Scalable service-Oriented Middleware over IP (SOME/IP) is an Ethernet communication standard protocol in the Automotive Open System Architecture (AUTOSAR), promoting ECU-to-ECU communication over the IP stack. However, SOME/IP lacks a robust security architecture, making it susceptible to potential attacks. Besides, random hardware failure of ECU will disrupt SOME/IP communication. In this paper, we propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security. Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication, including Distributed Denial-of-Services, Man-in-the-Middle, and abnormal communication processes, assuming a malicious user accesses the in-vehicle network. Subsequently, SISSA designs a series of deep learning models with various backbones to extract features from SOME/IP sessions among ECUs. We adopt residual self-attention to accelerate the model's convergence and enhance detection accuracy, determining whether an ECU is under attack, facing functional failure, or operating normally. Additionally, we have created and annotated a dataset encompassing various classes, including indicators of attack, functionality, and normalcy. This contribution is noteworthy due to the scarcity of publicly accessible datasets with such characteristics.Extensive experimental results show the effectiveness and efficiency of SISSA.

翻译：可扩展的面向服务的IP中间件（SOME/IP）是汽车开放系统架构（AUTOSAR）中的以太网通信标准协议，推动了基于IP协议栈的ECU间通信。然而，SOME/IP缺乏健壮的安全架构，易受潜在攻击。此外，ECU的随机硬件故障会中断SOME/IP通信。本文提出SISSA，一种基于SOME/IP通信流量的车内功能安全与网络安全建模分析方法。具体而言，SISSA使用威布尔分布对硬件故障进行建模，并针对SOME/IP通信中的五种潜在攻击（包括分布式拒绝服务、中间人攻击及异常通信过程）进行应对，假设恶意用户已接入车内网络。随后，SISSA设计了一系列具有不同骨干网络的深度学习模型，用于提取ECU间SOME/IP会话特征。我们采用残差自注意力机制加速模型收敛并提升检测精度，以判定ECU是处于受攻击状态、功能故障状态还是正常运行状态。此外，我们创建并标注了一个涵盖攻击、功能及正常三类指标的数据集。由于具有此类特征的公开数据集稀缺，本项贡献具有重要价值。大量实验结果表明了SISSA的有效性和高效性。