"Intrusion Detection Systems (IDSs) in Vehicle Controller Area Networks (CANs) via Hardware Performance Counter", Master thesis as part of a double degree with the INSA of Lyon, INSA tutor: Mathieu CUNCHE

In the domain of automotive embedded systems, the Controller Area Network (CAN) protocol stands as a crucial communication mechanism. Originally designed in the 1980s, its architecture is robust but exhibits important vulnerabilities in the face of the complexity and the advent of autonomous vehicles, broadening the potential for cyber-attacks. Addressing the inherent security deficiencies has become imperative. Particularly, its lack of native attack mitigation features. Traditional security improvements, such as payload encryption and message authentication, offer partial solutions. However, this thesis experiments with a novel approach: implementing an Intrusion Detection System (IDS) specifically adapted for the CAN environment. Hardware Performance Counters (HPCs) inherently monitor and signal hardware event occurrences. Our proposed IDS has as its purpose to detect anomalous activities indicative of potential cyber threats on the CAN bus. This research is grounded in the simulation of a CAN receiver on a RISC-V architecture using the Gem5 simulator. It focuses on the processing of CAN frame payloads through standard operations known to trigger HPC responses, like convolution operations and AES-128 encryption and decryption. The methodology relates to the extraction of HPC data post-simulation, followed by a rigorous selection process to identify pertinent counters. Aiming to refine the dataset for enhanced classifier efficiency, initial transformations standardize the HPC data, succeeded by correlation analysis to reduce the feature set. Subsequently, the study evaluates various classification algorithms and their parameters, ranging from binary to multiclass, to find the most effective to distinguish benign and malicious activities. This thesis contributes a novel perspective on CAN protocol security, advocating for a dynamic IDS framework that exploits the predictive capacity of HPCs within a vehicular context. Finding alternatives to traditional security measures helps to develop a more resilient automotive communication infrastructure against evolving cyber threats.