REACT: Autonomous Intrusion Response System for Intelligent Vehicles

TL;DR

The paper introduces REACT, an autonomous intrusion response system (IRS) for intelligent vehicles that operates on-board to provide near-real-time mitigation of cyber threats, reducing dependence on vehicle security operation centers. It develops a dynamic risk-assessment framework integrating intrusion impact and response costs/benefits via an extended HEAVENS model, including a runtime environmental factor and learnable weights. It evaluates multiple response-selection methods, finding that adapted SAW and LP with benefit maximization offer favorable performance in terms of speed, memory, and resilience to parameter changes, while addressing automotive constraints such as multi-bus architectures and real-time requirements. The work demonstrates a functional, embedded prototype with two attack scenarios, highlighting rapid decision-making (on the order of tens of milliseconds), low memory footprint, and dynamic parameter adaptation, underscoring the practicality and scalability of dynamic, vehicle-level intrusion response for future smart mobility.

Abstract

Autonomous and connected vehicles are rapidly evolving, integrating numerous technologies and software. This progress, however, has made them appealing targets for cybersecurity attacks. As the risk of cyber threats escalates with this advancement, the focus is shifting from solely preventing these attacks to also mitigating their impact. Current solutions rely on vehicle security operation centers, where attack information is analyzed before deciding on a response strategy. However, this process can be time-consuming and faces scalability challenges, along with other issues stemming from vehicle connectivity. This paper proposes a dynamic intrusion response system integrated within the vehicle. This system enables the vehicle to respond to a variety of incidents almost instantly, thereby reducing the need for interaction with the vehicle security operation center. The system offers a comprehensive list of potential responses, a methodology for response evaluation, and various response selection methods. The proposed solution was implemented on an embedded platform. Two distinct cyberattack use cases served as the basis for evaluating the system. The evaluation highlights the system's adaptability, its ability to respond swiftly, its minimal memory footprint, and its capacity for dynamic system parameter adjustments. The proposed solution underscores the necessity and feasibility of incorporating dynamic response mechanisms in smart vehicles. This is a crucial factor in ensuring the safety and resilience of future smart mobility.

Figures (8)

• Figure 1: On the left side, the current vehicle system shares attack information with the VSOC but often has to wait for extended periods to receive necessary security patches and updates. This waiting period puts the vehicle in a malicious status (red, diagonal lines). On the right side, the vehicle can select and implement security solutions to avoid the long waiting time for security patches and updates and return to normal status (green, cross diagonal lines).
• Figure 2: Reference vehicle architecture with possible attack surfaces (orange).
• Figure 3: Classification of intrusion results and examples of attacks for each possible intrusion result.
• Figure 4: Internal architecture of REACT.
• Figure 5: Evaluation of the response benefit and cost for Scenario 1 (left) and Scenario 2 (right) using LP with maximum benefit (top), LP with minimum cost (middle), and adapted SAW (bottom).