Host-based intrusion detection
Even with state-of-the-art security controls, the OEM has no visibility of how effective those controls are during normal operation. Indeed, some controls may start out being quite effective yet diminish in strength over time as attackers’ abilities and tools increase in sophistication. Therefore, a security strategy that relies only on preventive security controls is incomplete unless complemented by attack detection mechanisms. Building anomaly detection systems in the vehicle accompanied by a backend security operation center (SOC) enables an OEM to bridge that gap and gain real-time perspective about the level of threats that the entire vehicle fleet is experiencing. This further enables the OEM to react promptly after an incident is detected when patching vulnerabilities is needed. With the distributed E/E architecture, no single ECU can know about all security events in the vehicle, so the host-based intrusion detection system (IDS) itself...
