Cover image
6 minute read

How Machine Learning Can Enhance Cybersecurity for Autonomous Cars

Security is a critical concern for self-driving cars. Learn how machine learning can be deployed to protect autonomous cars from cyberattacks and malware.

Autonomous vehicles employ a combination of high-tech sensors and innovative algorithms to detect and respond to their surroundings, including radar, laser light/LIDAR, GPS, odometry, drive-by-wire control systems, and computer vision. In other words, at its core, a self-driving car is a blend of networked components, some existing within the car and others existing outside of it. These complex systems give self-driving cars the data and intellect to make autonomous decisions―but they also create attack vectors for hackers trying to exploit this emerging technology.

It is no understatement to suggest that vehicular cybersecurity is a crucial ingredient in ensuring successful consumer penetration of self-driving cars. A recent AAA survey of U.S. drivers indicated that 75% would feel “afraid” of riding in a self-driving car, largely due to concerns about safety. In a 2016 speech, GM CEO Mary Barra acknowledged that “a cyber incident is a problem for every automaker in the world…it is a matter of public safety.” Even non-autonomous vehicles are comprised of up to 100 million lines of code, spread over a hundred-odd electrical components that communicate via an internal network.

In this article, we present a broad overview of how automakers can employ a new class of algorithmic techniques to secure self-driving cars: machine learning. These systems have already started to play a role in cybersecurity, and algorithms have been developed in order to detect network anomalies, including Intrusion Detection Systems (IDS), malware protection, and behavior analysis. Machine learning systems play a foundational role in making autonomous driving a reality―but they also have a role to play in protecting cars and their drivers.

Why Self-Driving Cars Are Vulnerable

In order to deliver on their potential, autonomous cars rely on a comprehensive sensor suite designed to guarantee environmental/situational awareness. Of course, the brains behind the operation are computers.

Just a decade ago, the automotive industry employed underpowered processors that could handle basic functions using an industry standard bus. But today’s vehicles ship with vastly more powerful System-on-Chip (SoC) designs that are capable of doing much more. Autonomous cars go a step further, as they require enough processing power to make crucial decisions based on sensory input.

But added complexity comes at the cost of increased vulnerability. Two years ago, security researchers Charlie Miller and Chris Valasek demonstrated how a Jeep Cherokee can be hacked remotely via its internet connection. The duo was able to paralyze the car on a highway, remotely. In a series of experiments, they showed that a hacker with either a wired or over-the-internet access to a vehicle—including popular models like the Toyota Prius, Ford Escape, and Jeep Cherokee—could disable or activate a targeted vehicle’s brakes, turn the steering wheel or, in some cases, cause acceleration.

The attacks by Miller and Valasek relied on exploiting the rudimentary automated features of affected vehicles. For example, they used Toyota’s collision avoidance system to apply brakes on the Prius, the Jeep’s cruise control to accelerate, and the Jeep’s automated parking system to turn the steering wheel by tricking the car into thinking that it was parking itself, even though it was doing 80 miles per hour during the test.

In other words, these hacks were limited in scope to a few functions controlled by the on-board computers on standard cars. In theory, with an autonomous car, it would be possible to hack every aspect of the car’s functionality, because all control systems are administered by a computer.

Potential Attack Vectors

How would hackers target autonomous vehicles? Malicious commands could arise from a number of different sources. Accessories are a major source of risk: the ODB-II port, a fixture in all modern vehicles, was used by security researchers from the University of California at San Diego to plug in an internet-connected gadget, which allowed a remote attacker an entry point to the vehicle’s most sensitive systems.

That risk is growing larger today. While ODB-II ports are accessed infrequently by consumers, modern vehicles increasingly ship with USB ports and technologies like Bluetooth, which are intended to make it easy for cars to communicate with accessories. This increases the risk that malware could unintentionally be introduced to the vehicle.

Self-driving cars could also be hacked from external vectors. V2V communication (vehicle-to-vehicle) is an evolving paradigm that automakers are starting to introduce in today’s vehicles, allowing each car to communicate with others on the road to share data on traffic flow, accidents ahead, or poor weather. These communication channels are an invaluable source of data to the guidance and control systems of autonomous vehicles, but would make them far more susceptible to being attacked or tracked.

How Machine Learning Can Protect Self-Driving Cars

As with all applications of machine learning, the first step to deploying artificial intelligence to combat security risks in autonomous vehicles is collecting and storing the right data. If a car’s internal network is monitored using a platform capable of storing and analyzing logs, the vehicle itself can detect malicious activity and prevent attacks―or at the very least, alert drivers and mitigate their impact.

One example of an effective platform capable of storing and analyzing logs is Elasticsearch, which is widely used in security. The chart below illustrates how a car’s user logs could flow into an Elasticsearch database, which would enable algorithmic detection of potential exploits.

Once an autonomous vehicle is configured to collect and store user logs, machine learning enters the picture to detect any anomalies. An attack detection model is a platform capable of analyzing signals and service data received from the outside world through an internet connection or ports in the car. These algorithms can be used to detect malware activities, communication behavior, or unusual commands like activating parking mode while the car is on a highway.

Because a vehicular network is a proprietary system that does one thing, instead of a standard computer network that accepts a diversity of user inputs, a car’s digital communication is more predictable than that of a typical computer network. As such, it is feasible to employ tactics like unsupervised machine learning in training an algorithm to differentiate a malicious exploit from “normal driving behavior” in an expedient and accurate way, enabling the vehicle to alert the driver or prevent the attack.

Case Study: Machine Learning Can Detect and Prevent Attacks

An example of a “learn and prevent” device that works in a vehicular context is the anti-hacking solution developed by Miller and Valasek. This device is an intrusion-detection system for vehicles with certain automated features.

The device is based on a general purpose NXP microcontroller, with a simple board that is plugged into the OBD-II port. It works by operating in an observation mode for the first few minutes of a drive, allowing the device to capture a vehicle’s typical data patterns. Then, it switches into detection mode to monitor the system for anomalies, such as an unusual flood signal or command. If it spots a “bad” signal, it puts the car into “limp mode,” essentially shutting down its network and disabling some functions like power steering and lane assist until the vehicle restarts.

After the anomaly is detected, two different actions can be triggered: prevention and alert.

The Prevention module is used to “tell” the car it should ignore the rogue commands, and it can be used to block attackers trying to use the same approach. The Alert module is used to send (or display) notifications in real time, allowing drivers to take action or automatically inform the authorities of the attack. This module can be extended with the dashboard integrated into the car.

In general, a car’s digital communications are far more predictable than those of a typical computer network, and this is a fortunate trait when it comes to vehicular cybersecurity. Because there is less signal variance in the automotive world, it tends to be obvious when something out of the ordinary happens.

Self-Driving Security Is Vital, And Machine Learning Can Help

Hacking self-driving cars could have far more serious consequences than compromised emails or even stolen credit card numbers. Autonomous cars exploited by malicious code could cause real physical harm, and these vulnerabilities could theoretically be exploited not only by car thieves, but by rogue nations and terrorists, looking to disrupt infrastructure and cause chaos.

This article reviewed the security challenges facing driverless cars today, and outlined a few ways the industry could tackle them. One long-term direction the industry may take to ensure maximum security in autonomous vehicles is cloud computing. This would require ultra-low latency, high availability, and lots of bandwidth, because processing and analyzing behaviors in and out of the car are just too much to be left to embedded computers.

The transition to 5G data networks, combined with the flexibility of cloud orchestration, may provide the foundation for leveraging machine learning to secure self-driving cars, giving them the computing power to detect threats and react in milliseconds.

There is no doubt that hackers will attempt to breach self-driving cars, but today’s cybersecurity professionals have more powerful tactics to defend against them. Machine learning has grown into an essential tool for companies looking to secure their resources. The same is true of the automotive industry, now more than ever.