Blockchain integration for in-vehicle CAN bus intrusion detection systems with ISO/SAE 21434 compliant reporting

Abstract The development of Intrusion Detection Systems (IDS) for in-vehicle buses has gained a lot of momentum in recent years as the number of reported vulnerabilities and the degree of interconnectivity for modern vehicles are on the rise. Since intrusion detection is resource consuming, it can be performed on computationally capable Android head units that are now present inside vehicles. Moreover, these units are connected to the internet, which enables the use of more complex algorithms that run in cloud environments. In this work we develop one such approach: an IDS that consists of a locally installed copy, running on head units, and a centralized instance of it that runs in the cloud and monitors traffic for groups of similar vehicles. Additionally, the centralized instance is part of a cloud service for intrusion detection which is continuously updated with the most recent types of attacks. The classification results of the cloud-based service are further analyzed by an incident response team which confirms the presence of known attacks, analyzes new types of attacks and assesses their impact. The output of this activity is stored on the Blockchain as ISO/SAE 21434 compliant reports, ensuring the transparency and traceability of the reported incidents.