Proactive Threat Detection for Connected Cars Using Recursive Bayesian Estimation

Upcoming disruptive technologies around autonomous driving of connected cars have not yet been matched with appropriate security by design principles and lack approaches to incorporate proactive preventative measures in the wake of increased cyber-threats against such systems. In this paper, we introduce proactive anomaly detection to a use-case of hijacked connected cars to improve cyber-resilience. First, we manifest the opportunity of behavioral profiling for connected cars from recent literature covering related underpinning technologies. Then, we design and utilize a new data set file for connected cars influenced by the automatic dependent surveillance-broadcast surveillance technology used in the aerospace industry to facilitate data collection and sharing. Finally, we simulate the analysis of travel routes in real time to predict anomalies using predictive modeling. Simulations show the applicability of a Bayesian estimation technique, namely, Kalman filter. With the analysis of future state predictions based on the previous behavior, cyber-threats can be addressed with a vastly increased time window for a reaction when encountering anomalies. We discuss that detecting real-time deviations for malicious intent with the predictive profiling and behavioral algorithms can be superior in effectiveness than the retrospective comparison of known-good/known-bad behavior. When quicker action can be taken while connected cars encounter cyber-attacks, more effective engagement or interception of command and control will be achieved.