Anomaly Detection for Automotive Diagnostic Applications based on N-grams

The increasing level of connectivity within vehicles and their environment such as backend or infrastructure increases the risk of potential vulnerabilities regarding information security. In order to minimize these risks, vehicle manufacturers are forced to implement appropriate countermeasures, which are increasingly embedded in approval regulations. As a reactive countermeasure, various approaches to Intrusion Detection Systems (IDSs) exist within the research area to detect attack attempts as early as possible. In this paper, we shift into a new research direction and present an approach for the detection of anomalies in automotive diagnostic applications by using a statistical language model. We analyze incoming diagnostic frames using two different n-gram models (sequence-based and byte-based) to determine whether sequences and the bytes embedded are contextually valid. Since there is currently no publicly available data set of diagnostic data, the detection rate is limited to learned diagnostic uses cases from our own data recordings. Since it is very challenging to generate such a large amount of data, a further enhancement of the approach based on unsupervised learning by using a dynamic anomaly threshold would be promising.