In the automotive industry, embedding IT systems and solutions in cars, motorcycles, boats, and other vehicles has been a fast-growing trend in the past few decades. An increasing number of - often safety-critical - functions (ignition, ABS, steering, airbag, etc.) are controlled through the vehicle's internal communications network by the connected embedded computers. However, the attack surface has also been increasing due to the improved infotainment systems and new access methods, such as Bluetooth, WiFi, or USB. An additional problem is that securing these networks against attacks is typically a secondary concern, because, traditionally, emphasis is on reliability and cost-effectiveness.
In this thesis, I take a look at the most popular protocol implementation in in-vehicle networks, the CAN (Controller Area Network) bus protocol, with regard to vulnerability against attacks, and attack/intrusion detection. I build the most probable attacker model by mapping the characteristics of the CAN bus and analysing existing studies and related literature. I investigate existing methods and develop new algorithms in Python language. I test the solutions on real CAN traffic recorded from multiple cars, with injecting synthetic attacks afterwards. I briefly discuss intrusion detection in CAN data compressed in a lossless format. Finally, I analyse the complexity and performance of the algorithms in order to determine whether they could be embedded and run in an in-vehicle environment.