Navigating Connected Car Cybersecurity: Location Anomaly Detection with RAN Data

TL;DR

This paper introduces a novel location anomaly detection method using RAN data to identify potential hijacking attacks in connected cars, enhancing IoT cybersecurity.

Contribution

It presents a new RAN-based location anomaly detection module that efficiently detects malicious devices in connected car networks.

Findings

Effective detection of rogue devices in large-scale RAN data

High accuracy in identifying location anomalies indicative of hijacking

Scalable approach suitable for real-time cybersecurity applications

Abstract

The cybersecurity of connected cars, integral to the broader Internet of Things (IoT) landscape, has become of paramount concern. Cyber-attacks, including hijacking and spoofing, pose significant threats to these technological advancements, potentially leading to unauthorized control over vehicular networks or creating deceptive identities. Given the difficulty of deploying comprehensive defensive logic across all vehicles, this paper presents a novel approach for identifying potential attacks through Radio Access Network (RAN) event monitoring. The major contribution of this paper is a location anomaly detection module that identifies aberrant devices that appear in multiple locations simultaneously - a potential indicator of a hijacking attack. We demonstrate how RAN-event based location anomaly detection is effective in combating malicious activity targeting connected cars. Using RAN data generated by tens of millions of connected cars, we developed a fast and efficient method for identifying potential malicious or rogue devices. The implications of this research are far-reaching. By increasing the security of connected cars, we can enhance the safety of users, provide robust defenses for the automotive industry, and improve overall cybersecurity practices for IoT devices.