Connected cars are susceptible to cyberattacks. Security and safety of future vehicles highly depend on a holistic protection of automotive components, of which the time-sensitive backbone network takes a significant role. These onboard Time-Sensitive Networks (TSNs) require monitoring for safety and -- as versatile platforms to host Network Anomaly Detection Systems (NADSs) -- for security. Still a thorough evaluation of anomaly detection methods in the context of hard real-time operations, automotive protocol stacks, and domain specific attack vectors is missing along with appropriate input datasets. In this paper, we present an assessment framework that allows for reproducible, comparable, and rapid evaluation of detection algorithms. It is based on a simulation toolchain, which contributes configurable topologies, traffic streams, anomalies, attacks, and detectors. We demonstrate the assessment of NADSs in a comprehensive in-vehicular network with its communication flows, on which we model traffic anomalies. We evaluate exemplary detection mechanisms and reveal how the detection performance is influenced by different combinations of TSN traffic flows and anomaly types. Our approach translates to other real-time Ethernet domains, such as industrial facilities, airplanes, and UAVs.

翻译：联网汽车易受网络攻击。未来车辆的安全性和可靠性高度依赖于汽车部件的整体防护，其中时间敏感骨干网络发挥着关键作用。此类车载时间敏感网络（TSN）需要从安全性角度进行监测——同时，作为托管网络异常检测系统（NADS）的多功能平台，还需满足安全需求。然而，在硬实时操作、汽车协议栈及领域特定攻击向量背景下，对异常检测方法进行彻底评估的相关研究仍属空白，且缺乏合适的输入数据集。本文提出一种评估框架，可实现对检测算法的可复现、可比较及快速评估。该框架基于仿真工具链，支持可配置拓扑结构、流量流、异常情况、攻击模式及检测器。我们通过对车内通信网络及其流量流进行建模，在全面车载网络中开展NADS评估，并模拟流量异常。通过实例化检测机制，揭示了TSN流量流与异常类型的不同组合对检测性能的影响。我们的方法还可推广至其他实时以太网领域，如工业设施、飞机及无人机等。