Master Thesis: Attack traffic generation for network-based intrusion detection systems i Lund

At Bosch, we shape the future by inventing high-quality technologies and services that spark enthusiasm and enrich people’s lives. Our promise to our associates is rock-solid: we grow together, we enjoy our work, and we inspire each other. Join in and feel the difference.

Bosch R&D Center Lund stands for modern development in cutting edge technology in the areas of connectivity, security, mobility solutions and AI. We are growing rapidly and looking for people to join us on our mission to become the Bosch Group’s 1st address for secure connected mobility solutions. We are working on a range of interesting projects, with a particular focus on software development for the automotive industry, electrical bicycles and Internet of Things.

Problem statement
The emergence of smart, connected and software defined vehicles have highlighted the need for improved automotive security. The in-vehicle network, which was previously isolated from any external attacks have in recent years become more exposed, requiring state-of-the art solutions in order to protect the communication integrity inside the car.  In Lund, we develop a network-based intrusion detection system for this scenario, where traffic on the Controller Area Network (CAN) is monitored for anomalies. A major challenge, both in academia and industry is the lack of available traffic data, especially containing known attacks. 

Proposed solution
This thesis aims to develop a novel way to generate traffic data which contain known attack patterns. The scope and boundaries of this problem will be investigated and set as an initial phase of the project. The intention is to provide software which can take a trace file with normal traffic as input and insert new traffic patterns using an attack template.

The following topics would be included in this thesis:

• Thorough literature review, identify attack patterns (such as Denial-of-Service, injection etc.) and how they can be defined. A review and selection of the most suitable/interesting patterns to implement.
• Develop a framework in incremental steps which is capable of
  • Producing a set of defined attack profiles
  • Applying the profiles on a selected collection of trace files
  • Generalizing the concept to handle any trace file and improve the attack profiles to model an attacker for example by introducing randomness, history, learning.

You will of course have the opportunity to shape the thesis based on your knowledge, skills and discoveries during the project.

In order to be successful in the project with think you are:

• A student in Information Technology, Computer Science, Electronics, Math or Physics.
•  Interested in algorithm development and have experience with or have at least some knowledge of programming in scripting languages such as Python.
• Self-driven, with an analytical mindset who can challenge yourself, and gain the experience needed to move the project forward.
• A person with team spirit, social skills and a curiosity for exploring new technology areas.
• Proficient in English.

Please note: Only applications from students at a Swedish University are accepted.

We are looking forward to receiving your application!
Start: according to prior agreement
Duration: 6 months
Scope: 1-2 student(s) completing 30 credits (20 weeks) onsite at the Lund office

Requirement for this thesis is the enrollment at University. Please attach a motivation letter, your CV, transcript of records, examination regulations and if indicated a valid work and residence permit.