Risk Based Security Monitoring Framework for CAN network

There is rapidly increasing advancement in Connectivity, Autonomous, Subscription and Electrification features in vehicles which are being developed. These trends have resulted in an increase in attack surface and security risks on vehicles. To handle these growing risks, it has become important to include passive security systems such as Intrusion detection systems (IDS) which can detect successful or possible attempts of intrusion into vehicle systems compromising their security. In vehicles based on Zonal Architecture, two types of IDS can be implemented, Network based IDS (NIDS) and Host Based IDS (HIDS). The NIDS is implemented in Gateway Electronic Control Unit (ECU) and can monitor multiple networks connected to Gateway, whereas the HIDS usually monitors one single host ECU. Extensive research material is available on NIDS for CAN Networks. For example, the CAN Network in a vehicle is monitored for various abnormal behaviours such as increased busload and invalid signal values. But most of the literature doesn't answer the question, how to ensure the monitoring achieved by NIDS is sufficient? In this paper we try to answer the question by deriving requirements for security monitoring of in-vehicle CAN network using a novel method to guarantee sufficiency in terms of having better coverage of intrusion scenarios. We employ a fusion of (i) Threat Analysis and Risk Assessment approach and (ii) Attack Tree Based approach for deriving security monitoring requirements for the CAN network. We show that security requirements derived by our approach have better coverage of intrusion scenarios, thus enhancing the efficiency in intrusion detection.