The cybersecurity of connected cars, integral to the broader Internet of Things (IoT) landscape, has become of paramount concern. Cyber-attacks, including hijacking and spoofing, pose significant threats to these technological advancements, potentially leading to unauthorized control over vehicular networks or creating deceptive identities. Given the difficulty of deploying comprehensive defensive logic across all vehicles, this paper presents a novel approach for identifying potential attacks through Radio Access Network (RAN) event monitoring. The major contribution of this paper is a location anomaly detection module that identifies aberrant devices that appear in multiple locations simultaneously - a potential indicator of a hijacking attack. We demonstrate how RAN-event based location anomaly detection is effective in combating malicious activity targeting connected cars. Using RAN data generated by tens of millions of connected cars, we developed a fast and efficient method for identifying potential malicious or rogue devices. The implications of this research are far-reaching. By increasing the security of connected cars, we can enhance the safety of users, provide robust defenses for the automotive industry, and improve overall cybersecurity practices for IoT devices.

翻译：车联网作为更广泛物联网生态的重要组成部分，其网络安全已成为至关重要的议题。劫持和欺骗等网络攻击对这些技术进步构成重大威胁，可能导致对车辆网络的未授权控制或创建虚假身份。鉴于在所有车辆上部署全面防御逻辑存在困难，本文提出了一种通过无线接入网络事件监测识别潜在攻击的新方法。本研究的主要贡献在于开发了一个位置异常检测模块，该模块能够识别同时在多个位置出现的异常设备——这是劫持攻击的潜在指标。我们论证了基于RAN事件的位置异常检测在应对针对联网汽车的恶意活动方面的有效性。利用数千万辆联网汽车生成的RAN数据，我们开发了一种快速高效的方法来识别潜在的恶意或非法设备。本研究的意义深远：通过提升联网汽车的安全性，我们能够增强用户安全，为汽车行业提供强有力的防御保障，并改善物联网设备的整体网络安全实践。