Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SISSA: Real-time Monitoring of Hardware Functional Safety and Cybersecurity with In-vehicle SOME/IP Ethernet Traffic

Qi Liu, Xingyu Li, Ke Sun, Yufeng Li, Yanchen Liu

TL;DR

SISSA tackles the challenge of real-time in-vehicle safety and cybersecurity for SOME/IP by modeling random ECU hardware failures with a Weibull distribution and simulating multiple cyberattack scenarios. It introduces three deep learning backbones enhanced with a Residual Self-Attention Block to extract temporal and cross-channel features from SOME/IP traffic, and provides a public, seven-class dataset for attack, failure, and normal operation. The approach achieves near-perfect detection for cyberattacks (F1 = 1.0) and very high accuracy for malfunctions (F1 ≈ 0.998–0.999) with sub-millisecond inference times, demonstrating practical viability for automotive networks. This framework lays groundwork for integrated, real-time safety-security monitoring and can be extended to additional in-vehicle protocols and attack vectors in future work.

Abstract

Scalable service-Oriented Middleware over IP (SOME/IP) is an Ethernet communication standard protocol in the Automotive Open System Architecture (AUTOSAR), promoting ECU-to-ECU communication over the IP stack. However, SOME/IP lacks a robust security architecture, making it susceptible to potential attacks. Besides, random hardware failure of ECU will disrupt SOME/IP communication. In this paper, we propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security. Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication, including Distributed Denial-of-Services, Man-in-the-Middle, and abnormal communication processes, assuming a malicious user accesses the in-vehicle network. Subsequently, SISSA designs a series of deep learning models with various backbones to extract features from SOME/IP sessions among ECUs. We adopt residual self-attention to accelerate the model's convergence and enhance detection accuracy, determining whether an ECU is under attack, facing functional failure, or operating normally. Additionally, we have created and annotated a dataset encompassing various classes, including indicators of attack, functionality, and normalcy. This contribution is noteworthy due to the scarcity of publicly accessible datasets with such characteristics.Extensive experimental results show the effectiveness and efficiency of SISSA.

SISSA: Real-time Monitoring of Hardware Functional Safety and Cybersecurity with In-vehicle SOME/IP Ethernet Traffic

TL;DR

SISSA tackles the challenge of real-time in-vehicle safety and cybersecurity for SOME/IP by modeling random ECU hardware failures with a Weibull distribution and simulating multiple cyberattack scenarios. It introduces three deep learning backbones enhanced with a Residual Self-Attention Block to extract temporal and cross-channel features from SOME/IP traffic, and provides a public, seven-class dataset for attack, failure, and normal operation. The approach achieves near-perfect detection for cyberattacks (F1 = 1.0) and very high accuracy for malfunctions (F1 ≈ 0.998–0.999) with sub-millisecond inference times, demonstrating practical viability for automotive networks. This framework lays groundwork for integrated, real-time safety-security monitoring and can be extended to additional in-vehicle protocols and attack vectors in future work.

Abstract

Scalable service-Oriented Middleware over IP (SOME/IP) is an Ethernet communication standard protocol in the Automotive Open System Architecture (AUTOSAR), promoting ECU-to-ECU communication over the IP stack. However, SOME/IP lacks a robust security architecture, making it susceptible to potential attacks. Besides, random hardware failure of ECU will disrupt SOME/IP communication. In this paper, we propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security. Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication, including Distributed Denial-of-Services, Man-in-the-Middle, and abnormal communication processes, assuming a malicious user accesses the in-vehicle network. Subsequently, SISSA designs a series of deep learning models with various backbones to extract features from SOME/IP sessions among ECUs. We adopt residual self-attention to accelerate the model's convergence and enhance detection accuracy, determining whether an ECU is under attack, facing functional failure, or operating normally. Additionally, we have created and annotated a dataset encompassing various classes, including indicators of attack, functionality, and normalcy. This contribution is noteworthy due to the scarcity of publicly accessible datasets with such characteristics.Extensive experimental results show the effectiveness and efficiency of SISSA.
Paper Structure (28 sections, 12 figures, 5 tables)

This paper contains 28 sections, 12 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Preliminary
  3. SOME/IP Protocol
  4. Communication model
  5. Related works
  6. Risk assessment based
  7. Feature learning based
  8. The proposed safety and security monitoring model
  9. Safety and security modeling module
  10. Modeling functional failure scenarios
  11. Cyberattack scenarios
  12. Training module
  13. Data preprocessing
  14. Packet mapping
  15. CNN backbone
  16. ...and 13 more sections

Figures (12)

  • Figure 1: SOME/IP packet
  • Figure 2: Three communication models in SOME/IP
  • Figure 3: Workflow of SISSA
  • Figure 4: The bathtub curve of random hardware failures evolution
  • Figure 5: The Weibull distribution under different shape parameter
  • ...and 7 more figures