特斯拉（Tesla）成功地向大眾證明了電動車的可行性，促使國際各大車廠紛紛加大對電動車和新能源車的研發投入。同時車聯網的普及，汽車產業興起新一代電氣電子架構(Electronical/Electric Architecture, EEA)與軟體定義汽車（Software Defined Vehicle, SDV）革命。
透過無線更新(Over the air, OTA)進行軟體升級，創造獨特的車輛駕駛體驗和功能服務，為駕駛者提供更靈活得服務及智慧化功能，提高車輛功能性和便利性的同時，也增加了車輛系統暴露風險。ECU若經由安全機制未完善的OTA進行更新，將具有惡意指令的韌體更新至ECU。或是車輛主機安裝第三方開源軟體，未經安全認證的軟體包含惡意指令，於車輛行駛其間經由遠端啟動惡意攻擊，嚴重威脅車輛系統與駕駛者安全。
車輛網路採用區域控制網路(Controller Area Network, CAN)為基礎，為車輛內最常使用的通訊介面，舉凡控制指令、車用診斷與Bootloader等。車上多組ECU負責車身控制、車輛轉向、車燈模組控制、切換駕駛模式與各種狀態反饋，這些功能由CAN負責傳遞命令及狀態。訊息被假冒或傳遞過程遭竄改，接收假資訊的ECU會根據內容做出對應決策及行為，如功能的關閉及誤警報等，直接影響車輛駕駛安全及用路人的危害。
本研究提出一種輕量型入侵檢測系統(Intrusion Detection System, IDS)適用於車輛電子控制單元，能即時性偵測CANBUS的訊息，防止網路潛在攻擊。結合遞迴最小平方法與本研究提出的快速型導數動態時間規整(Fast & Derivative Dynamic Time Warping, FD-DTW)。此方法可偵測CAN網路攻擊事件並辨識攻擊來源，避免持續接收惡意指令。
該入侵偵測系統核心運算需求低，消耗極少的運算資源，使ECU能正常執行其應用功能。同時，它具備偵測網路攻擊與識別惡意攻擊者的能力。這可以防止車輛內部ECU韌體遭到惡意竄改後引發的攻擊，並避免通過車輛網路傳遞錯誤或惡意指令，從而危害車輛行駛安全。
實驗結果證明，本研究在搭配 ARM Cortex-M0+ 48MHz微處理器的ECU上實現入侵偵測系統。於模擬車輛網路與實際車輛網路進行驗證，偵測三種惡意攻擊具有97%的偵測準確率。攻擊類型為偽裝攻擊(Masquerade attack)時，通過累積時鐘偏差(O_acc)辨識攻擊來源，本研究提出的快速型導數動態時間規整(FD-DTW)具有98%辨識準確率。同時，比對兩組CAN ID時間序列相似程度僅需0.166毫秒，快速找出正確的攻擊者進行後續處置。

Tesla has successfully demonstrated the feasibility of electric vehicles to the public, prompting international Original Equipment Manufacturer (OEM) to invest heavily in the research and development of electric and new energy vehicles. At the same time, the popularity of the Internet of Vehicles has led to the rise of a new generation of Electrical/Electronic Architecture (EEA) and the revolution of Software Defined Vehicles (SDV) in the automotive industry.
Upgrading software via Over-the-Air (OTA) updates creates a unique driving experience and service functions, providing drivers with more flexible services and intelligent features. While improving vehicle functionality and convenience, it also increases the exposure risk of vehicle systems. If the ECU is updated through an OTA mechanism without proper security measures, malicious firmware with harmful commands can be updated to the ECU. Additionally, if the vehicle's IVI system installs third-party open-source software without security certification, it may contain malicious commands that could be remotely triggered during vehicle driving, severely threatening the vehicle system and driver safety.
The vehicle network is based on the Controller Area Network (CAN), which is the most used communication interface within vehicles, including control commands, vehicle diagnostics, and Bootloader. Multiple Electronic Control Units (ECUs) in the vehicle are responsible for body control, vehicle steering, lighting module control, switching driving mode, and various status feedback. These functions are carried out by transmitting commands and statuses via CAN. The messages transmitted by CAN are called Application Messages. If a message is spoofed or altered during transmission, the ECU receiving the false information may make decisions and take actions based on the content, such as shutting down functions or triggering false alarms. This can directly impact driving safety and pose a danger to road users.
This study proposes a lightweight Intrusion Detection System (IDS) suitable for vehicle ECU, capable of real-time detection of CANBUS messages to prevent potential cyber-attacks. It combines the Recursive Least Squares (RLS) method with the Fast & Derivative Dynamic Time Warping (FD-DTW) method proposed in this study. This method can detect CAN network attack events and identify the attack source, preventing the continuous reception of malicious commands.
The intrusion detection system requires minimal core computing power and consumes very few computational resources, allowing the ECU to perform its application functions normally. Additionally, it can detect network attacks and identifying malicious attackers. This can prevent attacks triggered by malicious alterations to the vehicle’s internal ECU firmware and avoid the transmission of erroneous or malicious commands through the vehicle network, thereby ensuring driving safety.
The experimental results show that this study implements an intrusion detection system on an ECU with an ARM Cortex-M0+ 48MHz microcontroller. The system was validated on both simulated and real vehicle networks, achieving a 97% detection accuracy for three types of malicious attacks. For masquerade attacks, the source of the attack was identified using cumulative clock offset, with the proposed FD-DTW method achieving a 98% identification accuracy. Additionally, comparing the similarity of two sets of CAN ID time series took only 0.166 milliseconds, quickly identifying the correct attacker for subsequent blocking and handling.

[1] VicOne 2023年汽車網路威脅情勢報告，[Online]. Available: https://vicone.com/zh/reports/automotive-cybersecurity-report-2023
[2] 現代BlueLink系統被曝存安全漏洞，車輛可被遠程控制，[Online]. Available: https://kknews.cc/car/39g2gr3.html
[3] Lexus部份車款系統漏洞可能讓駭客注入惡意指令, 2020，[Online]. Available: https://www.ithome.com.tw/news/136699
[4] Lennert Wouters, Benedikt Gierlichs, and Bart Preneel. (Aug. 11, 2021). Ruhr-Universität Bochum. “My other car is your car: compromising the Tesla Model X keyless entry system.” Accessed on Nov. 14, 2022，[Online]. Available: https://tches.iacr.org/index.php/TCHES/ article/view/9063
[5] 19 歲駭客意外發現特斯拉漏洞，可遠距操控全球 25 輛特斯拉，[Online]. Available: https://www.bnext.com.tw/article/67313/german-teen-hijack-tesla?
[6] Kia網站漏洞可讓攻擊者駭入並控制車子，2013年以後車款受影響，[Online]. Available: https://www.ithome.com.tw/news/165243
[7] Elektrobit, “Cybersecurity Strategies for Future-Proofing Software-Defined Vehicles,” Oct. 2024.
[8] ISO. (2021). ISO. “ISO/SAE 21434:2021 Road vehicles Cybersecurity engineering.” Accessed on Nov. 17, 2023，[Online]. Available: https://www.iso.org/standard/70918.html.
[9] M. Bozdal, M. Samie, S. Aslam, and I. Jennions, “Evaluation of CAN Bus Security Challenges,”Sensors (Basel), 20 (8), 2364, Apr. 2020，[Online]. Available: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7219335/
[10] H. J. Jo and W. Choi, “A Survey of Attacks on Controller Area Networks and Corresponding Countermeasures,” IEEE Transaction on Intelligent Transportation Systems, vol. 23, no. 7, pp. 6123-6141, July 2022.
[11] M. Tian, R. Jiang, C. Xing, H. Qu, Q. Lu and X. Zhou, “Exploiting Temperature-Varied ECU Fingerprints for Source Identification in In-vehicle Network Intrusion Detection,” in Proc. of 2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC), 2019.
[12] H. Wei, Q. Ai, Y. Zhai, and Y. Zhang, “Automotive Security: Threat Forewarning and ECU Source Mapping Derived from Physical Features of Network Signals,” IEEE Transaction on Intelligent Transportation Systems, vol. 25, no. 3, pp. 2479 – 2491, Mar. 2024.
[13] W. Choi, K. Joo, H. J. Jo, M. C. Park, and D. H. Lee, “VoltageIDS: Low-level Communication Characteristics for Automotive Intrusion Detection System,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 8, pp. 2114–2129, Aug. 2018.
[14] Z. Deng, J. Liu, Y. Xun, and J. Qin, “IdentifierIDS: A Practical Voltage-Based Intrusion Detection System for Real In-Vehicle Networks,” IEEE Transactions on Information Forensics and Security, vol. 19, pp. 661-676, Oct. 2023.
[15] Y. Xun, Z. Deng, J. Liu, and Y. Zhao, “Side Channel Analysis: A Novel Intrusion Detection System Based on Vehicle Voltage Signals,” IEEE Transactions on Vehicular Technology, vol. 72, no. 6, June 2023.
[16] K. T. Cho and K. G. Shin, “Fingerprinting Electronic Control Units for Vehicle Intrusion Detection,” in Proc. 25th USENIX Security. Symp. (USENIX Security.), pp. 911–927. 2016.
[17] Y. Zhao, Y. Xun, and J. Liu, “ClockIDS: A Real-Time Vehicle Intrusion Detection System based on Clock Skew,” Journal of IEEE Internet Things, vol. 9, no. 17, pp. 15593–15606, Sep. 2022.
[18] H. Wei, Q. Ai, W. Zhao, and Y. Zhang, “Real-Time Security Warning and ECU Identification for In-Vehicle Networks,” IEEE Sensors Journal, vol. 23, no.17, pp. 20258-20266, Sep. 2023.
[19] J. Zhou, G. Xie, S. Yu, and R. Li, “Clock-Based Sender Identification and Attack Detection for Automotive CAN Network.” IEEE Access, vol. 9, pp. 2665 - 2679, Jan. 2021.
[20] CAN Bus Errors Explained - A Simple Intro，[Online]. Available: https://www.csselectronics.com/pages/can-bus-errors-intro-tutorial
[21] T. Rakthanmanon, B. Campana, A. Mueen, G. Batista, B. Westover, Q. Zhu, J. Zakaria, and E. Keogh, “Searching and Mining Trillions of Time Series Subsequences under Dynamic Time Warping,” in Proc. 18th ACM SIGKDD Int. Conf. Knowl. Discov. Data Min., pp. 262–270. 2012.
[22] S. Salvador and P. Chan, “FastDTW: Toward Accurate Dynamic Time Warping in Linear Time and Space,” KDD Workshop on Mining Temporal and Sequential Data, pp. 70-80, 2004.
[23] E. J. Keogh and M. J. Pazzani, “Derivative Dynamic Time Warping,” in Proc. of the 2001 SIAM International Conference on Data Mining, pp. 1-11, Apr. 2001.
[24] VECTOR, VN1600 - Network Interfaces with USB and Ethernet for CAN / CAN FD / CAN XL, LIN, K-Line, J1708 and IO，[Online]. Available: https://www.vector.com/in/en/products/products-a-z/hardware/network-interfaces/vn16xx/