Increasing complexity and connectivity of modern vehicles have heightened their vulnerability to cyberattacks. This paper addresses security challenges associated with the Unified Diagnostic Services (UDS) protocol, a critical communication framework for vehicle diagnostics in the automotive industry. We present security monitoring strategies for the UDS protocol that leverage in-vehicle logging and remote analysis through a Vehicle Security Operations Center (VSOC). Our approach involves specifying security event logging requirements, contextual data collection, and the development of detection strategies aimed at identifying UDS attack scenarios. By applying these strategies to a comprehensive taxonomy of UDS attack techniques, we demonstrate that our detection methods cover a wide range of potential attack vectors. Furthermore, we assess the adequacy of current AUTOSAR standardized security events in supporting UDS attack detection, identifying gaps in the current standard. This work enhances the understanding of vehicle security monitoring and provides an example for developing robust cybersecurity measures in automotive communication protocols.

翻译：现代车辆日益增长的复杂性和互联性加剧了其遭受网络攻击的脆弱性。本文针对统一诊断服务（UDS）协议相关的安全挑战展开研究，该协议是汽车行业车辆诊断的关键通信框架。我们提出了利用车载日志记录和通过车辆安全运营中心（VSOC）进行远程分析的UDS协议安全监控策略。我们的方法包括明确安全事件日志记录要求、上下文数据收集，以及开发旨在识别UDS攻击场景的检测策略。通过将这些策略应用于UDS攻击技术的全面分类体系，我们证明了检测方法能够覆盖广泛的潜在攻击向量。此外，我们评估了当前AUTOSAR标准化安全事件在支持UDS攻击检测方面的充分性，指出了现有标准中的不足。这项工作深化了对车辆安全监控的理解，并为开发汽车通信协议中稳健的网络安全措施提供了范例。