Network Tomography-based Anomaly Detection and Localisation in Centralised In-Vehicle Network.

The new automotive Electrical/Electronic (E/E) architecture is shifting towards a new design of in-vehicle network that is based on a centralised, cross-domain architecture. Such architecture implies communication between different domains of the vehicle network. From security standpoint, such cross-traffic can easily be exploited by adversaries to gain access to different system domains, including the safety-critical ones, and perform attacks that may result in serious consequences. Accurate detection and localisation of these anomalies is important in such critical systems where false alarms cannot be tolerated. To this end, in this work, we propose an anomaly detection and localisation approach using network tomography-based monitoring solution. Compared to existing solutions, network tomography approaches require only limited number of probes and do not necessitate direct access to the vehicle's networking devices. In this work, we evaluate three types of network tomography (binary tomography, delay tomography, and deep learning-based tomography) to detect and locate anomalies in in-vehicle networks. The results show that binary tomography can accurately detect and locate Denial-of-Service (DoS) attacks in centralised in-vehicle networks.