The internal system of modern cars is getting to resemble a special computerized net of systems, in which safety functions do not typically appear. It is only a question of time before someone realizes that the system is open to abuse if this has not happened yet.
In my opinion it is better safe than sorry that is the reason why I have chosen this topic to write about in my thesis. As far as I know only a few experts and reserchers have been dealing with the issue mentioned above. However, it raises a lot of questions and problems to solve.
To be able to prevent a possible tragedy we need to understand the attackers' motives and intentions and get to know their means as well. Therefore, the major part of my thesis is about how to generate IT attacks and how to detect them with different means and methods.
To reach our goals, a program (Log Corruptor) with data processing functions and simple manipulation capabilities has been implemented, which definitely helps to understand the collected log files and helps the data management. With the help of this tool we are able to define and generate our own cyber attacks. Beyond this, there is one more feature of this program: it can create relevant rules for detection.
Another program, named Merge Tool has been created too. It’s one and only task is to merge two log files. With the help of this tool we are able to create corrupted log files, for instance with the combination of one generated attack file (by Log Corruptor) and one untouched log file.
And last, but not least, the CAN Message Simulator makes from every CAN message (which are included in the corrupted log file) a valid IP packet and sends forward to the Suricata IDS. Thanks to the Suricata IDS, we are able to create custom rules to maximize the opportunity of detecting cyber attack codes.