The modern automotive industry is at the core of digital transformation. With the rise of Software-Defined Vehicles (SDVs), cars have evolved from simple mechanical transport machines to complex “computers on wheels.” While this shift opens up endless possibilities, it also introduces unprecedented cybersecurity threats.
The Security Reality of the SDV Era
Connected Cars on the Rise
According to the Korea Automobile & Mobility Association (KAMA), as of March 2023, South Korea had over 7.08 million registered connected cars—representing 27.6% of all vehicles. In other words, more than one in four cars on Korean roads is exchanging data through external networks. While this connectivity enables smartphone-like convenience, it also introduces new vectors for cyberattacks. Car hacking no longer requires physical access; it can happen remotely, even without the driver’s awareness.
Escalating Cyber Threats
A report by Upstream Security highlighted a 165% year-over-year increase in dark web and deep web activity related to the automotive ecosystem in 2023. One major incident involved a well-known EV manufacturer, where an API vulnerability exposed data from over two million vehicles across 130 countries. Hackers exploited this to track vehicle locations and unlock cars remotely—posing real-world safety risks.
Multi-layered Threat Landscape
In-Vehicle Network Threats: Malicious messages injected into the CAN (Controller Area Network) bus can tamper with essential functions like braking and steering.
ECU and Hardware Threats: Reverse engineering or firmware hacking of ECUs (Electronic Control Units) can result in control hijacking or installation of counterfeit ECUs.
External Interface Threats: Interfaces like Wi-Fi, Bluetooth, and OBD-II ports are potential intrusion points, especially when third-party apps are involved.
Backend Server Threats: A compromised backend server could impact millions of vehicles simultaneously, spreading malware through OTA updates.
The Fundamental Limits of Traditional Security Systems
Issues with Signature-Based IDS
Much like antivirus software, these systems rely on known attack “signatures.” They’re accurate for familiar threats, but powerless against zero-day exploits. They also require constant updates, making them slow to adapt to emerging attacks.
Early Anomaly Detection Pitfalls
Early statistical anomaly detection aimed to solve this, but often failed due to high false positives. Vehicle operating environments are highly dynamic, making rigid threshold-based models ineffective.
AI & ML-Powered Next-Generation Security
Unsupervised Learning with Autoencoders
Autoencoders are neural networks trained solely on “normal” CAN bus data. They learn hidden structures and relationships. When fed abnormal input, reconstruction errors spike, flagging potential threats.
Time-Series Pattern Analysis with LSTM
LSTM (Long Short-Term Memory) models are ideal for sequential CAN data. By learning the rhythm and timing of messages, they can detect deviations caused by intrusions in real time.
Hybrid Architecture for Robust Detection
Combining autoencoders and LSTM provides holistic defense. Autoencoders detect relational anomalies, while LSTM catches sequential disruptions. Together, they offer a robust, complementary system.
Practical Implementation in Vehicles
Edge AI for Real-Time Detection
Safety-critical systems require millisecond-level responses. Cloud-based AI causes latency, whereas Edge AI enables on-board processing with no delay—essential for emergency scenarios.
Federated Learning for Privacy
To protect privacy while training powerful models, Federated Learning sends models (not data) to vehicles. Each car trains locally and sends results to a central server for global model updates—preserving user privacy.
Explainable AI (XAI) for Trust
Deep learning models can be black boxes. XAI methods like LIME or SHAP make decisions understandable—showing which CAN IDs or signals influenced detection. This builds analyst confidence and enables incident investigation.
Meeting Global Compliance Standards
Understanding UN R155 & ISO/SAE 21434
These regulations are mandatory in major markets like the EU, Japan, and Korea. UN R155 became mandatory for all new vehicles from July 2024. Compliance is not optional.
Key Requirement: Cybersecurity Management System (CSMS)
Manufacturers must monitor and respond to threats throughout a vehicle’s lifecycle—even post-sale. This includes anomaly detection, incident response, and vulnerability management.
AI-IDS as a Compliance Enabler
AI-IDS allows scalable, real-time monitoring across millions of vehicles. It turns static documentation into dynamic, field-driven compliance. By automating detection, evaluation, and reporting, manufacturers can satisfy UN R155 and ISO/SAE 21434 requirements.
The Road Ahead for Automotive Security
Securing V2X Communication
As Vehicle-to-Everything (V2X) becomes mainstream, securing communication itself becomes critical. 5G-based security architectures will play a vital role.
Predictive Threat Intelligence
AI will evolve to predict threats before they happen, using adaptive models and real-time data.
Security by Design
AI will help embed security into vehicle design from the outset, ensuring ongoing verification and monitoring.
Keys to a Successful AI-Based Security System
A successful production-grade AI-IDS is more than a great algorithm. It requires:
Edge AI for real-time processing
Federated Learning for scalability and privacy
Explainable AI for transparency and trust
All this must work within the constraints of limited onboard computing resources and strict real-time demands.
Automotive cybersecurity must shift from reactive to proactive. In the SDV era, anomaly detection isn’t a luxury—it’s a necessity. AI and ML aren’t just supporting tools; they are the foundation of future-proof, resilient mobility.
Hermes Solution is your strategic partner to ensure your next-generation vehicles are the safest, most compliant, and most resilient to emerging threats. Contact us today to explore how our AI-powered cybersecurity solutions can turn your vision into reality.
