Anomaly detection for SOME/IP using complex event processing

Nadine Herold, Stephan A. Posselt, Oliver Hanka, Georg Carle

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

14 Zitate (Scopus)

Abstract

Recent developments favor the adoption of IP-based protocols in automotive and aerospace domains. The increased connectivity between components helps to cut costs and enables better re-use of standardized components. However, increased connectivity also increases the attack surface of the overall system and necessitates dedicated security solutions. This paper presents an anomaly detection system for SOME/IP, a standardized automotive middleware protocol. Within the system, Esper, a complex event processing engine, applies a domain-specific rule set to a stream of SOME/IP packets. Possible attacks and protocol violations on the SOME/IP protocol are identified, suitable rules for detection are presented, and finally, the performance of the system is evaluated.

OriginalspracheEnglisch
TitelProceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium
Redakteure/-innenSema Oktug Badonnel, Mehmet Ulema, Cicek Cavdar, Lisandro Zambenedetti Granville, Carlos Raniery P. dos Santos
Herausgeber (Verlag)Institute of Electrical and Electronics Engineers Inc.
Seiten1221-1226
Seitenumfang6
ISBN (elektronisch)9781509002238
DOIs
PublikationsstatusVeröffentlicht - 30 Juni 2016
Veranstaltung2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016 - Istanbul, Türkei
Dauer: 25 Apr. 201629 Apr. 2016

Publikationsreihe

NameProceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium

Konferenz

Konferenz2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016
Land/GebietTürkei
OrtIstanbul
Zeitraum25/04/1629/04/16

Fingerprint

Untersuchen Sie die Forschungsthemen von „Anomaly detection for SOME/IP using complex event processing“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren