In-Vehicle Network Inspector Utilizing Diagnostic Communications and Web Scraping for Estimating ECU Functions and CAN Topology

Masaru Matsubayashi; Takuma Koyama; Masashi Tanaka

doi:10.1109/ACCESS.2024.3351175

IEEE Access (Jan 2024)

In-Vehicle Network Inspector Utilizing Diagnostic Communications and Web Scraping for Estimating ECU Functions and CAN Topology

Masaru Matsubayashi,
Takuma Koyama,
Masashi Tanaka

Affiliations

Masaru Matsubayashi: ORCiD; NTT Security Holdings Corporation, Chiyoda-ku, Tokyo, Japan
Takuma Koyama: ORCiD; NTT Security Holdings Corporation, Chiyoda-ku, Tokyo, Japan
Masashi Tanaka: NTT Security Holdings Corporation, Chiyoda-ku, Tokyo, Japan

DOI: https://doi.org/10.1109/ACCESS.2024.3351175
Journal volume & issue: Vol. 12
pp. 6239 – 6250

Abstract

Read online

As modern vehicles connect with external networks such as the internet, a lot of research reveals various ways to hack vehicles. Given this background, the UN-R155 regulation requires automakers to conduct incident responses. To make incident response processes accurate and efficient, VSOCs (Vehicle Security Operation Centers) are beneficial. Thus, we anticipate that automakers will adopt VSOCs in their incident response processes. In VSOC analysis, knowledge of ECU (Electronic Control Unit) functions and the in-vehicle network topology in a vehicle plays an important role in exploring impacted areas and determining appropriate measures. However, it is sometimes hard for automakers to provice VSOCs with knowledge because the knowledge is confidential. Even if automakers can provide the knowledge, if automakers keep the design information and the specifications on documents, it is time-consuming and labor-intensive to encode them into a format that is suitable for VSOC analysis. There are many conventional methods to estimate device functions and a network topology in the IT (information technology) domain, which can help SOCs to obtain knowledge. However, they cannot be applied to CAN (Controller Area Network), which is one of the key networks for vehicles, because ECUs and CAN do not support IT domain protocols. There are also conventional CAN analysis tools. However, to apply these tools to modern vehicles, it is necessary to disassemble the vehicles and directly tap into CAN buses. This disassembly process is both time-consuming and labor-intensive. To overcome these problems, we propose a new vehicular-domain-specific method for estimating ECU functions and a CAN topology in a vehicle without the need for vehicle disassembly. Our proposed method utilizes scanning techniques on the basis of vehicular domain protocols, web scraping, and an NLP (natural language processing) technique. Through our evaluation using two actual vehicles, we demonstrate that our proposed method estimates ECU functions and a CAN topology with 75.9% and 86.2% accuracy, respectively.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords