Senior capstone project puts the brakes on cyberattacks on automobiles

It sounds like a scene from a James Bond movie: A villain hacks 007’s car to try to take control and crash it. Something like this could happen if cybersecurity in automobiles isn’t beefed up.

Cars today operate a lot like computers on wheels, and several years ago, researchers showed they could hijack a moving vehicle, says Ryan Davidson, BS Electrical Engineering ’17. “The problem is not common now, but it will become more of an issue in the future,” he says.

So Davidson and five other Mason Engineering seniors developed software that can identify malicious cyberattacks on a vehicle’s internal networks for their senior capstone project, “Signal Fingerprinting Intrusion Detection System.” It won the Department of Electrical and Computer Engineering’s award for the best project for the fall semester.

The backstory: Embedded devices, called electronic control units, regulate nearly every function of an automobile, including the brakes, steering and acceleration. They send information to other components through the controller area network.

Cyber attackers could take over a driver’s steering or brake capacity by hacking into one of devices on the network, says the group’s faculty supervisor Kai Zeng, an associate professor in the Department of Electrical and Computer Engineering. He also teaches courses in the Cyber Security Engineering, BS Program.

The seniors’ goal was to create a system to determine if the messages to and from the devices were legitimate and not from hackers.

To do this, they applied machine-learning algorithms to develop a “fingerprint” for each legitimate message on the network, and they put those fingerprints into a database so they could differentiate between trusted and malicious messages on the network. “The goal was to detect the bad guys without rejecting good signals,” Zeng says.

After they created the software, they tested it by sending both real and fake signals. They ran this process on several vehicles including a Camry, Chevy, and BMW. The intrusion detection system was able to identify the signals with up to 90 percent accuracy, Davidson says.

The seniors didn’t modify any device on the car’s current network, he says. “That was probably the most important part of this project. People have been able to do something similar before, but they had to modify the software on the car’s devices, which makes integration into existing networks difficult.”

There’s still work to be done. We need to add additional hardware to the hardware we used to get a real system functional, however the final implementation could be realized with off-the-shelf components,” Davidson says.

The engineers are going to apply for a patent for their project, he says.

Eventually their system might be useful for military vehicles, airplanes, and driverless cars. “Driverless vehicles are going to be connected to the internet, and in theory, a hacker might be able to hack into thousands of vehicles at the same time,” Davidson says. “We always want to be a step ahead of potential threats.”

The seniors were “quite creative and diligent,” Zeng says. “The project was hard work, but they all learned a lot during the process.”

Other team members: Borhan Fanayan, BS Electrical Engineering Spring ’18; Chirag Sharma, BS Electrical Engineering ’17; Oscar Jaramillo, BS Electrical Engineering ’17; Abdullah Alkhudair, BS Computer Engineering ’17; and Ahmed Amkor, BS Electrical Engineering ’17.

“Driverless vehicles are going to be connected to the internet, and in theory, a hacker might be able to hack into thousands of vehicles at the same time, We always want to be a step ahead of potential threats.”

Ryan Davidson, BS Electrical Engineering ’17

Related people: Kai Zeng

Originally published on and written by Nanci Hellmich