MDHP-Net: Detecting an Emerging Time-exciting Threat in IVN
Qi Liu, Yanchen Liu, Ruifeng Li, Chenhong Cao, Yufeng Li, Xingyu Li, Peng Wang, Runhan Feng, Shiyang Bu
TL;DR
MDHP-Net introduces a time-exciting threat model for IVNs and demonstrates its feasibility on CAN and Ethernet/SOME/IP. It then develops MDHP-GDS to efficiently estimate a Multi-Dimensional Hawkes Process and MDHP-Net to detect time-evolving injections by fusing MDHP dynamics with an MDHP-LSTM core and residual attention. A new open-source dataset STEIA9 enables evaluation across nine Ethernet-based attack patterns, and experiments show MDHP-Net outperforms baselines with robust detection and feasible computation. The work highlights the practical risks of time-excited injections in IVNs, provides fast, scalable detection tools, and supplies a valuable benchmark for future research in automotive network security.
Abstract
The integration of intelligent and connected technologies in modern vehicles, while offering enhanced functionalities through Electronic Control Unit (ECU) and interfaces like OBD-II and telematics, also exposes the vehicle's in-vehicle network (IVN) to potential cyberattacks. Unlike prior work, we identify a new time-exciting threat model against IVN. These attacks inject malicious messages that exhibit a time-exciting effect, gradually manipulating network traffic to disrupt vehicle operations and compromise safety-critical functions. We systematically analyze the characteristics of the threat: dynamism, time-exciting impact, and low prior knowledge dependency. To validate its practicality, we replicate the attack on a real Advanced Driver Assistance System via Controller Area Network (CAN), exploiting Unified Diagnostic Service vulnerabilities and proposing four attack strategies. While CAN's integrity checks mitigate attacks, Ethernet migration (e.g., DoIP/SOME/IP) introduces new surfaces. We further investigate the feasibility of time-exciting threat under SOME/IP. To detect time-exciting threat, we introduce MDHP-Net, leveraging Multi-Dimentional Hawkes Process (MDHP) and temporal and message-wise feature extracting structures. Meanwhile, to estimate MDHP parameters, we developed the first GPU-optimized gradient descent solver for MDHP (MDHP-GDS). These modules significantly improves the detection rate under time-exciting attacks in multi-ECU IVN system. To address data scarcity, we release STEIA9, the first open-source dataset for time-exciting attacks, covering 9 Ethernet-based attack scenarios. Extensive experiments on STEIA9 (9 attack scenarios) show MDHP-Net outperforms 3 baselines, confirming attack feasibility and detection efficacy.