Modern automotive functions are controlled by a large number of small computers called electronic control units (ECUs). These functions span from safety-critical autonomous driving to comfort and infotainment. ECUs communicate with one another over multiple internal networks using different technologies. Some, such as Controller Area Network (CAN), are very simple and provide minimal or no security services. Machine learning techniques can be used to detect anomalous activities in such networks. However, it is necessary that these machine learning techniques are not prone to adversarial attacks. In this paper, we investigate adversarial sample vulnerabilities in four different machine learning-based intrusion detection systems for automotive networks. We show that adversarial samples negatively impact three of the four studied solutions. Furthermore, we analyze transferability of adversarial samples between different systems. We also investigate detection performance and the attack success rate after using adversarial samples in the training. After analyzing these results, we discuss whether current solutions are mature enough for a use in modern vehicles.

翻译：现代车辆功能由大量称为电子控制单元（ECU）的小型计算机控制。这些功能涵盖从安全关键的自动驾驶到舒适性与信息娱乐系统。ECU通过多种技术在内网中相互通信。其中一些网络，如控制器局域网（CAN），结构极为简单且仅提供最低限度甚至毫无安全服务。机器学习技术可用于检测此类网络中的异常活动，但需确保这些技术不易受到对抗性攻击。本文针对车载网络中四种基于机器学习的入侵检测系统，探究其对抗样本脆弱性。研究表明，对抗样本对四种方案中的三种产生负面影响。此外，我们分析了不同系统间对抗样本的可迁移性，并考察了在训练中使用对抗样本后的检测性能与攻击成功率。基于上述分析，我们探讨现有方案是否足够成熟以应用于现代车辆。