Title: Multi-IF : An Approach to Anomaly Detection in Self-Driving Systems

Abstract: Autonomous driving vehicles (ADVs) are implemented with rich software functions and equipped with many sensors, which in turn brings broad attack surface. Moreover, the execution environment of ADVs is often open and complex. Hence, ADVs are always at risk of safety and security threats. This paper proposes a fast method called Multi-IF, using multiple invocation features of system calls to detect anomalies in self-driving systems. Since self-driving functions take most of the computation resources and upgrade frequently, Multi-IF is designed to work under such resource constraints and support frequent updates. Given the collected sequences of system calls, the combination of different syntax patterns is used to analyze and construct feature vectors of those sequences. By taking the feature vectors as inputs, one-class support vector machine is adopted to determine whether the current sequence of system calls is abnormal, which is trained with the feature vectors from the normal sequences. The evaluations on both simulated and real data prove that the proposed method is effective in identifying the abnormal behavior after minutes of feature extraction and training. Further comparisons with the existing methods on the ADFA-LD data set also validate that the proposed approach achieves a higher accuracy with less time overhead.