Defending against attacks on vehicle networks

As the Defense Department steps up research into automated and autonomous vehicles, Army researchers are developing a way to enhance their internal security without undermining performance.

Currently, in-vehicle networking protocols are bandwidth-constrained, difficult to scale and lack common security requirements. That makes it difficult to deliver enough bandwidth and compute power to vehicle components for reliable defense.

In collaboration with an international team of experts, researchers from the Army Research Laboratory (ARL) devised a technique to optimize a recognized cybersecurity strategy known as the moving target defense, which systematically changes multiple system dimensions to increase uncertainty and create complexity for attackers.

DESOLATOR -- which stands for deep reinforcement learning-based resource allocation and moving target defense deployment framework – uses machine learning to help the in-vehicle network identify the best way to shuffle the frequency and bandwidth allocation of IP addresses to deliver effective, long-term moving target defense.

“The idea is that it’s hard to hit a moving target,” Army mathematician Terrence Moore said. “If everything is static, the adversary can take their time looking at everything and choosing their targets. But if you shuffle the IP addresses fast enough, then the information assigned to the IP quickly becomes lost, and the adversary has to look for it again.”

DESOLATOR not only defends vehicle networks, but it also does so without generating additional overhead that could slow or degrade performance. Its value add is the use of “fewer resources to protect mission systems and connected devices in vehicles while maintaining the same quality of service,” Army computer scientist and program lead Frederica Free-Nelson said.

To ensure that DESOLATOR took both security and efficiency into equal consideration, the research team used deep reinforcement learning to shape the behavior of the algorithm so it would learn to limit exposure time and the number of dropped packets, for example. As a result, DESOLATOR identifies the optimal amount of network resources that should be allocated each network slice to minimizing packet loss as well as the ideal triggering interval for shuffling IP addresses to limit vulnerability. 

“Existing legacy in-vehicle networks are very efficient, but they weren’t really designed with security in mind,” Moore said. “Nowadays, there’s a lot of research out there that looks solely at either enhancing performance or enhancing security. Looking at both performance and security is in itself a little rare, especially for in-vehicle networks.”

Because DESOLATOR is a machine learning-based framework -- not limited to identifying the optimal IP shuffling frequency and bandwidth allocation -- other researchers can use it to pursue different goals within the problem space, ARL officials said.

“This ability to retool the technology is very valuable not only for extending the research but also marrying the capability to other cyber capabilities for optimal cybersecurity protection,” Nelson said.

This article first appeared on GCN, a partner site to Defense Systems.