Abstract: Various embodiments are generally directed to techniques for providing improved privacy protection against vehicle tracking for connected vehicles of a vehicular network. For example, at least one road side unit may: identify a set of vehicles that require pseudonym changes and send an invitation for a pseudonym change event to each of the vehicles, determine at least a total number of the acceptances, determine whether the total number meets or exceeds a predetermined threshold number, send acknowledgement messages to the accepting vehicles if the threshold number is met, and form a vehicle group to coordinate the pseudonym change event during a privacy period. During the privacy period, the RSU and the vehicles may communicate with each other in a confidential and private manner via key-session-based unicast transmission, and coordinate transmission power and vehicle trajectory adjustments to maximize the benefits for safety and obfuscation for privacy.

Abstract: Various systems and methods for bus-off attack detection are described herein. An electronic device for bus-off attack detection and prevention includes bus-off prevention circuitry coupled to a protected node on a bus, the bus-off prevention circuitry to: detect a transmitted message from the protected node to the bus; detect a bit mismatch of the transmitted message on the bus; suspend further transmissions from the protected node while the bus is analyzed; determine whether the bit mismatch represents a bus fault or an active attack against the protected node; and signal the protected node indicating whether a fault has occurred.

Abstract: Various embodiments are generally directed to techniques for providing improved privacy protection against vehicle tracking for connected vehicles of a vehicular network. For example, at least one road side unit may: identify a set of vehicles that require pseudonym changes and send an invitation for a pseudonym change event to each of the vehicles, determine at least a total number of the acceptances, determine whether the total number meets or exceeds a predetermined threshold number, send acknowledgement messages to the accepting vehicles if the threshold number is met, and form a vehicle group to coordinate the pseudonym change event during a privacy period. During the privacy period, the RSU and the vehicles may communicate with each other in a confidential and private manner via key-session-based unicast transmission, and coordinate transmission power and vehicle trajectory adjustments to maximize the benefits for safety and obfuscation for privacy.

Abstract: Systems, apparatuses, and methods to mitigate effects of glitch attacks on a broadcast communication bus are provided. The voltage levels of the communication bus are repeatedly sampled to identify glitch attacks. The voltage level on the communication bus can be overdriven or overwritten to either corrupt received messages or correct received messages.

Abstract: Systems, apparatuses, and methods to establish ground truth for an intrusion detection system in the presence of an attacker electronic control unit transmitting masqueraded messages on a communication bus, such as an in-vehicle network bus, are provided.

Abstract: Systems, apparatuses and methods may provide for technology that detects one or more non-compliant nodes with respect to a timing schedule, detects one or more compliant nodes with respect to the timing schedule, and identifies a malicious node based on positions of the one or more non-compliant nodes and the one or more compliant nodes in a network topography. The non-compliant node(s) and the compliant node(s) may be detected based on post-synchronization messages, historical attribute data and/or plane diversity data.

Abstract: Various systems and methods for bus-off attack detection are described herein. An electronic device for bus-off attack detection and prevention includes bus-off prevention circuitry coupled to a protected node on a bus, the bus-off prevention circuitry to: detect a transmitted message from the protected node to the bus; detect a bit mismatch of the transmitted message on the bus; suspend further transmissions from the protected node while the bus is analyzed; determine whether the bit mismatch represents a bus fault or an active attack against the protected node; and signal the protected node indicating whether a fault has occurred.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for anomaly detection and recovery. An apparatus to isolate a first controller in an autonomous vehicle includes a first controller to control a reference signal of the autonomous vehicle via a communication bus, a second controller to control the reference signal of the autonomous vehicle when the first controller is compromised, and a message neutralizer to neutralize messages transmitted by the first controller when the first controller is compromised, the neutralized messages to cause the first controller to become isolated from the communication bus.

Abstract: Systems, apparatuses, and methods to response to distinguish a ghost target from an actual target based on radar signals is provided. In particular, the disclosure provides an intrusion detection system adapted to receive radar signals and distinguish a potential ghost target from a legitimate target based on a signal to noise ratio of the radar signals and a range to the ghost target and the legitimate target.

Abstract: Systems, apparatuses, and methods to response to detected attacks in an autonomous system based on context of the autonomous system are described. In particular, the disclosure provides an intrusion detection system receiving contexts and contracts dictating particular response guide rails from a higher level components or stack on the autonomous system. The intrusion detection system is arranged to respond to attacks according to the contract without intervention by the higher level components or stack.

Abstract: Systems, apparatuses, and methods to identify bus-off and masquerade attacks against ECUs transmitting on a communication bus from behind a gateway coupled to the communication bus. The disclosure further describes systems, apparatuses, and methods to mitigate against bus-off attacks made against an ECU coupled to a communication bus through a gateway.

Abstract: Systems, apparatuses, and methods to response to distinguish a ghost target from an actual target based on radar signals and ranges determined from the radar signals. In particular, the disclosure provides an intrusion detection system receiving ranges and velocities for targets detected based on radar signals, determining a potential ghost target from the received velocities and confirming the potential ghost target based on estimated ranges and perturbations of the vehicle speed.

Abstract: Systems, apparatuses, and methods to establish a mapping between message identifications for messages transmitted on a communication bus and electronic control units transmitting the messages is provided. In particular, retransmission of a low priority message onto the bus is forced such that the retransmitted low priority message overlaps with a higher priority message to determine whether the messages originated from the same ECU.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for anomaly detection and recovery. An apparatus to isolate a first controller in an autonomous vehicle includes a first controller to control a reference signal of the autonomous vehicle via a communication bus, a second controller to control the reference signal of the autonomous vehicle when the first controller is compromised, and a message neutralizer to neutralize messages transmitted by the first controller when the first controller is compromised, the neutralized messages to cause the first controller to become isolated from the communication bus.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform; a network interface to communicatively couple to a bus lacking native support for authentication; and an anomaly detection engine to operate on the hardware platform and configured to: receive a first data stream across a first time; symbolize and approximate the first data stream, including computing a first window sum; receive a second data stream across a second time substantially equal in length to the first time, the second data stream including data across the plurality of dimensions from the first data stream; symbolize and approximate the second data stream, including computing a second window sum; compute a difference between the first window sum and the second window sum; determine that difference exceeds a threshold and that the correlation across the plurality of dimensions is broken; and flag a potential anomaly.

Abstract: Systems and techniques for malicious request detection in automated resource dispatch are described herein. A request for a resource may be received from a user device. A location may be obtained for delivery of the resource. Sensor data may be retrieved for the location. The sensor data and user profile data may be evaluated to determine if the request is malicious. A disincentivizing message may be generated based on the determination that the request is malicious. In response to receipt of a response to the disincentivizing message, a resource may be dispatched to the location.

Abstract: A platform comprising numerous reconfigurable circuit components arranged to operate as primary and redundant circuits is provided. The platform further comprises security circuitry arranged to monitor the primary circuit for anomalies and reconfigurable circuit arranged to disconnect the primary circuit from a bus responsive to detection of an anomaly. Furthermore, the present disclosure provides for the quarantine, refurbishment and designation as redundant, the anomalous circuit.

Abstract: Systems, apparatuses, and methods to accelerate classification of malicious activity by an intrusion detection system are provided. An intrusion detection system can speculate on classification of labels in a random forest model based on temporary and incomplete set of features. Additionally, an intrusion detection system can classify malicious context based on a set of committed nodes in the random forest model.

Abstract: Systems, apparatuses, and methods to establish ground truth for an intrusion detection system using machine learning models to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. Voltage signatures for overlapping message identification (MID) numbers are collapsed and trained on a single ECU label.

Abstract: A data processing system that provides for active prevention of masquerading attacks comprises a microcontroller, a transceiver, and an active attack prevention module (AAPM) in communication with the microcontroller and the transceiver. The microcontroller enables the data processing system to operate as a node in a vehicle control system (VCS). The transceiver enables the node to communicate with a local area network (LAN) of the VCS. The AAPM enables the node to monitor the LAN for messages. In response to detecting a message on the LAN, the AAPM automatically determines whether the message falsely identifies the node as a source, based on a value in an identifier field in the message. In response to determining that the message falsely identifies the node as the source, the AAPM automatically takes at least one remedial action to neutralize the message. Other embodiments are described and claimed.