{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T16:10:13Z","timestamp":1776442213641,"version":"3.51.2"},"reference-count":41,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2023,2,14]],"date-time":"2023-02-14T00:00:00Z","timestamp":1676332800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Secure Safe Apulia\u2014Regional Security Center","award":["6ESURE5"],"award-info":[{"award-number":["6ESURE5"]}]},{"name":"Secure Safe Apulia\u2014Regional Security Center","award":["V9UFIL5"],"award-info":[{"award-number":["V9UFIL5"]}]},{"name":"KEIRETSU","award":["6ESURE5"],"award-info":[{"award-number":["6ESURE5"]}]},{"name":"KEIRETSU","award":["V9UFIL5"],"award-info":[{"award-number":["V9UFIL5"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Algorithms"],"abstract":"<jats:p>Integrating embedded systems into next-generation vehicles is proliferating as they increase safety, efficiency, and driving comfort. These functionalities are provided by hundreds of electronic control units (ECUs) that communicate with each other using various protocols that, if not properly designed, may be vulnerable to local or remote attacks. The paper presents a vehicle-security operation center for improving automotive security (V-SOC4AS) to enhance the detection, response, and prevention of cyber-attacks in the automotive context. The goal is to monitor in real-time each subsystem of intra-vehicle communication, that is controller area network (CAN), local interconnect network (LIN), FlexRay, media oriented systems transport (MOST), and Ethernet. Therefore, to achieve this goal, security information and event management (SIEM) was used to monitor and detect malicious attacks in intra-vehicle and inter-vehicle communications: messages transmitted between vehicle ECUs; infotainment and telematics systems, which provide passengers with entertainment capabilities and information about the vehicle system; and vehicular ports, which allow vehicles to connect to diagnostic devices, upload content of various types. As a result, this allows the automation and improvement of threat detection and incident response processes. Furthermore, the V-SOC4AS allows the classification of the received message as malicious and non-malicious and acquisition of additional information about the type of attack. Thus, this reduces the detection time and provides more support for response activities. Experimental evaluation was conducted on two state-of-the-art attacks: denial of service (DoS) and fuzzing. An open-source dataset was used to simulate the vehicles. V-SOC4AS exploits security information and event management to analyze the packets sent by a vehicle using a rule-based mechanism. If the payload contains a CAN frame attack, it is notified to the SOC analysts.<\/jats:p>","DOI":"10.3390\/a16020112","type":"journal-article","created":{"date-parts":[[2023,2,14]],"date-time":"2023-02-14T03:09:32Z","timestamp":1676344172000},"page":"112","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":31,"title":["V-SOC4AS: A Vehicle-SOC for Improving Automotive Security"],"prefix":"10.3390","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0163-6786","authenticated-orcid":false,"given":"Vita Santa","family":"Barletta","sequence":"first","affiliation":[{"name":"Department of Computer Science, University of Bari, 70125 Bari, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5719-7447","authenticated-orcid":false,"given":"Danilo","family":"Caivano","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Bari, 70125 Bari, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2314-3253","authenticated-orcid":false,"given":"Mirko De","family":"Vincentiis","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Bari, 70125 Bari, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Azzurra","family":"Ragone","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Bari, 70125 Bari, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2455-2032","authenticated-orcid":false,"given":"Michele","family":"Scalera","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Bari, 70125 Bari, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0962-5659","authenticated-orcid":false,"given":"Manuel \u00c1ngel Serrano","family":"Mart\u00edn","sequence":"additional","affiliation":[{"name":"Departamento de Tecnolog\u00edas y Sistemas de Informaci\u00f3n, University of Castilla-La Mancha, 13001 Ciudad Real, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2023,2,14]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"399","DOI":"10.1016\/j.dcan.2020.04.007","article-title":"Attacks and Defences on Intelligent Connected Vehicles: A Survey","volume":"6","author":"Dibaei","year":"2020","journal-title":"Digit. Commun. Netw."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Bozdal, M., Samie, M., and Jennions, I. (2018, January 16\u201317). A Survey on Can Bus Protocol: Attacks, Challenges, and Potential Solutions. Proceedings of the 2018 International Conference on Computing, Electronics & Communications Engineering (iCCECE), Southend, UK.","DOI":"10.1109\/iCCECOME.2018.8658720"},{"key":"ref_3","first-page":"94","article-title":"A Survey of Remote Automotive Attack Surfaces","volume":"2014","author":"Miller","year":"2014","journal-title":"Black Hat USA"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Palanca, A., Evenchick, E., Maggi, F., and Zanero, S. (2017, January 6\u20137). A Stealth, Selective, Link-Layer Denial-of-Service Attack against Automotive Networks. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Bonn, Germany.","DOI":"10.1007\/978-3-319-60876-1_9"},{"key":"ref_5","unstructured":"(2023, February 07). Tencent Security Keen Lab Experimental Security Assessment of Mercedes-Benz Cars, Mercedes-Benz MBUX Security Research Report. Available online: https:\/\/keenlab.tencent.com\/en\/whitepapers\/Mercedes_Benz_Security_Research_Report_Final.pdf."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.comcom.2021.08.027","article-title":"Security on In-Vehicle Communication Protocols: Issues, Challenges, and Future Research Directions","volume":"180","year":"2021","journal-title":"Comput. Commun."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Doan, T.P., and Ganesan, S. (2023, February 07). CAN Crypto FPGA Chip to Secure Data Transmitted through CAN FD Bus Using AES-128 and SHA-1 Algorithms with a Symmetric Key; SAE Technical Paper 2017-01-1612, WCX\u2122 17: SAE World Congress Experience. Available online: https:\/\/www.sae.org\/publications\/technical-papers\/content\/2017-01-1612\/.","DOI":"10.4271\/2017-01-1612"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Siddiqui, A.S., Gui, Y., Plusquellic, J., and Saqib, F. (2017, January 6\u20139). Secure Communication over CANBus. Proceedings of the 2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS), Boston, MA, USA.","DOI":"10.1109\/MWSCAS.2017.8053160"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Stabili, D., Ferretti, L., and Marchetti, M. (2018, January 18\u201320). Analyses of Secure Automotive Communication Protocols and Their Impact on Vehicles Life-Cycle. Proceedings of the 2018 IEEE International Conference on Smart Computing (SMARTCOMP), Taormina, Italy.","DOI":"10.1109\/SMARTCOMP.2018.00045"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"7116","DOI":"10.1109\/TVT.2020.2990417","article-title":"CANeleon: Protecting CAN Bus with Frame ID Chameleon","volume":"69","author":"Cheng","year":"2020","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Kornaros, G., Bakoyiannis, D., Tomoutzoglou, O., Coppola, M., and Gherardi, G. (2019, January 21\u201323). TrustNet: Ensuring Normal-World and Trusted-World CAN-Bus Networking. Proceedings of the 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), Beijing, China.","DOI":"10.1109\/SmartGridComm.2019.8909715"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"919","DOI":"10.1109\/TITS.2019.2908074","article-title":"A Survey of Intrusion Detection for In-Vehicle Networks","volume":"21","author":"Wu","year":"2019","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Sommer, F., D\u00fcrrwang, J., and Kriesten, R. (2019). Survey and Classification of Automotive Security Attacks. Information, 10.","DOI":"10.3390\/info10040148"},{"key":"ref_14","unstructured":"Baldassarre, M.T., Barletta, V.S., Caivano, D., Raguseo, D., and Scalera, M. (2019, January 13\u201315). Teaching Cyber Security: The HACK-SPACE Integrated Model. Proceedings of the ITASEC, Pisa, Italy."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Costantino, G., Matteucci, I., and Morales, D. (2020, January 12\u201315). EARNEST: A Challenge-Based Intrusion Prevention System for CAN Messages. Proceedings of the 2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), Coimbra, Portugal.","DOI":"10.1109\/ISSREW51248.2020.00080"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"2290","DOI":"10.1109\/TCAD.2018.2858422","article-title":"ASSURED: Architecture for Secure Software Update of Realistic Embedded Devices","volume":"37","author":"Asokan","year":"2018","journal-title":"IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Mbakoyiannis, D., Tomoutzoglou, O., and Kornaros, G. (2019, January 8\u201312). Secure Over-the-Air Firmware Updating for Automotive Electronic Control Units. Proceedings of the 34th ACM\/SIGAPP Symposium on Applied Computing, Limassol, Cyprus.","DOI":"10.1145\/3297280.3297299"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"103750","DOI":"10.1016\/j.compind.2022.103750","article-title":"Anomaly Detection in Smart Agriculture Systems","volume":"143","author":"Catalano","year":"2022","journal-title":"Comput. Ind."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Lee, H., Jeong, S.H., and Kim, H.K. (2017, January 28\u201330). OTIDS: A Novel Intrusion Detection System for In-Vehicle Network by Using Remote Frame. Proceedings of the 2017 15th Annual Conference on Privacy, Security and Trust (PST), Calgary, AB, Canada.","DOI":"10.1109\/PST.2017.00017"},{"key":"ref_20","first-page":"100214","article-title":"Cybersecurity Challenges in Vehicular Communications","volume":"23","author":"Sadatsharan","year":"2020","journal-title":"Veh. Commun."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Scarfone, K., and Mell, P. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS), National Institute of Standards and Technology. Special Publication 800-94.","DOI":"10.6028\/NIST.SP.800-94"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Barletta, V.S., Caivano, D., Nannavecchia, A., and Scalera, M. (2020). A Kohonen SOM Architecture for Intrusion Detection on In-Vehicle Communication Networks. Appl. Sci., 10.","DOI":"10.3390\/app10155062"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Seo, E., Song, H.M., and Kim, H.K. (2018, January 28\u201330). GIDS: GAN Based Intrusion Detection System for In-Vehicle Network. Proceedings of the 2018 16th Annual Conference on Privacy, Security and Trust (PST), Belfast, Ireland.","DOI":"10.1109\/PST.2018.8514157"},{"key":"ref_24","unstructured":"Cho, K.-T., and Shin, K.G. (2016, January 10\u201312). Fingerprinting Electronic Control Units for Vehicle Intrusion Detection. Proceedings of the 25th USENIX Security Symposium (USENIX Security 16), Austin, TX, USA."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"184","DOI":"10.1186\/s13638-019-1484-3","article-title":"Intrusion Detection System for Automotive Controller Area Network (CAN) Bus System: A Review","volume":"2019","author":"Lokman","year":"2019","journal-title":"EURASIP J. Wirel. Commun. Netw."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1109\/MDAT.2019.2899062","article-title":"Survey of Automotive Controller Area Network Intrusion Detection Systems","volume":"36","author":"Young","year":"2019","journal-title":"IEEE Des. Test"},{"key":"ref_27","unstructured":"Fallstrand, D., and Lindstr\u00f6m, V. (2015). Applicability Analysis of Intrusion Detection and Prevention in Automotive Systems. [Master\u2019s Thesis, Chalmers University of Technology]."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Falk, E., Repcek, S., Fiz, B., Hommes, S., State, R., and Sasnauskas, R. (2017, January 4\u20138). VSOC-a Virtual Security Operating Center. Proceedings of the GLOBECOM 2017\u20142017 IEEE Global Communications Conference, Singapore.","DOI":"10.1109\/GLOCOM.2017.8254427"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Aijaz, L., Aslam, B., and Khalid, U. (2015, January 19\u201320). Security Operations Center\u2014A Need for an Academic Environment. Proceedings of the 2015 World Symposium on Computer Networks and Information Security (WSCNIS), Hammamet, Tunisia.","DOI":"10.1109\/WSCNIS.2015.7368297"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Madani, A., Rezayi, S., and Gharaee, H. (2011, January 19\u201320). Log Management Comprehensive Architecture in Security Operation Center (SOC). Proceedings of the 2011 International Conference on Computational Aspects of Social Networks (CASoN), Salamanca, Spain.","DOI":"10.1109\/CASON.2011.6085959"},{"key":"ref_31","unstructured":"Bidou, R. (2023, February 07). Security Operation Center Concepts & Implementation. Available online: https:\/\/www.researchgate.net\/publication\/228587242_Security_Operation_Center_Concepts_Implementation."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Shahjee, D., and Ware, N. (2022, January 7\u20139). Designing a Framework of an Integrated Network and Security Operation Center: A Convergence Approach. Proceedings of the 2022 IEEE 7th International conference for Convergence in Technology (I2CT), Mumbai, India.","DOI":"10.1109\/I2CT54291.2022.9825084"},{"key":"ref_33","unstructured":"Langer, F., Sch\u00fcppel, F., and Stahlbock, L. (2019, January 19\u201320). Establishing an Automotive Cyber Defense Center. Proceedings of the 17th Escar Europe: Embedded Security in Cars, Stuttgart, Germany."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Meyer, P., Hackel, T., Langer, F., Stahlbock, L., Decker, J., Eckhardt, S.A., Korf, F., Schmidt, T.C., and Sch\u00fcppel, F. (2020, January 16\u201318). A Security Infrastructure for Vehicular Information Using Sdn, Intrusion Detection, and a Defense Center in the Cloud. Proceedings of the 2020 IEEE Vehicular Networking Conference (VNC), New York, NY, USA.","DOI":"10.1109\/VNC51378.2020.9318351"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1007\/s10207-021-00548-5","article-title":"Browser-in-the-Middle (BitM) Attack","volume":"21","author":"Tommasi","year":"2022","journal-title":"Int. J. Inf. Secur."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"11540","DOI":"10.1109\/TVT.2022.3190721","article-title":"DAGA: Detecting Attacks to In-Vehicle Networks via N-Gram Analysis","volume":"71","author":"Stabili","year":"2022","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_37","unstructured":"IBM (2023, February 07). IBM QRadar Security Intelligence. Available online: https:\/\/www.ibm.com\/products\/qradar-siem."},{"key":"ref_38","unstructured":"(2023, February 07). Magic Quadrant for Security Information and Event Management. Available online: https:\/\/www.gartner.com\/doc\/reprints?id=1-2BDC4CEU&ct=221010&st=sb."},{"key":"ref_39","unstructured":"(2023, February 07). IBM Architecture and Deployment Guide. Available online: https:\/\/www.ibm.com\/docs\/en\/SS42VS_7.4\/pdf\/b_siem_deployment.pdf."},{"key":"ref_40","unstructured":"Gerhards, R. (2023, February 09). Available online: https:\/\/www.rfc-editor.org\/rfc\/rfc5424."},{"key":"ref_41","unstructured":"Dupont, G., Lekidis, A., Den Hartog, J., and Etalle, S. (2019). Automotive Controller Area Network (CAN) Bus Intrusion Dataset V2, 4TU.Centre for Research Data."}],"container-title":["Algorithms"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-4893\/16\/2\/112\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T18:34:36Z","timestamp":1760121276000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-4893\/16\/2\/112"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,2,14]]},"references-count":41,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2023,2]]}},"alternative-id":["a16020112"],"URL":"https:\/\/doi.org\/10.3390\/a16020112","relation":{},"ISSN":["1999-4893"],"issn-type":[{"value":"1999-4893","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,2,14]]}}}