Automatic whitelist generation system for ethernet based in-vehicle network

Abstract

Owing to the development of industrial internet of things (IIoT) technology, the connectivity and complexity of vehicles have also increased, and new communication technologies have been introduced to in-vehicle networks (IVN). In order to achieve a sufficient level of IIoT cybersecurity, strict ground rules must exist in the critical infrastructures (CI). Traditionally, many legacy communication techniques such as controller area networks (CAN), and FlexRay have been proposed and used for IVN and CI. However, these legacy protocols cannot accommodate advanced IIoT technologies that require high connectivity; hence, Ethernet for vehicles has been introduced in recent years. The phenomenon of introducing Ethernet to IVN is an irreversible industrial trend, such as Ethernet-based Smart Factory, Smart City, and industrial control system based on IIoT. Some automotive Ethernet protocols such as MOST150 and BroadR-Reach have been commercialized primarily for infotainment and are being expanded for providing IIoT services. However, security studies pertaining to automotive Ethernet are incomplete. Even though the amount of data that must be processed by security solutions in the Ethernet environment is increasing, vehicles must be guaranteed ‘hard real-time’. In this study, to reflect the characteristics of IVN security such as real-time, extensibility, and certainty, we establish an IVN simulation environment based on several Ethernet protocols and propose an automatic whitelist generation system. The whitelist performs filtering based on certain criteria, and after it is defined, the time consumed for packet preprocessing is extremely small. The proposed system is designed to create a whitelist through learning to ensure extensibility in an IVN environment composed of heterogeneous networks. The proposed system operates in two stages: the first step automatically generates three types of whitelists, i.e., global, local, and connection, by learning the network; the second step performs filtering by applying the generated rule. The whitelists generated through the proposed system filter out abnormal packets or sections based on the alert levels. The proposed system is expected to cope flexibly with various potential cyber threats on IVNs in the future.