Threat Analysis and Detection in In-Vehicle Infotainment System Leveraging MITRE ATT&CK and Suricata

In-vehicle infotainment (IVI) systems have served as central consoles that offer a variety of convenient features and facilitate comprehensive vehicle management. These systems have evolved to handle privacy-sensitive data. This study investigates cybersecurity risks associated with IVI systems, which can be exploited by malicious actors to target vulnerabilities in automotive cyber-physical systems. The expansion of the IVI attack surface due to vehicle connections to external networks, inherent vulnerabilities in certain IVI systems, and the potential catastrophic consequences of IVI breaches amplify these risks. This study examines 11 distinct attack scenarios that could be executed on Automotive Grade Linux (AGL), a predominant operating system utilized in IVI systems. The proposed attack scenarios are mapped to the tactics, techniques, and procedures (TTPs) defined in the MITRE ATT&CK framework and are categorized into five classifications based on the attacker's intent and the level of impact on the system. To further enhance our understanding of potential threats, we developed multi-phase attack sequences by integrating three to four attack scenarios targeting specific applications. Lastly, we propose a methodology for detecting four selected attack scenarios using Suricata, a network-based IDS. This study informs IVI defense development and security response strategies while analyzing real-world threats to support vehicle security certification and compliance.