Control System Level Intrusion Detection on J1939 Heavy-Duty Vehicle Buses

As the security vulnerabilities of Controller Area Networks (CAN) become well known, heavy-duty vehicles implementing the SAE J1939 specification layer on this bus are immediate targets. Recently released standards provide clear cybersecurity requirements, but the exact methods to be implemented are not specified and remain up to the manufacturers. In this work we address adversary actions and countermeasures at the control system level for a heavy-duty vehicle J1939 CAN bus. This low level approach allows us to complement regular attacks with more knowledgeable attacks that may evade detection and discuss realistic countermeasures. Indeed, as we also show by experiments, traditional approaches based on machine learning algorithms will largely fail to detect such attacks. We present experiments based on a model that links between the Simulink environment, an extension of the MATLAB platform for the simulation of in-vehicle control systems, with the CANoe environment, which facilitates the simulation of in-vehicle networks.