unmanned aerial [77] R.E. Malinowski, T. Xaypanya, System and method for detecting malicious ac-
vehicle security using recursive parameter estimation, in: International Con- tivity and harmful hardware/software modifications to a vehicle, 2016, US
ference on Unmanned Aircraft Systems (ICUAS), IEEE, 2014, pp. 692–702. Patent 9,525,700.
[52] R. Mitchell, I.R. Chen, Specification based intrusion detection for unmanned
[78] M. Markovitz, A. Wool, Field classification, modeling and anomaly detection [104] H. Packard, HP Threat Central, April, 2015.
in unknown CAN bus networks, Veh. Commun. 9 (2017) 43–52. [105] M. Swan, Connected car: quantified self becomes quantified car, J. Sens. Ac-
[79] M.-J. Kang, J.-W. Kang, A novel intrusion detection method using deep neural tuator Netw. 4 (1) (2015) 2–29.
network for in-vehicle network security, in: 83rd IEEE Vehicular Technology [106] S. Gorman, Y.J. Dreazen, A. Cole, Insurgents hack US drones, Wall Street J. 17
Conference (VTC Spring), IEEE, 2016, pp. 1–5. (2009).
[80] S. Abedi, A. Arvani, R. Jamalzadeh, Cyber security of plug-in electric vehicles
in smart grids: Application of intrusion detection methods, in: Plug-In Electric George Loukas is principal investigator of several in-
Vehicles in Smart Grids, Springer, Singapore, 2015, pp. 129–147. ternational research projects related to the security of
[81] C.E. Everett, D. McCoy, Octane (open car testbed and network experiments): smart homes, Internet of Things, autonomous vehicles
bringing cyber-physical security research to researchers and students, 6th and human-as-asensor systems. He has over 60 journal
workshop on cyber security experimentation and test, USENIX, 2013. and conference publications. His book on cyberphysical
[82] U. Khan, S. Agrawal, S. Silakari, A detailed survey on misbehavior node detec- attacks was included in ACM’s top ten list in the com-
tion techniques in vehicular ad hoc networks, in: Information Systems Design puting milieux category of 2015. He is on the editorial
and Intelligent Applications, Springer, 2015, pp. 11–19. board of the BCS Computer Journal and Elsevier’s Simula-
[83] M. Raya, P. Papadimitratos, I. Aad, D. Jungels, J.-P. Hubaux, Eviction of misbe- tion Modelling Practice and Theory. Dr. Loukas has a Ph.D.
having and faulty nodes in vehicular networks, IEEE J. Sel. Areas Commun. 25 in Network Security from Imperial College London.
(8) (2007).
[84] T.H.-J. Kim, A. Studer, R. Dubey, X. Zhang, A. Perrig, F. Bai, B. Bellur, A. Iyer,
Vanet alert endorsement using multi-source filters, in: Proceedings of the
Seventh ACM International Workshop on VehiculAr InterNETworking, ACM,
Eirini Karapistoli is the Technical Director (CTO) of Cy-
2010, pp. 51–60.
berLens Limited. She is involved in a range of activities in-
[85] K. Zaidi, M.B. Milojevic, V. Rakocevic, A. Nallanathan, M. Rajarajan, Host-based
cluding software architecting and development, R&D pro-
intrusion detection for VANETs: a statistical approach to rogue node detec-
posals preparation, and project executions. She holds a
tion, IEEE Trans. Veh. Technol. 65 (8) (2016) 6703–6714.
Ph.D. (2009) in Electrical Engineering from the Aristo-
[86] A. Daeinabi, A.G. Rahbar, Detection of malicious vehicles (DMV) through
tle University of Thessaloniki, Greece. She was also the
monitoring in vehicular ad-hoc networks, Multimedia Tools Appl. 66 (2)
recipient of a postdoctoral research grant (2012–2015)
(2013) 325–338.
from the Greek Secretariat of Research and Technology
[87] N. Kumar, N. Chilamkurti, Collaborative trust aware intelligent intrusion de-
(GSRT). Dr. Karapistoli is the (co-) author of over 40 peer-
tection in VANETs, Comput. Electr. Eng. 40 (6) (2014) 1981–1996.
reviewed publications in scientific journals and interna-
[88] C.A. Kerrache, N. Lagraa, C.T. Calafate, A. Lakas, Tfdd: a trust-based framework
tional conferences with 11 h-index. She has a broad ex-
for reliable data delivery and dos defense in VANETs, Veh. Commun. (2016).
pertise in game theory applied to communication net-
[89] K. Verma, H. Hasbullah, A. Kumar, Prevention of dos attacks in VANET, Wirel.
works, as well as in network intrusion detection, and
Pers. Commun. 73 (1) (2013) 95–126.
mathematical optimisation. She is also competent in project management holding
[90] K. Verma, H. Hasbullah, Bloom-filter based ip-chock detection scheme for de-
an MBA degree (2013) from the Blekinge Institute of Technology, Sweden.
nial of service attacks in VANET, Secur. Commun. Netw. 8 (5) (2015) 864–878.
[91] N. Bissmeyer, K.H. Schroder, J. Petit, S. Mauthofer, K.M. Bayarou, Short paper:
Emmanouil Panaousis is an Assistant Professor in Secure
Experimental analysis of misbehavior detection and prevention in VANETs, in:
Systems at the University of Surrey, UK and member of
Vehicular Networking Conference (VNC), 2013 IEEE, IEEE, 2013, pp. 198–201.
the Surrey Centre for Cyber Security, a GCHQrecognised
[92] N. Bissmeyer, Misbehavior Detection and Attacker Identification in Vehicular
UK Academic Centre of Excellence in Cyber Security Re-
Ad-hoc Networks, Technische Universität, 2014 Ph.D. thesis.
search. There, he is leading research in the broad field
[93] S. Chang, Y. Qi, H. Zhu, J. Zhao, X. Shen, Footprint: detecting sybil attacks
of decision support for cybersecurity. Manos received the
in urban vehicular networks, IEEE Trans. Parallel Distrib. Syst. 23 (6) (2012)
B.Sc. degree in Informatics and Telecommunications from
1103–1114.
University of Athens, Greece, in 2006 and the M.Sc. de-
[94] J. Grover, M.S. Gaur, V. Laxmi, N.K. Prajapati, A sybil attack detection approach
gree in Computer Science from Athens University of Eco-
using neighboring vehicles in VANET, in: Proceedings of the 4th International
nomics and Business, Greece in 2008, and Ph.D. degree
Conference on Security of Information and Networks, ACM, 2011, pp. 151–158.
in Mobile Communications Security from Kingston Uni-
[95] T. Bouali, S.-M. Senouci, H. Sedjelmaci, A distributed detection and prevention
versity London, UK in 2012. He has over 50 journal and
scheme from malicious nodes in vehicular networks, Int. J. Commun. Syst. 29
conference publications with 12 h-index.
(10) (2016) 1683–1704.
[96] L. Mokdad, J. Ben-Othman, A.T. Nguyen, Djavan: detecting jamming attacks in
Panagiotis Sarigiannidis received his B.S. and Ph.D. de-
vehicle ad hoc networks, Perform. Eval. 87 (2015) 47–59.
gree from the Department of Informatics, Aristotle Uni-
[97] K.S. Narendra, M.A.L. Thathachar, Learning automata-a survey, IEEE Trans.
versity of Thessaloniki, Thessaloniki, Greece, in 2001
Syst. Man Cybern. (4) (1974) 323–334.
and 2007 respectively. In 2015, he has been elected at
[98] P.C. Mahalanobis, On the generalised distance in statistics, Proc. Natl. Inst. Sci.
the Department of Informatics and Telecommunication
India (1936) 49–55.
Engineering, University of Western Macedonia, Kozani,
[99] K.D. Jones, K. Tam, M. Papadaki, Threats and impacts in maritime cyber secu-
Greece, as Assistant Professor. His research interests in-
rity, Eng. Technol. Ref. (2016).
clude medium access protocols in optical networks, dy-
[100] D. Egan, N. Drumhiller, A. Rose, M. Tambe, Maritime Cyber Security Univer-
namic bandwidth allocation schemes in passive optical
sity Research: Phase 1, Technical Report, US Coast Guard New London United
networks, scheduling policies in IEEE 802.16 wireless net-
States, 2016.
works, wireless push systems design and optimization,
[101] T. Ntouskas, D. Gritzalis, Innovative security management services for mar-
quality of service provisioning in optical and wireless
itime environment, in: NATO Maritime Interdiction Operational Training Cen-
networks, traffic estimation and prediction via numerical
tre 1st Cyber Security Conference, 2016.
analysis, and design of burst allocation for optical burst switching networks. He has
[102] F. Katsilieris, P. Braca, S. Coraluppi, Detection of malicious AIS position spoof-
published 40 papers in international journals, conferences, and book chapters. Ad-
ing by exploiting radar information, in: 2013 16th International Conference
ditionally, he has been involved in national and bilateral research projects in the
on Information fusion (FUSION), IEEE, 2013, pp. 1196–1203.
field of passive optical networks, resource management, simulation programming,
[103] F. Mazzarella, M. Vespe, A. Alessandrini, D. Tarchi, G. Aulicino, A. Vollero, A
and anonymity provisioning. He is a member of IEEE.
novel anomaly detection approach to identify intentional AIS on-off switch-
ing, Expert Syst. Appl. 78 (2017) 110–123.
Anatolij Bezemskij is a post-doctoral research associate Tuan Vuong was awarded his Ph.D. in cyber-physical sys-
specialising in cyber-physical systems and Internet of tem security in 2017. He is currently a lecturer at the Uni-
Things security, involving a diverse range of applications, versity of Greenwich, with research specialising in deep
from smart homes to robotic vehicles. He has a Ph.D. learning, machine learning and cyber security.
in cyber-physical system security from the University of
Greenwich.

1 s2.0 S1570870518307091 Main

Uploaded by

Copyright:

Available Formats

1 s2.0 S1570870518307091 Main

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1 s2.0 S1570870518307091 Main

Uploaded by

Copyright:

Available Formats

Ad Hoc Networks 84 (2019) 124–147

Contents lists available at ScienceDirect

A taxonomy and survey of cyber-physical intrusion detection

Fig. 1. Taxonomy of IDS for vehicles.

1 Basic IDS model in the form of mathematical formulations or

posed IDS, as well as the resulting technology readiness level (TRL)

5. Intrusion detection approaches by type of vehicle

In this section, we survey and classify the individual IDSs re-

Attack Description References

• S: Autonomous and semi-autonomous VANET • S: Automobile VANETs

• AA: (Integrity) Sybil

You might also like