eUF: A framework for detecting over-the-air malicious updates in autonomous vehicles

Software updates are highly significant in autonomous vehicles. These updates are utilized to provide enhanced features and updated security mechanisms. In order to ensure scalability and smooth roll-out Over-the-air (OTA) mechanism is a preferred option to propagate a software update. However, this approach is vulnerable to security attacks because of existence of wireless communication channel between the vehicle and the manufacturer. In that, an attacker can replace the legitimate software with a malicious software with an intent to get control over the vehicle. In this work, we are motivated to address this problem. We develop an enhanced uptane framework for detection of malicious OTA software updates in autonomous vehicles. For enhancing security, we incorporate convolutional neural network (CNN) in the uptane framework. The proposed framework is able to distinguish between malicious and benign software executables with high accuracy. For training and testing, we create two datasets by collecting executables of Windows and Linux operating system. We encourage the use of transfer learning by exploiting the developed CNN models in order to detect malicious executable designed for autonomous vehicles. We also benchmark the CNN models against state-of-the art models. Our work is highly beneficial for the community in providing a secure mechanism for software updates.