Vulnerability of Deep Learning Model based Anomaly Detection in Vehicle Network

Artificial Intelligence (AI) has been widely applied in Anomaly Detection System (ADS) in-vehicle networks. ADS should be able to detect abnormal behaviors and attacks at the gateway Electronic Control Unit(ECU). The detection is usually required with low latency to leave as much as possible time budget to apply proper protections once an anomaly is successfully detected. However, AI models are very vulnerable to the type of Blackbox attacks, which do not require prior knowledge of either the deep learning model internals or the model's training data for a hacker. In this paper, first, we propose a new optimized method to adopt Long Short Term Memory (LSTM) deep learning model for the ADS in-vehicle network, which leads to an efficient detection system. The optimization has been done based on the characteristics of the dataset from practical CAN in-vehicle network together with tuning existing parameters of the LSTM model. Second, we propose an efficient Blackbox attack to the adopted ADS using the LSTM model, which only requires a small test dataset to train a new victim model (input/output is compatible with the original model). Experimental results show that we only require around 50 man-hours to build a victim model that leads to the wrong interpretation compared to the original model without the Blackbox attack. It proves that the whole community should not only focus on developing efficient ADS, but also on how to protect it in future work(1).