Network intrusion detection and prevention (NIDP)
While host-based intrusion detection systems can be effective in alerting the OEM of potential active attacks, the time to respond makes them inadequate to fully mitigate active breaches. Naturally, there is a need to incorporate network intrusion prevention systems that can eliminate breaches before they become a persistent threat. However, any such solution must be carefully designed to account for the requirement of determinism in automotive systems. Unlike an IT environment, where a false positive that may lead to closing a network connection is tolerated, in a vehicle environment, falsely denying a network message that carries safety-related data can produce a high degree of indeterminism, which can eventually affect the availability of safety-related functions. Therefore, when picking network intrusion prevention solutions, eliminating false positives is a high-priority objective.
Some techniques for deploying NIDP in vehicles...
