Many threats exist that target computing devices, and just as many defensive measures exist against these threats. Viruses are combatted by anti-virus applications, malware by anti-malware applications, network intrusions by firewalls, and so on. However, the majority of these defensive systems are designed for attacks against powerful computing devices such as laptops, desktops, and servers. Comparatively little has been done to secure systems with fewer computing resources, such as those that control vital functions in motor vehicles.
Previously, computing systems in automobiles were relatively simple and not connected to any outside network, making such systems fairly secure against attack. However, current trends in automobile design incorporate an increasing number of complicated features into vehicles' computing systems, increasing the surface area for attack. Worse, many automobiles now feature computing systems with Internet connectivity, vastly increasing the likelihood of attack from malicious individuals and applications. Because the computing systems and networks used for vehicles are so different from those used for personal computers, many traditional security technologies cannot be easily adapted to protect automobiles. One area that is especially lacking is the ability to identify potentially malicious messages sent via the controller area networks that are often used by motor vehicles. The instant disclosure, therefore, identifies and addresses a need for systems and methods for identifying suspicious controller area network messages.