key: cord-0621268-08k0ck35 authors: Limbasiya, Trupil; Teng, Ko Zheng; Chattopadhyay, Sudipta; Zhou, Jianying title: A Systematic Survey of Attack Detection and Prevention in Connected and Autonomous Vehicles date: 2022-03-27 journal: nan DOI: nan sha: 373289a3d6ff07340df223f96025e5180a70c9dd doc_id: 621268 cord_uid: 08k0ck35 The number of Connected and Autonomous Vehicles (CAVs) is increasing rapidly in various smart transportation services and applications due to many benefits to society, people, and the environment. Several research surveys were conducted in the domain of CAVs. Such surveys primarily focus on various security threats and vulnerabilities in the domain of CAVs to classify different types of attacks, impacts of attacks, attacks features, cyber-risk, defense methodologies against attacks, and safety standards in CAVs. However, the importance of attacks detection and prevention approaches for CAVs has not been discussed extensively in the state-of-the-art surveys, and there is a clear gap in the existing literature on such methodologies to detect new and conventional threats and protect the CAV system from unexpected hazards on the road. There are some surveys with a limited discussion on Attacks Detection and Prevention Systems (ADPS), but such surveys provide only partial coverage of different types of ADPS for CAVs. Furthermore, there is a scope for discussing security, privacy, and efficiency challenges in ADPS that can give an overview of important security and performance attributes. This survey paper presents the significance of CAVs, potential challenges in CAVs, and an explanation of important security and privacy properties, attack scenarios, possible attacks in CAV, and performance evaluation parameters for ADPS. This survey paper extensively provides a discussion on the overview of different ADPS categories and state-of-the-art research works based on each ADPS category that gives the latest findings in this research domain. This survey also discusses crucial and open security research problems that are required to be focused on a secure deployment of CAVs in the market. The concept of Connected and Autonomous Vehicles (CAVs) enables vehicle passengers, other people, and industrialists for advanced road safety, better network connectivity, improved energy efficiency, effective productivity, and sustainable journey with new business opportunities through the next-generation automotive applications and services. CAVs use revolutionary technologies such as sensors, robotics, and complex software to automatically execute different system operations (like computation and communication) for vehicleto-everything (V2X) communications and in-vehicle network (IVN) data transmission through the wireless technology, i.e., dedicated short-range communications (DSRC), long-term evolution (LTE, i.e., 5G/6G), or wireless fidelity (Wi-Fi). The integration of these modern technologies with intelligent transportation systems (ITS) is a powerful tool that can gather meaningful information for data analytics to provide real-time information and effective services to the users, benefiting the society, people, businesses, governments in the development of a sustainable world [1] , [2] . Therefore, CAVs are widely practiced in various application areas, i.e., safety, business and human productivity, traffic flow and congestion management, data-driven mobility, sustainability, and transport accessibility. In CAVs, the control of various vehicle components is primarily managed by the vehicle rather than the driver. To make it more straightforward for the implementation purpose, different levels of vehicle automation are categorized while considering the level of vehicle and driver controls. A range of these levels starts at level 0 (no automation) and ends at level 5 (full automation). They are classified as (i) level 0: no driving automation, (ii) level 1: driver assistance, (iii) level 2: partial driving automation, (iv) level 3: conditional driving automation, (v) level 4: high driving automation and (vi) level 5: full driving automation. In these, the first three levels are categorized as the driving environment based on human driver monitoring, whereas the automated system monitors the driving environment in the other three levels [3] . In-vehicle network (IVN) is the backbone of CAVs in today's modern vehicles for data computation and communication among different installed sensors and mechanical components within a vehicle [4] . CAVs consist of several electronic control units (ECUs) that are connected through IVN to transmit crucial automotive instructions for further action(s). There are different types of protocols for IVNs, i.e., controller area network (CAN), FlexRay, media-oriented system transport (MOST), and local interconnect network (LIN). Among these protocols, CAN is mainly practiced in an automotive network for critical real-time data exchanges that connect critical ECUs to a high-speed CAN bus and lesscritical ECUs to a low-speed CAN bus. Such connections facilitate quickly broadcasting crucial automotive messages with higher priority. Moreover, high-speed CAN, i.e., ISO 11898-2 is particularly resistant to electrical interferences and it offers the design flexibility while considering the cost of implementation. The CAN protocol significantly manages arbitration and collision avoidance while messages are sent at arXiv:2203.14965v1 [cs.CR] 27 Mar 2022 the same time, thereby solving the problem of message retransmission [5] . Fig. 1 displays the outline of a CAV [6] , [7] , [8] that connects with different types of ECUs and OBD II through IVN to broadcast automated operational messages, whereas the outside world is connected via DSRC, LTE, or Wi-Fi for better services. The CAN bus bitrate varies from 125 kbps to 1 Mbps with a payload up to 8 bytes, whereas the maximum bitrate for CAN Flexible Data (FD) is 8 Mbps, and the payload size is 64 bytes in CAN-FD. The third generation CAN (called CAN-XL) can provide a bitrate of up to 10 Mbps with a payload size of up to 2048 bytes. CAN-XL considered implementation through Internet protocol-based services [9] . While using CAN in CAVs, it is responsible for the overall behavior of different system functionalities, such as steering, engine management, braking system, navigation, lane/parking assistance, indicator panel, cruise control, power window, and so on. Technological developments in recent years have allowed modern vehicles to access cloud services and communication with other vehicles using mobile cellular connections. These interfaces provide valuable services and they may also introduce new attack surfaces, leading to enhanced security vulnerabilities for the vehicle ECUs. Through the compromised ECU, the attacker can take control of the vehicle that may result in severe consequences, e.g., the attacker can alter the speed of the vehicle or stop the vehicle altogether [1] , [10] . Automated applications and services are used in various industries, such as transportation, retail, autonomous vehicles, financial, insurance, energy, health services, and media for multiple purposes that lead to a huge market scope of automotive businesses in the present and future world. According to a survey [11] , the automotive industry sector's total annual revenue in 2014 was around USD 2 trillion in the United States (US) only, which is 11.5 percent of US GDP. Around USD 735 billion (of the total annual revenue) was explicitly generated from the autonomous vehicles [11] . While looking at the roadmap of the New South Wales region of Australia [12] , CAVs will be adopted at the large scale in a service environment for different usages, aiming for new economic opportunities, great connectivity in customers' lives, and better accessibility of places through data analytics, new technologies, and strong collaborations. Automated vehicles provide functionality and services that are beneficial to decrease energy consumption, achieving sustainable mobility development. The CAV-enabled factors that could have the most significant impact on decreasing energy consumption include: (i) vehicle lightweight and rightsizing, (ii) powertrain electrification, (iii) platooning, and (iv) ecodriving [13] . Worldwide, E-commerce sales extensively grew to around USD 3.5 trillion from USD 572 billion in the period of 2010-2019 [14] , and even more people have become E-commerce customers due to the Covid-19 pandemic for multiple individual and societal benefits. Therefore, the demand for lastmile delivery has increased exponentially, resulting in higher delivery costs, longer delivery times, and fixed time slots due to limited human resources. Moreover, the environment will have negative impacts as delivery traffic continuously increases. Therefore, it is required to mitigate adverse effects for sustainable development. To deal with these challenges, autonomous vehicles (AVs) can play a significant role in delivering various products to customers effectively and quickly to fulfill customer preferences, leading to a new delivery concept as anything to consumer (X2C). Considering the trend in shopping (for any products), the X2C delivery market will dominate regular parcel delivery in the near future that can be possible through AGVs (to deliver products in urban areas) and UAVs (for rural or hilly areas delivery), benefiting customers, businesses, and government [15] . Considering the significant intentions of government agencies, automotive industries, and researchers, many economical opportunities extensively open various ways to develop and commercialize new components and systems through future mobility technologies. The market of CAVs is exponentially increasing for different services and applications due to various benefits of CAN bus system-based CAVs that connect with the outside world for better and real-time data analytics. For example, CAVs interact with different components (via an available central gateway in IVN), such as wireless sensors, other vehicles, network infrastructures, pedestrians, and other smart devices over LTE, DSRC, and Wi-Fi technologies for sustainable mobility. Moreover, the nature of messages broadcast in CAN opens the opportunity for the attackers to penetrate the CAN for susceptible activities in the system. Furthermore, CAN does not provide in-built authentication and encryption facilities to protect the system from potential various security attacks. Thus, CAVs are vulnerable to many security threats in the exposure of IVNs to the remote attackers [7] , [8] , [16] , [17] , [18] , [68] . It is demonstrated through experiments on a Jeep Cherokee that compromised electronic control units (ECUs) can be remotely accessed to broadcast forged or bogus messages on the CAN bus system [19] , [20] . The discussed experimental results [21] revealed the possibility of security threats in different BMW car models, i.e., the remote attacker can control the connected ECUs through the CAN bus. Ultimately, CAN is eventually susceptible to different security attacks due to the unavailability of encryption mechanisms and poor management of access control. CAVs communicate with different types of devices to produce effective results that enable decision-making systems to provide better efficiency. At the same time, CAVs are capable of gathering movement and location-based data of travelers through their multiple sensors. The captured data can be saved into the database (by using cloud-assisted systems) to analyze it based on available software [22] , [23] , [24] . Though the design and implementation of privacy protection regulations are comprehensively pending for the collected data from CAVs, the collected data is shared among different stakeholders, such as the government, private companies (as the third-party service provider), and people [18] , [25] . Consequently, privacy protection in CAVs is essential to avert the disclosure of identifiable information, tracking of vehicles, and divulging of personal activities. Several survey articles [2] , [10] , [17] , [26] , [27] on the cyber security of CAVs are presented by discussing various security threats and vulnerabilities in the domain of CAVs. Such articles have focused on the classification of attacks, attacks features, impacts of attacks, cyber-risk, defense strategies against attacks, and safety standards in CAVs. However, the importance on attacks detection and prevention approaches for CAVs has not been covered extensively in earlier surveys [2] , [10] , [17] , [26] , [27] . An intrusion detection system (IDS) is a software-based procedure or tool to monitor the system/network in order to capture any adversarial incidents or activities that infringe the system's normal functionalities. Attack detection and prevention systems (ADPSs) are software-based approaches, developed to detect anomalies in the system and protect it from malicious activities to continue its operations. As discussed earlier, CAVs are connected with different types of components via 4G/5G, DSRC, or Wi-Fi for V2X communications and perform automated vehicle driving operations through IVN for better automotive services. As a result, attackers can perform adversarial activities to disrupt the functionalities of IVN by launching different attacks remotely. This may lead to a major disaster on the road [7] , [8] , [16] , [17] , [18] . Therefore, it is essential to timely detect any incidents in the automotive system of CAVs to avert infrastructure and human life damages. There are some surveys [1] , [7] , [10] , [26] , [28] with a limited discussion on attacks detection and prevention, but all different types of ADPSs for CAVs are unexplored that can indeed improve the automotive system. This motivated us to discuss all ADPS categories for CAVs that can be helpful to detect security problems in IVN, reducing the damage cost through CAVs on the road. Furthermore, there is a scope for discussing security, privacy, and efficiency challenges in ADPSs. Focusing on the ADPS for CAVs, we write a detailed survey on different categories of ADPS and potential challenges in these ADPSs. The remaining part of the paper is organized as follows: Section 2 provides an overview of important security and privacy properties, attack scenarios, possible attacks in CAV, and performance evaluation parameters for ADPS. Section 3 described the considered approach to include most relevant articles in preparing a survey paper. In Section 4, we discuss the overview of different ADPS categories and state-of-theart research works based on each ADPS category that gives latest findings in this research domain. In Section 5, we suggest important and open security research problems that are required to be focused for novel contributions in CAVs. Section 6 gives our concluding remarks on the survey article and intended fuzzing approaches for intrusion detection. This section discusses important security and privacy properties for IVN. We explain crucial security and privacy threats in ADPS that can significantly impact the IVN. We also discuss various malevolent ways, used for adversarial activities in IVN. Therefore, it may result in security and privacy challenges that need to be addressed to protect the IVN from illegal actions. Moreover, we discuss different performance parameters that are useful to measure the performance efficiency of CAN-based ADPS and describe the significance of these parameters to help to understand the performance results of future ADPS universally. We explain relevant security and privacy properties that are more important in IVN, as the exposures of private data and the system may lead to various issues in CAVs [84] . 1) Authentication: When messages are exchanged over a common communication channel, the receiver entity should confirm the sender and data exactness of the transferred message to prevent misleading information and forgery. Furthermore, it is also necessary to confirm both (sender and receiver entities) through mutual authentication and key agreement in two-way message communications. Thus, they can be assured of the legitimate communicating entities during their data exchanges. Otherwise, it may lead to impersonation and data modification attacks, resulting in infrastructure damage and/or life threats to vehicle travelers. In CAVs, ECUs are connected over the CAN bus to send relevant messages to execute different operations in the automotive systems, and thereby, it becomes necessary to authenticate the sender in CAVs to avoid counterfeit information. If the sender is not verified, then there is a possibility that adversaries can perform malicious actions to interrupt the functionality of the IVN, aiming to damage the automotive system in CAVs. To achieve authentication, various security solutions can be practiced that are mainly designed using MACs and digital signatures. 2) Availability: It refers to the reliability of obtained information at the receiver side within a stipulated time to consider as the input in further actions. If imperative information is not available to the authorized entity at the required time, it may lead to unfortunate events that can put the entire system in impairment situations. CAVs are configured with the CAN to perform different automotive operations based on the collected/given vehicular data through automated functionalities. In CAVs, crucial automotive components (i.e., engine, power train, tire pressure monitoring, etc.) require getting instructions without any delay to execute operations successively for providing an impeccable experience of automotive system enabled vehicles. If exigent data is not available to crucial automotive components, it may lead to vehicle accidents on the road that might also have direct risks to human life. Moreover, it is also required to send appropriate messages if data delivery is failed due to some reasons. Therefore, data availability is a crucial requirement in the CAN to implement different automotive operations in CAVs. 3) Confidentiality: When messages are transferred over a public channel, it is essential to make sure that only legitimate receivers understand the information from the sent messages to satisfy the secrecy of data. If adversaries or other components can extract meaningful information by intercepting transferred messages, then data confidentiality is lost, and thereby, a compromised device can take confidential information into account while performing adversarial activities in the system. IVN messages are sent over the CAN bus, and they include automotive instructions that are used as input to perform further operations. Further, transmitted messages are available to all connected ECUs due to the broadcast nature of the CAN. Thereby, suppose any compromised ECU is connected over the CAN bus (and there is no guarantee that other ECUs know the connectivity of compromised ECUs over the CAN bus). In that case, an adversary can use confidential information of CAVs during malevolent activities. Thus, encryption of CAN messages has become essential during data transmission, but it is also vital to consider the resource-constraint problem in CAN while applying encryption techniques to satisfy data confidentiality. 4) Integrity: When messages are transferred from the sender to the receiver side, information should be available at the receiver entity the same as the sender sent it. If the receiver obtains modified information, then transmitted messages are tampered, resulting in the loss of data integrity. Thereby, the receiver should discard such altered messages without considering them. If the receiver accepts amended information, it may lead to different decisions, as the received information is used as input values for further operations. The functionalities in CAVs are operated based on automatic operations, and the intervention of humans is highly less or completely null in an automated system-monitored driving environment. Therefore, data integrity requirement becomes more significant in CAVs to verify the exactness of obtained messages from various senders. If adversaries can alter the CAN message, it creates data integrity problems in the system. It is also challenging to identify the sender in CAN to report malicious actions (performed by the specific entity) due to the unavailability of sender information in CAN messages. Information can be protected effectively through one-way hash-based authentication techniques. Consequently, integrity is also a vital factor in CAN to know whether exchanges messages are altered or not. 5) User Privacy: CAN is highly useful in automotive systems to execute various automated operations in CAVs, unmanned aerial vehicles, automated guided vehicles, the health sector, and other related application areas, reducing/removing human monitoring for rich experience during the usage. In such applications, the system is connected to different devices for effective data analytics by exchanging meaningful communications. Furthermore, data is particularly crucial, so it has substantial inhibitive impacts on the system and its users if it does not have adequate data protection mechanisms. Thus, if data leakage is possible in CAVs, it can expose vehicle users' activities, previously visited places, vehicle movements, and related actions. In order to avert illegal data access, it is required to ensure that only legitimate entities should know vehicle users' activities. Therefore, it is necessary to satisfy user privacy in CAVs. The attack vector is the way to enter the system to launch a diversity of attacks. We describe different possible ways for adversarial activities in CAVs. 1) External: The external adversary is an outsider entity that knows public channel parameters but does not know the system parameters, as the external adversary is not registered with the system for the execution of various operations. Therefore, this type of adversary has limited capabilities to launch various attacks on the IVN, but s/he can monitor data exchanges to eavesdrop on transferred messages. 2) Internal: This type of adversary (also known as insider adversary) is an authorized network entity to communicate with other registered entities. Thus, an internal adversary knows its credentials, system values, and public channel parameters, enabling it to perform adversarial activities in IVN with diverse attacks. Moreover, it is difficult to identify the attacker when internal attackers do illegal actions in the system. 3) Active: An active adversary can generate packets with deceitful intents to attack the system by intercepting communications. Thereby, on-going operations are directly impacted, directing to unexpected events that may lead to massive damage to the system infrastructure and/or humans. 4) Passive: The prime aim of passive adversaries is to eavesdrop on the communication channel to learn meaningful information/parameters from transferred messages. An adversary can use the eavesdropped data later for various purposes, i.e., forge message communications, modify messages, impersonate data transmissions, etc. 5) Local: When tampered hardware components are used during the device installation or upgrading procedures, an adversary gets direct access to the automotive system to know on-going operations and other functionalities, similar to devices' physical access. Thereby, an adversary becomes more powerful to covertly perform harmful actions in the system (and it is difficult to identify such compromises.). As a result, the risk level of damaging the automotive system is disastrous in the presence of compromised hardware components. 6) Remote: Malicious code is implemented to create a backdoor vulnerability that enables the adversary to gain remote control of the system/device. The remote attacker can then give commands to execute damaging operations. Furthermore, the adversary can remotely manage associated ECUs to the network, extending the scope of affecting areas. The conventional CAN and CAN-FD bus architectures are mostly used for real-time IVN communications due to the reduced cost, better efficiency, and simplified installation. However, they are exposed to various security attacks due to system vulnerability possibilities through the common CAN/CAN-FD communication bus, lack of authentication mechanisms, data encryption methods, and wide network connectivity over Wi-Fi and Bluetooth. As a result, the adversary can launch a variety of attacks over the CAN bus, ECUs, and OBD [7] , [8] , [10] , [27] . We have considered important attacks based on the significant impact on the IVN. Thereby, the explanation on pivotal attacks is limited to the CAN bus architecture, OBD, and ECUs, but we have not considered Light Detection And Ranging (LiDAR), Radio Detection and Ranging (Radar), and Global Positioning System (GPS)-based attacks in the following discussion. 1) Impersonation: When the adversary gets the CAN bus network access, s/he can obtain all transferred messages due to the broadcast nature. Adversaries can learn the way of ECU behavior, i.e., CAN ID, transmission rate, and payload range. The sender's information is not involved in CAN messages, making it easier to imitate ECU behavior by including the same information with an identical frequency. However, there is a possibility of a denial of service attack due to the increment in the number of CAN messages, but an adversary can appropriately manage the timings for sending data over the CAN bus and disabling a particular ECU to launch an impersonation attack. 2) Modification/Fabrication: This type of attack is used to alter the CAN message payload with bogus information, and it is then sent to the receiver(s) to provide the erroneous data. In this way, the adversary can broadcast incorrect messages by injecting a vehicle. Since it is easy for attackers to get the CAN ID through CAN bus connectivity, and the authentication and integrity property support is not effective in the CAN bus protocol, a modification attack can be launched comfortably to deliver fallacious information to disrupt vehicle functionalities. It is also difficult to correctly identify a modification attack due to a small amount of payload. 3) Sybil: When authentication mechanisms are used over the CAN bus architecture, the system requires to complete all verification procedures within a fixed time; otherwise, the system requires to spend its effort in the confirmation of some of the obtained messages, and thereby, the system is overburdened with many remaining messages (to be verified) that may also include high priority data. Thus, on-time instructions cannot be executed in the automotive system, directly affecting the performance of critical services. 4) Replay: Messages are sent over the common CAN bus, and they are accessible to all connected ECUs due to the broadcast nature of data transmission. The purpose of a replay attack is to stop transferred messages and re-transmit them (with or without modifications in data payload) later so the receiver cannot obtain essential data timely, impacting vehicle services provided through an automated system. Since CAN messages include crucial and real-time information and are used as an input in other operations to perform further executions, it is also indispensable to deliver CAN message to make on-time decisions in CAVs. 5) Injection: An injection attack's objective is to alter the sequence of legal CAN frames, message frequency, the number of CAN frames for transmission on the bus, and message payload. Thus, an adversary can inject payload into a CAN bus (to fabricate messages) at an abnormal rate with unusual CAN traffic by benefiting from authentication and encryption support unavailability in the CAN. This situation leads to the generation of simulated events that straightaway direct vehicle parts to behave based on the instructions given by an adversary. Thus, adequate authentication and integrity verification mechanisms are necessary to confirm messages' legitimacy and exactness to protect from such attacks. 6) CAN Bus-off: Connected components to the CAN bus use the arbitration field to find the preference of messages and decide the occupancy of the CAN bus for sending data. Thus, many messages can be sent using the highest attribution identity to dominate the CAN bus, making the communication link busy through the highest priority frames. Thereby, other associated nodes cannot send relevant data, not allowing regular data transmissions. Moreover, the adversary can send the same CAN messages with high frequency, overwhelming the network resources to launch a CAN bus-off attack. 7) Side-channel: This attack is performed by analyzing the target system's behavior through the collected pertinent information rather than using the drawbacks of the actual program. In side-channel attacks, the relevant information is gathered from different system services (timing, energy consumption, cache, etc.), and the target system is then exploited based on this collected information [87] . In CAVs, in-vehicle infotainment systems can be used to provide information for location, speed, access of related apps, and other data to make better decisions. The adversary can collect this related data through connected devices with a vehicle and then attempts to launch an attack (by referring to this data) on the CAN bus architecture to disrupt vehicle services. Since the gathered data may include personal information and activities of vehicle users, it may lead to user privacy issues. Therefore, it is required to protect the system as well as relevant data to prevent security and privacy attacks. It is vital to develop ADPS approaches that can detect abnormal events and seamlessly identify the sources of such situations in real-time. Since designed approaches are used in CAVs for robust results, it is important to measure the performance efficiency of the developed approaches to find anomalies. We describe significant performance parameters as follows, making it easier to understand the effectiveness of various ADPS approaches. It is considered that each occurrence O that belongs to normal/regular events are considered as the positive samples, and other occurrences are considered as the negative samples [54] , [61] . We have used notations (for 1) Accuracy: It is measured based on the overall average of faultless predictions for abnormal and normal events or accurate and erroneous values (occurred in the system) from the total number of occurrences. The formula of accuracy performance parameter is as shown in Equation 1 . 2) Sensitivity: It evaluates the ratio of correctly found abnormal events or erroneous values from the number of the same anomalous/incorrect occurrences. Sensitivity is computed as per Equation 2 . 3) Precision: The proportion of erroneous values or abnormal events (among the forecasted anomalous/erroneous) from the number of same anomalous/incorrect occurrences is called precision, and it is calculated based on Equation 3 . 4) F1 Score: It is the harmonic mean of precision and sensitivity, and it can be calculated through Equation 4 . It is the proportion of the number of correctly found injected packets (represented as T N ) to the total number of actually injected packets (represented as T N +F P ), and its formula is as written in Equation 5 , where T N = true negative and F P = false positive. We first describe the considered article collection approach to identify related research papers for this survey article. After that, we discuss our results on a keyword searching process (that is carried out to include the most relevant papers for a more comprehensive and precise survey) and then explain how different research papers have been chosen for clear discussions. To collect relevant papers to the survey scope, we first selected precise keywords that are appropriate for ADPSs in connected and autonomous vehicles. We then started keyword searching for the timeline of 2011-2021 on topmost relevant scientific publication venues based on these chosen keywords. The selected keywords for searching are Autonomous Vehicles/Cars, Connected Vehicles/Cars, Controller Area Networks, In-Vehicle Networks, Automotive Networks as domain keywords, whereas Intrusion Detection is taken into the account as a method keyword. Domain keywords means the set of networks/services, which are based on the application areas. If a solution-based approach, technique, or mechanism is proposed/introduced towards the specific problem, then it is considered as a method keyword. We considered the following scientific publication venues to search relevant papers. We follow certain criteria to include papers for more discussion in this survey article, and they are as follows: • A paper is included if it introduces/discusses on the general concept of ADPS categories is given in it. • A paper that proposes an ADPS approach, technique, or mechanism for CAVs. • A set of ADPS performance measurements for CAVs are suggested/introduced. • We have excluded poster/work-in-progress/demo papers in the process of relevant papers collection. We performed keyword searching for the selected keywords, and its results are shown in Table I . While considering the above-stated criteria, all keyword hits resulted in 3295 papers from the chosen scientific publication venues. We then studied all these papers based on their title/content to find relevant papers to the survey scope, resulting in 519 papers. Finally, we did an in-depth study of these articles to select papers for more discussions, and we found the most appropriate 75 papers to ADPSs for connected and autonomous vehicles. Out of these 75 papers, various ADPS approaches/techniques/mechanisms are proposed in 49 papers using different types of ADPS categories. In [38] , [76] , [77] , the consideration of road context is taken into account to improve the AV system efficiency. Here, the road context includes the road conditions (i.e., bend/joint/fork of roads, traffic light, and bumps), nearby vehicles, pedestrians, weather conditions (i.e., fog, rain, and snow), lights conditions (i.e., the sunrise, sunset, and tunnel lights). Out of 75 papers are survey articles and other relevant papers in which the authors have discussed the ADPS for CAVs. Table I displays query results for each keyword and the number of selected papers eventually for this survey, making it more straightforward for better understandings. Based on our literature study of various research articles, we have listed different ADPS categories, such as fingerprints, parameters monitoring, information-theoretic, machine learning, and message authentication. Attacks detection and prevention solutions are mainly proposed based on these categories to find security threats and attacks in CAVs. After selecting 49 papers (that proposed ADPS approaches/techniques/mechanisms for CAVs), we have classified each paper under the specific ADPS category to understand their solution methodology to detect intrusions in CAVs. Fig. 2 shows the number of papers for each ADPS category, and these papers are taken into consideration for the literature in this survey for a detailed discussion, providing extensive information to the readers. An IDS is a software application or device that can find real-time incidents (performed by attackers to disrupt routine functionalities of the system) for any policy violations or suspicious actions by monitoring network traffic. An IDS can also act as a resilient protection technology for system security once standard technologies fail in the system. CAVs are enabled with many automated functionalities for a safe, more intelligent, and comfortable journey on the road. However, it is also essential to provide a high level of security in CAVs to avert infrastructure damages, human losses, and business crises and provide trustworthy services to the users. Thus, it is required to have an ADPS in CAVs that can offer effective identification and protection against attacks using either signature or anomaly-based solutions. Attacks detection and prevention solutions are proposed to detect security attacks to find vulnerabilities and protect the system from various attacks so that the security flaws are identified before they do real damage. In CAVs, there are mainly six types of ADPS categories, i.e., (i) fingerprints, (ii) parameters monitoring, (iii) information-theoretic, (iv) machine learning, (v) message authentication, and (vi) other approaches. We explicitly describe each ADPS category, as they are mainly used in the design of attacks detection and prevention solutions for CAVs. 1) Fingerprints: A fingerprint is a group of specific and unique configuration information that can identify devices, just as human fingerprints uniquely identify people. Data analysis can be applied to datasets such as network traffic and device configuration to extract the devices' fingerprints. In general, device fingerprinting can be classified into active or passive techniques; active techniques send specially crafted packets to probe the device while passive techniques monitor the network traffic to detect patterns in the network traffic. Fingerprintbased IDS performs at the physical layer of the CAN bus, taking advantage of differences in physical properties, such as manufacturing variations, cabling, and ageing, which allow ECU to be fingerprinted [26] . The digital fingerprints of the ECUs are then used to identify the sender of the CAN message uniquely. When the IDS detects an anomaly between the observed fingerprint of a CAN message and the profiled fingerprint of the sender's ECU, an alert is raised, and unauthorized or unknown nodes will be flagged. As the characteristics of CAN signals are hardware-defined, the impersonation of CAN signals is difficult to tamper ECUs for an attacker without physical access. However, fingerprintbased IDS is ineffective against masquerade attacks [35] , but this problem can be solved using a behaviour-based IDS by analysing the network traffic to create a signature. Attackers can compromise ECUs and use them to send malicious messages with the same physical fingerprint and remains undetected by fingerprint-based IDS. Although physical properties make excellent fingerprints, they vary with time due to changing environmental factors, especially temperature and ageing of equipment [31] . It will reduce the model's accuracy, which means that the IDS needs to be constantly updated with the latest fingerprints via periodic model retraining. Also, fingerprint-based IDS has a high computational demand due to the high sampling rates required to achieve accurate identification of devices by fingerprinting [32] . Driver style and behavior are affected by individual experiences and habits. In contrast, CAVs' driving behavior is dependent on the road conditions and driving model and should be less varied, more consistent, and more stable. Therefore, device fingerprinting should better identify devices due to the regularity of CAN traffic patterns and give a higher device identification accuracy. We describe related fingerprintbased solutions as follows. A Clock-based IDS (CIDS) [29] is developed to find the intervals of recurring in-vehicle instructional messages, and this helps to estimate the clock skews of ECU transmitters for fingerprinting details of ECUs. Fingerprints are then used to construct a baseline of ECUs' clock behaviors using the Recursive Least Squares (RLS) algorithm. Based on this baseline, CIDS performs a cumulative sum analysis to detect masquerade, fabrication, and suspension attacks over the CAN protocol that enables fast identifications of IVN intrusions (at a low false-positive rate of 0.055%) and not missing any anomalies. An attacker identification scheme, Viden (Voltage-based attacker identification), is proposed in [30] that finds the adversary ECU in the IVN based on the measurement and utilization of the voltage. Viden first determines the genuineness of the measured voltage signals during the ACK learning phase by checking whether the origin (of these signals) is from the legal message transmitter or not. The transmitter ECUs' voltage profiles are then updated as fingerprints based on the construction of the voltage measurements. Finally, an adversary ECU is detected in the IVN using the voltage profiles of an ECU. Based on the shown results on two actual vehicles and a CAN bus prototype, it is feasible to fingerprint ECUs through voltage measurements by Viden, thereby achieving a low false identification rate (of 0.2%) to detect the adversary ECU in the system. VoltageIDS is proposed in [31] that aims to secure invehicle CAN networks through unique characteristics of CAN signals as fingerprints of ECUs. Taking masquerade and busoff attacks for IVN into account, VoltageIDS is designed on the method by observing two ECUs (one legitimate and another malicious) based on the sent identical signals so that electrical characteristics of their messages would be recognizable, and it is inherently challenging for the attackers to manipulate fingerprints. Further, VoltageIDS can also distinguish between a bus-off attack and errors in the system. The elevation of VoltageIDS is performed through actual vehicles and a CAN bus prototype setup that confirms the detection of intrusions in the in-vehicle CAN networks. Scission [32] is proposed using fingerprint details (that can be extracted from CAN frames) to know the sender ECU's identification: immutable physical characteristics from analog values are used to confirm the authorization of a sender ECU (to send evaluated messages), enabling to detect anomalies and the identification of compromised ECUs in the system. Scission's sender identification rate is 99.85 % on average on two series production cars and a prototype setup. The results show that Scission can detect ECU-based attacks from compromised, unmonitored, and other added devices. CAN is enabled with limited resources, and thereby, the high implementation costs or infringement of backward compatibility inhibits the deployment of CAN protocols in IVN to execute different functions properly. Thus, it has been found through an analysis in [33] that the state-of-the-art CAN ADPSs depend on multiple frames that are used to identify misbehavior of a certain ECU, but these frames are susceptible to a Hill-Climbing-style attack. Therefore, real-time intrusion detection and identification system, SIMPLE is developed to exploit physical layer features of ECUs through a single frame, and ECUs can be effectively nullified. Based on the realtime vehicle and lab experiments with automotive-grade CAN transceivers, the results show that the average equal error rates in SIMPLE are around 0.8985% and 0%. The existing approaches offer good results to avert possible security challenges in CAN, but they require high computational effort and sampling rates. EASI [8] is proposed by generating the fingerprint from a single symbol that enables to improve the frame identification rate (of 99.98%) with less computation effort. Further, it is demonstrated that comprehensive signal characteristics can be processed for voltagebased sender identification using machine learning algorithms. The results show that the computational requirements and the memory footprint are reduced by 142 and 168, respectively. Moreover, the classification problem is solved within 100 µs with a training time of 2.61 seconds. The exposure of various real-world attack scenarios is designed to spoof the victim AV in [34] so that it is possible to coerce the victim to make hazardous driving decisions that lead to a fatal crash. Based on the field experiments, the impacts of different attack scenarios are analyzed through a Lincoln MKZ-based AV testbed, and it confirms the access feasibility of the victim AV that enables the attacker to compromise security and safety in the victim AV. To address these challenges, challenge-response authentication and radio frequency fingerprinting mechanisms are developed to detect the above-discussed spoofing attacks, and the spoofing detection accuracy is achieved at a higher rate, 98.9%. A voltage-based intrusion detection system (VIDS) effectively detects masquerade attacks that are launched based on a single attacker. The prior approaches can overcome single attacker-based masquerade attacks. However, a new voltage corruption strategy [35] (based on a novel masquerade attack, named DUET) can be performed using two compromised ECUs to corrupt the bus voltages recorded by the VIDS: it is launched in a two-stage process (i) VIDS retraining mode: manipulate a victim ECU's voltage fingerprint, and (ii) VIDS operation mode: impersonate the manipulated fingerprint. The execution of DUET shows the possibility of a novel masquerade attack in VIDS. To avert from DUET in addition to other ECU masquerade attacks, a lightweight mitigation mechanism, Randomized Identifier Defense (named RAID) is proposed in [35] using a unique protocol dialect (spoken by all ECUs on the CAN during the VIDS retraining mode). RAID is compatible for each ECU in frame format generation during VIDS retraining mode and protects corruption of ECUs' voltage fingerprints. Table II shows a comparative study of state-of-the-art fingerprints-based ADPS based on different attributes that gives a better overview to understand the current scenario for attacks detection and protection using fingerprints. 2) Parameters Monitoring: Parameters Monitoring-Based ADPSs detect attacks by monitoring parameters at the network and message levels in the IVN. It is a two-step process: First, baseline traffic is established to learn how the system behaves typically based on the parameters and understand the regular traffic. Monitored traffic is then compared against the baseline and the IDS flags for any abnormal traffic using anomaly-based detection. Some potential network-based detection sensors as presented by Müter et al. [78] are frequency, formality, location, range, correlation, protocol, plausibility, and consistency. Among the sensors, frequency is commonly used because most ECUs broadcast CAN frame regularly, and their transmissions intervals can be easily observed [49] . Frequency-based IDSs are simple to apply and easy to analyze as an intrusion will disrupt the regularity of the CAN network, and the frequency of the system [49] . Besides, Parameters Monitoring-Based IDSs have low computational requirements as they monitor parameters for abnormal flow or irregular traffic in the real-time network. However, an IDS that uses frequency as a parameter relies on the cyclic nature of CAN messages and is ineffective against non-periodic communications such as the locking and unlocking of door [49] . In addition, the timing information of CAN traffic is dependent on the priority scheme of CAN, and this may significantly change and affect the accuracy of the IDS [95] . Lastly, like Fingerprint-based IDS, Parameters Monitoring-Based IDSs are vulnerable to masquerade attacks. The driving style of CAVs is determined by self-driving models and produces a standard network traffic pattern compared to human-monitored vehicles. Disruptions to the regularity of the CAV's CAN network will have a noticeable change from the baseline traffic, and it can be easily detected by Parameters Monitoring-Based IDSs. We discuss relevant parameters monitoring solutions as follows. The proliferation of ECUs and a wireless connectivity feature in present-day vehicles enable different functions and services, but it also opens the possibility of different security threats in CAN. In [40] , the bus-off attack (a new type of DoS) is proposed over the de facto standard IVN protocol, and this attack exploits the error-handling scheme of IVNs aiming for shut down or disconnect of uncompromised ECUs. The execution of a bus-off attack over actual IVN traffic on a CAN bus prototype and two real vehicles shows that this attack can be launched with the objectives to make uncompromised ECUs into defective ECUs and/or cessation of the complete automotive network. To address this challenge in IVN, a new defense mechanism is designed with two countermeasures as (i) indication of a bus-off attack: look for consecutive error frames with an active error flag, and (ii) confirmation of a busoff attack: successful transmission of another message with the same ID. Another countermeasure can also be considered consecutive errors at the same bit position instead of frames. IVN is enabled with many ECUs for various functions with Internet connectivity, and thereby, it has become a top-priority target point to launch automotive network system attacks. Thus, it is required to have compatible network mapping tools to report present security weaknesses and strengths of automotive networks. An automotive network mapping tool is developed in [41] that supports in finding vehicle ECUs and their communications with each other. However, there is a significant challenge in CAN, as CAN messages do not include the sender's information. Therefore, an automotive network mapper tool, CANvas is designed to know the information of sender ECUs based on a pairwise clock offset tracking algorithm and finds the receiver ECUs using a forced ECU isolation technique. The results confirm that CANvas can precisely identify ECUs in the network and the senders and receivers of CAN messages on the open-source Arduino Due microcontroller. A dynamic identifier virtualization (VID) mechanism is developed in [42] using random number sharing and substitution table methods to avert the analysis of CAN logs. Thus, generating valid messages by the adversary becomes more difficult. Thus, it reduces the possibility of spurious messages over the CAN bus. Implementing VID on actual vehicles provides better results and identifies the adversary (attempting reverse engineering) through imposed time constraints. Attackers should know the CAN message format to carry out suspicious activities in IVN, but this format is owned by OEMs and cannot be uniform even in different models of the same vehicle manufacture. Thereby, it is required to manually reverse-engineer the message format of each target vehicle, leading to inappropriate and time-taking procedures. A tool, LibreCAN [43] is developed that automatically translates most CAN messages with the least effort for reverse-engineering of a complete CAN communication matrix for any vehicle. LibreCAN is designed with a three-phase procedure in which the first and second phases use two algorithms (i) signal extraction and alignment (ii) defining the cut-off point for keeping pertinent signals with a high correlation value. The third phase is executed for snippeting of recorded CAN data while performing body-related events. The achieved results through the third phase are highly accurate, and the second phase outcomes relatively outperform. In [43] , they also discussed recent steps taken to avert such attacks in IVNs. An attacker manipulates the transmission time of messages, aiming to spoof CAN messages by adding delays and thereby averting from attacks detection while launching cloaking attacks on the CAN bus. To combat this new type of masquerade attack, the execution of a cloaking attack is analyzed, and it is then systematically modeled to understand its success probability on the state-of-the-art (SOTA) and network time protocol (NTP) IDSs [44] . The evaluation on testbed setup and in an actual vehicle (i.e., UW EcoCAR) shows that the NTP-based IDS is comparatively effectual than the SOTA IDS to detect masquerade attacks, and the cloaking attack is successful in NTP and SOTA IDSs. Experimental results on the collected data from UW EcoCAR verify that the average area deviation error (ADE) is 3.0% for SOTA IDS and 5.7% for NTP-based IDS. The evaluation on an actual vehicle is performed in [45] for understanding the capability of the pearson correlation (due to popularity for data exploration) and unsupervised learning techniques, i.e., k-means clustering (as they do not need extended time for the implementation of attacks detection mechanisms and may not rely on the context of the data.) as well as hidden Markov model (commonly used for better results). Vehicle's speed and RPM are mainly considered as reading parameters in [45] due to easy observation and safe for injection of bogus speed/RPM reading messages on the CAN bus. The possibility of physical and cyber attacks is highly increased in IVN due to not having security features in wireless connectivity enabled CAN. To tackle these problems, a mechanism is first designed to extract real-time model values by observing the behavior of CAN bus messages. A specification-based automotive IDS based on CAN timing, SAIDuCANT [46] is then developed using anomaly-based supervised learning techniques with the real-time model. Two new metrics, time to detection and false positives before the attack, are introduced to measure the performance of an IDS in terms of timeliness and classifier accuracy. Real-time vehicle implementation results of SAIDuCANT confirm the effective detection of data injection attacks with a low false-positive rate. Human interaction modules are installed in CAVs for different functions, e.g., vehicle voice control systems, but the automatic speech recognition (ASR) module may not detect accurate/correct voice commands or may proceed further through forged voice inputs. Therefore, the AV system may lead to unexpected consequences. It is a notable challenge to protect ASR systems from adversarial voice inputs in a hostile driving environment for driverless vehicles [47] . To address this problem, a three steps-based secure in-vehicle ASR mechanism, SIEVE [47] is developed that effectually identifies voice inputs given by the driver, passengers, or electronic speakers. SIEVE first does filtering of voice commands to distinguish the case of receiving the same signal multiple times in a short period from various sources, and it is done through autocorrelation analysis to find out the overlap of signals. In the second step, SIEVE checks whether a singlesource voice input is from electronic speakers or humans based on a dual-domain identification technique through frequency domain-based acoustic characteristic, i.e., low-frequency energy attenuation. However, adversaries may attempt modulated voice inputs to disturb the ASR module. SIEVE uses timedomain parameters to detect non-human voice inputs effectively to detect modulated voice commands. The third step differentiates voice inputs whether given by the driver or the passengers, as it is required to prioritize the driver's voice command over the passengers for the smooth moving of a car. For this, SIEVE is developed by leveraging the directions of voice sources by calculating the time difference of arrivals on a pair of close-coupled microphones. Also, a spectrum-based detection technique is developed for better voice distinguishes between the driver and passengers. Localization of spiteful nodes during the node replacement/installation process is a remarkable challenge in CANbased communication mechanisms, and the existing schemes are vulnerable to this issue [48] . New intrusion detection and localization system, TIDAL-CAN [48] is proposed by monitoring the propagation time of physical signals in which the time differences during signal propagation are calculated from the transmission point to the bus end. Furthermore, this variance is used as a location-based characteristic of the sender node to find malicious node installation/replacement and compromised nodes. The implementation results are mainly measured on the testbed setup by taking differential propagation delays into account, and they confirm that TIDAL-CAN can perform correct node classification without false positives even in attacks execution by compromised nodes. TIDAL-CAN can also identify transmitter nodes based on the attack method. Conventional IDS methods are designed using time and frequency threshold values, and thereby they may result in higher false alert rates [49] . A wavelet-based IDS, WINDS [49] is designed through continuous wavelet transform to get the exact location of frequency components over the time axis, leveraging to first detect anomalies on the CAN bus. The analysis is then performed based on the scale domain to capture long-time and immediate short-time duration attacks. WINDS was evaluated based on two datasets (generated through three commercial vehicles), and the implementation results confirm that WINDS can reasonably achieve the attack detection rate even an attack is immediately launched on the system. Timing parameters of CAN frames can be used to create a secure channel that satisfies authentication, directly averting the requirement of cryptographic mechanisms in resourceconstrained IVN for data transmission. However, this way can achieve the limited security level, and thus, an adversary can launch different types of attacks on the CAN bus. In [50] , an improved protocol is proposed through optimization algorithms (binary symmetric, randomized, greedy, and greatest common divisor) to schedule CAN frame cyclically and establish a covert channel for CAN traffic. Moreover, the proposed protocol can achieve higher data rates relatively on the covert channel due to the optimization of CAN traffic, enabling a 24-bit security level with six frames. The effective results can be achieved based on the proposed algorithms, i.e., a minimum inter-frame distance of 500 µs and expected arrival time in the range of ± 5 µs. When a CAN identifier (ID) sequence is configured through the IDs of CAN signals based on their order of occurrence, it will have a definite pattern. However, it is hard to identify the change in the corresponding pattern with a minimal number of attack IDs in a CAN ID sequence. In such cases, conventional IDSs are not effective. In [51] , an IDS is developed using two bidirectional Generative Pre-trained Transformer (GPT) networks that allow using past and future CAN IDs. To reduce the negative log-likelihood (NLL) value of the bidirectional GPT network, the proposed mechanism was inculcated for a typical ID sequence that detects an intrusion when the NLL value for a CAN ID sequence is larger than a pre-specified threshold. Determining spoofing messages is a significant challenge due to the lack of sender identification and authentication in CAN. Thus, a delay-time-based technique, Divider is previously proposed to find the sender ECU over the CAN bus, but it is not an effective solution while having ECUs with similar variations due to coarse time-resolution in Divider's measurement clock, making it challenging to distinguish ECUs. Moreover, another problem is the adaptability of a delay-time drift, caused by the temperature drift at the ambient buses [52] . To deal with these challenges, a sender identification mechanism, PLI-TDC [52] is developed using a super fine delay-time based Physical-Layer Identification (PLI) with Time-to-Digital Converter (TDC). PLI-TDC accurately identifies launched attacks on unmonitored and compromised ECUs. An accuracy rate of PLI-TDC is effective on a CAN bus prototype (of 99.67%) and in a real-vehicle (of 97.04%), whereas a mean accuracy can be achieved around 99% in PLI-TDC. While considering the number of transferred messages and the importance of on-time message delivery in IVN, CAN with Flexible Data-rate (CAN-FD) is better to satisfy high bandwidth and low latency requirements. However, CAN-FD is susceptible to masquerade attacks due to the unavailability of authentication protocols and adequate defense measures. In [53] , a dual-pointer solution, forward-backward exploration is proposed based on three methods, i.e., combination enumeration, forward exploration, and backward exploration for secure transfer of independent CAN-FD messages in IVN. In this solution, the MAC size of each message is dynamically balanced through dual-pointer movement rules until the total payload no longer increases, providing enhanced security by increasing the total MAC size of CAN messages and the forward-backward exploration achieves better time efficiency by completing the exploration process. Thereby, this solution can be applied for trustworthy CAN-FD message transmission in IVN. Table III displays a comparison outline of state-of-theart parameters monitoring-based ADPS based on different attributes, making it easier to understand the security severity in CAVs through parameters detail. 3) Information-Theoretic: Information theory is the mathematical treatment of the concepts, parameters, and rules governing the transmission of messages through communication systems. A key measure in information theory is entropy which relates to the measure of disorder and measure of the uncertainty associated with a random variable. In computer networks, IDS has applied entropy to detect threats based on anomalous patterns in the network. Entropy-based anomaly detection algorithms characterize the expected behavior of a set of data based on their level of statistical entropy [79] . The two key underlying assumptions of entropy-based anomaly detection are that the entropy of messages generated by the information source exhibits stable statistical characteristics and the anomalies introduce significant deviations in the statistical characteristics of the entropy. Traffic in IVN are mainly cyclic, and the information entropy is low and stable [80] , [81] , making entropy-based anomaly detection suitable. Since Information-Theoretic-based IDSs depend on the data information and flow, they are entirely independent of CAN messages' content. Hence, it can be applied to any traffic, even proprietary messages. However, they are ineffective against attacks that target the content of CAN messages, i.e., masquerade attacks. The main limitation of Information-Theoretic-Based IDSs that it is not effective against lowvolume attacks, in which the attackers inject only few packets per second and avoid increasing the entropy of the system [80] . Entropy-based IDS is ineffective against CAN messages with high entropy even during normal operations. Due to CAVs' consistent driving style, the IVN traffic of CAVs should have lower randomness and higher entropy stability than that of human intervention vehicles. Disruptions to the IVN traffic's entropy should be more noticeable and significantly increase the system's entropy. We describe information-theoretic-Based solutions as follows. To detect the feasibility of modification and replay attacks in CAN, an IDS solution in [36] is designed using Bloom filters (considering its efficient time memory trade-off) that verifies frame periodicity through message identifiers (IDs) and contents of the data field. Thus, it effectively detects modified frames by testing the frame's content, whereas duplicate frames are identified through an IDS even an attacker attempts to replay frames in the optimal time frame. This work mainly shows the possibility of using Bloom filters in the development of CAN-based IDSs to achieve better results to detect intrusions in the system. The issues of random cable connectivity for a short duration and the intermittent connection (IC) fault are directly linked to the system performance. Therefore, the possibility of systemlevel failures and system performance degradation can be increased if these problems are not addressed effectively in CAN. Thus, it is essential to precisely detect and localize the IC fault for better health management of CAN-based network systems. To address this problem, a systematic and practical IC fault diagnosis framework [37] is developed for CAN-based on the collected error event pairs from the data link layer, and from these error event pairs, the scheme extracts the positive and negative information to combine them for diagnosing the IC faults. The results of the proposed framework in [37] can be used as insights into the characteristics of IC faults for quick diagnosing during different circumstances that provide better system maintenance, improving the system reliability. Considering only color/textural information of images is valuable for semantic reasoning. However, combining semantic information and depth information of images can sub-stantially enhance scene parsing performance, especially in wrongly categorized based on only RGB features. Therefore, the Built-in Depth-Semantic Coupled Encoding (BDSCE) [38] module is proposed by integrating RGB and depth features that present important depth-discriminative features selectively. The BDSCE is congruent with existing CNN-based mechanisms and can offer better scene parsing results to address the misclassification issue. The Depth-Semantic Coupled Encoding Network (CEncNet) framework is developed using the BDSCE module to extend the conventional deep scene parsing. The implementation results on the Cityscape dataset confirm that CEncNet achieves better performance than the traditional mechanisms. The extensive experiments also show the effectuality of the BDSCE module for vehicle detection and road segmentation in city areas. Extensibility plays a significant factor in the automotive network, as it is developed based on the electrical/electronic (E/E) architectures. However, this optimization objective should be extensively considered in the design of IVN for the implementation of new functionality or modification in the existing functionality. To consider this problem in IVN, a new extensibility model [39] is developed for CAN using the mixed-integer linear programming (MILP) algorithm for mid-sized signal sets and the simulated annealing based heuristic algorithm for industry sized signal sets. Moreover, the corresponding extensibility metric for CAN-FD is designed. The results (carried out extensive implementations through synthetic signal sets) show the effectiveness of the proposed approaches in [39] . A comparative description of state-of-the-art information theoretic-based ADPS is given in Table IV that makes easier to understand the importance and effectiveness of using information theoretic approaches in CAVs. 4) Machine Learning: Machine learning-based IDSs have been deployed extensively in network security due to their ability to detect unknown attacks via anomaly detection through artificial intelligence (AI). The process of learning starts by analyzing provided data set to identify patterns, learn automatically using mathematical models, and extract useful information to make better predictions. Machine learning can be classified mainly into supervised and unsupervised machine learning. Unsupervised learning algorithms can understand and model the typical profiles of the network and report anomalies without any labeled data set [7] . On the other hand, supervised learning algorithms learn from labeled training data and predict future events based on the past. Most machine learning-Based IVN IDSs can be classified into the machine learning techniques applied; traditional machine learning and deep learning. Traditional machine learning techniques, including Support Vector Machine (SVM), Decision Tree (DT), Random Forest (RF), and Multi-Layer Perceptron (MLP), can be applied on IVN IDSs to identify the pattern of CAN network data to learn the expected behavior of the system [60] . Deep learning techniques use artificial or deep neural networks, algorithms inspired by the human brain. It works by repeatedly learning, understanding, and tweaking the model to achieve the best outcome, similar to how a human would conclude. A multi-layered structure of algorithms is applied to identify patterns and classify different types of information. The individual layer of the neural networks acts as a filter that increases the likelihood of detecting and predicting a correct outcome [94] . The main advantage of machine-learning-based IVN IDSs is their strength in detecting unknown attacks by reviewing large volumes of data and discovering trends and patterns that would not be apparent to humans. Furthermore, the model continuously improves accuracy and efficiency as more data is fed into the model. Deep learning also avoids the complex feature extraction step compared to traditional machine learning. The main disadvantage of machine-learning-based IVN IDSs is the high computational requirement as compared to the previous categories of IDSs [60] . In addition, a large data set is required to train the model and valuable data set is rare, especially those with attacks or abnormal traffic. The ensemble method is a technique that combines several base models in order to produce one optimal predictive model. It has been shown to achieve the desired accuracy and robustness [55] and to overcome the limitation of machine learning techniques. Compared to a typical vehicle, CAV relies on a larger number of multiple sensors, including cameras, radars, and LIDARs, to drive. These CAV sensors and ECUs produce large quantities of data that are highly suitable for analysis with machine learning techniques. It also helps to enhance the accuracy and performance of the existing training models. In addition, data could be collected remotely for CAVs, which increases the ease of data collection and the volume of available training data. Related machine learning-based solutions are discussed as follows. The number of CAVs will increase in the near future, and it is vital to detect abnormalities and discern their sources to provide a seamless experience of driverless vehicles in realtime. Therefore, anomaly detection and identification techniques are developed by effectively integrating a convolutional neural network (CNN) and Kalman filtering (KF) to find CAV systems' abnormal activities. CNN is first applied to timeseries data (acquired from various sensors), and images are then generated from real-time raw sensor data to classify them as abnormal. After that, a general framework is proposed using CNN and Kalman filtering with a χ 2 -detector (named as CNN-KF) to detect anomalies in CAVs. The experimental results of proposed approaches (only CNN, only KF, and CNN-KF) are evaluated based on accuracy, sensitivity, precision, and F1 score. CNN-KF framework collectively outperforms in these performance parameters in the anomaly detection, and identification [54] . CAN is used in automotive systems (e.g., CAVs) to execute different functions without/less human interaction for a compelling and comfortable journey. However, such automated systems are vulnerable to known and unidentified security threats, and thereby, it is necessary to detect such incidents early to avert infrastructure damage and loss of human life on the road. A dynamic ensemble selection system, DESS [55] is developed for anomaly detection in which the system includes two-class and one-class classifiers to identify fault types (from the training data set) and unknown fault types. Moreover, the network features are extracted from the physical-layer information, and the base classifiers are then trained based on these network features. The implementation was carried out on the data set, and the analysis confirms that anomaly detection robustness and adequate accuracy can be achieved through DESS with better results than other methods, even in the occurrence of different fault types. Different types of sensors in modern vehicles collect data from a vehicle and nearby objects to provide meaningful information to the vehicular communication system, enabling it to make better decisions while on the move. However, this collected data from sensors are susceptible to different inconsistencies (caused because of errors, cyberattacks, and/or faults), and thereby, the direct usage of sensor-generated data may lead to accidents on the road [56] . A multi-stage attention scheme with a Long Short-Term Memory-based Convolutional Neural Network, MSALSTM-CNN [56] is developed to detect anomalies from sensor-generated data, helping to avoid fatal casualties by CAVs. In MSALSTM-CNN, multi-source sensor readings are first classified as either ordinary or abnormal data, and it then concentrates on different values of streaming readings to understand their importance. A weight-adjusted finetuned ensemble, WAVED is also proposed through the optimal weight vector of classifiers for setting a unique voting weight to anticipate each classifier to identify anomalous actions. The experimental results demonstrate that the MSALSTM-CNN can achieve a better anomaly detection rate in the case of single anomaly types and mixed anomaly types. Thus, fatal casualties (caused due to anomalous data) can be reduced through MSALSTM-CNN. A communication network in CAVs is vulnerable due to the unavailability of security features in CAN and having the connectivity with the outside network for meaningful data exchanges, resulting in different types of suspicious activities. To deal with such a situation, a deep learning-based IDS is designed in [57] to find out malicious network activities from IVN, V2V, and V2I networks of autonomous vehicles. To detect intrusive incidents from the gateways of AVs, a long-short term memory (LSTM) autoencoder algorithm is developed using deep learning architecture. On the UNSW-NB15 dataset, the proposed IDS can achieve 98% accuracy to detect different types of attacks, whereas 99% accuracy is achieved on the database of car hacking for in-vehicle communications. IVN is susceptible to various network-based attacks due to the lack of security features in CAN and V2X connectivity with associated ECUs through the gateway ECU. Therefore, a CAN Bus Message Attack Detection Framework (CAN-ADF) [58] is proposed that can offer the generation of abnormality, detect anomalies, and validate the system performance for the CAN bus architecture. A rule-based method is designed from different network traffic characteristics and Recurrent Neural Networks (RNNs) for anomalies detection. A large number of CAN packets are collected from different actual vehicles to analyze the performance of CAN-ADF, and it shows an average accuracy of 99.45%. A visualization tool is designed to monitor the CAN bus traffic status, and it displays found attacks in the IVN system. CAN-ADF can be combined with other attacks detection methods to effectively identify a range of anomalies. The automotive system should have a trustworthy environment for reliable communications, as information plays a significant role in CAVs. In [59] , a graph-based four-stage IDS is proposed to detect various attacks in CAN in which a graphbased technique first finds abnormal patterns in the dataset. After that, the median test and chi-squared methods are applied to differentiate the two data distributions. The experiments exhibit that the misclassification rate is comparatively low for the proposed IDS in [59] , i.e., 4.76% for replay, 5.26% for DoS, and 10% for fuzzy attacks detection. All spoofing attacks can accurately be detected through the proposed method in [59] , and it can achieve better accuracy up to 13.73%. To deal with the problem of unavailability of sender in-formation (in sent messages over the CAN bus), an IDS is developed by using various machine learning approaches, i.e., Support Vector Machine (SVM), Decision Tree (DT), Random Forest (RF), and Multi-Layer Perceptron (MLP) for CAN [60] . The proposed IDS is applied to the KIA Soul car dataset to detect intrusions and the type of attacks based on a set of classifiers. The implementation results state that the RF classifier can achieve better results than DT, SVM, Recurrent Neural Network (RNN), Hierarchical Temporal Memory (HTM), and Hidden Markov Model (HMM) classifiers in the same context. Moreover, the precision result of SVM, MLP, RF, and DT is superior to HMM and RNN, but it is moderately poor than HTM. In [61] , a histogram-based intrusion detection and filtering (HIDF) mechanism are developed by combining a windowbased IDS and filtering approach to identify intrusions based on windows and do the filtration of normal CAN packets from an attack window. An intrusion detection model is first developed by using histograms of CAN traffic to understand a distinctive structure for different CAN traffic classes. Furthermore, a one-class SVM attack model is developed using normal CAN traffic and implemented with four attack variants, i.e., Gear, RPM, Fuzzy, and DoS. The experimental results based on two datasets demonstrate that the HIDF can accurately classify through a window, and the filtering system is capable of filtering out standard packets from abnormal windows with more than 95% correctness. CAVs are enabled with multiple sensors to collect relevant data and use it as inputs in various vehicle driving decisions. Thus, it is vital to ensure the reliability of this sensory information for errorless execution of different operations in CAVs. A perception error attack (PEA) can fail sensors to perceive the surrounding driving environment accurately, and thereby, captured data may be faulty, leading to unexpected consequences. To address this issue for autonomous vehicles, a countermeasure approach is proposed, LIDAR and Image data Fusion for detecting perception Errors (LIFE) [62] that identifies PEAs by evaluating the data consistency between LIDAR and camera image through object matching and corresponding point techniques. Thus, LIFE can detect various sensory data anomalies, i.e., LIDAR spoofing, camera blinding, false positives/negatives during object identification, LIDAR/camera rotation error, and LIDAR saturation/distance measurement error. Since anomalies are detected through LIFE, they can be forwarded to the driving system to make appropriate decisions. The evaluation results on the KITTI dataset show that LIFE provides average performance. However, LIFE can be improved for better performance results, i.e., reduce the number of false alarm instances for high intrusion detection efficiency and minimize the requirement of additional settings in existing autonomous vehicles. To protect against maleficent packet attacks in CAVs, it is required to find anomalies effectively; otherwise, the automated system may lead to unexpected situations, resulting in risky commute and infrastructure damages. To overcome this challenge, An event-triggered interval-based mechanism is proposed using machine learning to identify abnormalities and detect attacks in IVN [63] . To understand normal and malicious driving data in the context of IVN, four attack scenarios are first defined based on CAN messages. The eventtriggered interval of CAN identities is then analyzed and measured their statistical instants by considering the fixed time window. On the experiment over actual driving data, the results demonstrate that the proposed method in [63] can quickly identify anomalies and can achieve better performance in the attack type identification, time, and anomaly detection. Table V shows an analogical study of state-of-the-art machine learning-based ADPS, and it provides a comparison among recent ADPS solutions to know their efficacy in various attributes. Message authentication is used widely in information security to ensure that data integrity and authenticity are preserved while in transit and allow the receiver to verify the source of messages. Common message authentication mechanisms include message authentication codes (MACs), authenticated encryption (AE), and digital signatures. CAN does not have a built-in authentication process, making it vulnerable to masquerade attacks. However, the deployment of cryptographic methods is complex due to the CAN protocol's low throughput and limited bandwidth. Researchers have looked into several ways, including message authentication and covert channels, to meet the specific deployment criteria in IVNs. The most important benefit of message authentication is the protection against masquerade attacks, as CAN is a broadcast protocol without authentication. However, most message authentication solutions require the modifications of the CAN protocol or the introduction of additional information on the CAN frame. In addition, the generation of MACs and checksums increases the computational workload of the already resource-constrained ECUs. As compared to IDSs, message authentication is harder to deploy on existing vehicles as it requires either the manipulation of the CAN hardware or the addition of new hardware such as key server and Trusted Platform Module (TPM). We discuss relevant message authentication mechanisms as follows. CAN control messages are crucial in IVN, but the sender information is not available in CAN messages, leading to a denial of service, impersonation, and data alteration challenges. A security protocol is proposed in [16] to deal with such challenges by using authentication and data encryption mechanisms. The proposed scheme is designed with a MAC (to remedy the fixed data payload size of CAN data frames) and key management approach to provide secure exchanges between in-vehicle ECUs and external devices. The experimental results based on a manufactured ECU demonstrate the possibility of an attack over wireless connectivity through a malicious smartphone app. Performance analysis shows that the proposed protocol in [16] takes less computational resources, but it is susceptible to encryption key compromising, authentication attacks, and session key leakage. A compromised CD player can execute crucial operations, i.e., accelerate in CAVs. A lightweight authentication scheme for CAN, LEIA [64] is proposed to verify ECUs and protect them from compromised components of a vehicle. LEIA runs under the exact time and bandwidth constraints of automotive applications, and it is designed using unidirectional authentication in which a method of signaling technique is applied with the session key to check whether any of the subscribed ECUs is followed the synchronization/authentication process or not. Security analysis of LEIA confirms the protection against chosen-plaintext attacks. Present-day automobile systems are susceptible to various security threats, resulting in compromising the physical safety of vehicle travelers. A new ECU architecture is proposed in [65] for automotive CPS to satisfy security and performance attributes concurrently effectively. The proposed architecture is implemented on the Xilinx Automotive Spartan-6 fieldprogrammable gate array and NXP iMX6Q SABRE automotive board. The results confirm lower computation time and response time in [65] . Sharing a secret key in CAN is a challenging task due to the broadcast nature of the CAN bus architecture. A protocol suite [66] is suggested for secure exchange of keys over the CAN bus, and it is a combination of time-triggered mini-max and randomized delay key negotiation, which allows piggybacking frames with the keys' portions for secure computation of a session key. Moreover, CAN frames can be sent through the Diffie-Hellman (DH) version of the encrypted key exchange (EKE) and simple password exponential key exchange (SPEKE) protocols. The implementation was carried out on high-end controllers over Infineon Aurix cores (i.e., TC297 and TC277), and the outcome achieves reasonable results based on simple bus-based key negotiation and EKE/SPEKE-DH key sharing approaches. A keyless entry system is more convenient for CAV users, but it is susceptible to signal-relaying and network range attacks, making it difficult to distinguish an authorized door unlock request from a spiteful signal. An RF-fingerprinting technique, hold the dooR (HODOR) [67] is proposed to identify attacks in the keyless entry systems. HODOR is developed as a sub-authentication mechanism based on ultrahigh frequency band RF signals to implement on existing authentication processes (of keyless entry systems) without any modifications. The implementation results show that HODOR provides satisfactory results as the average false positive rate of 0.27% and the false-negative rate of 0% while considering the detection of simulated attacks. HODOR achieves the falsepositive rate of 1.32% to detect legal key determination under the non-line-of-sight conditions. CAN communications are unprotected in IVN, leading vehicles towards adversarial activities based on wired/wireless attacks. An efficient authentication protocol suite is proposed in [68] to provide a secure connection for the transmission of remote frame requests and the updation of session keys between in-vehicle ECUs and external devices through entity authentication and key management using ECC. The proposed protocol in [68] achieves better security and performance results than [16] , but it is vulnerable to encryption key compromising and authentication attacks. Modern cars are configured with different ECUs, including safety-critical, and the possibility of remote access is demonstrated to perform malicious activities in the CAN, allowing an attacker to control a vehicle. The existing message authentication protocols for CAN are either vulnerable to masquerade attacks or require hardware modification to protect against such attacks. A new authentication scheme, MAuth-CAN [69] is proposed using a unique session authentication key (that is computed through its seed value of an ECU) for each ECU to resist masquerade and bus-off attacks. The performance of MAuth-CAN was evaluated over embedded devices and using the CANoe software tool for simulation, and it is noticed that it relatively takes more computation time. However, it is required to reduce the computation time during the authentication process, as CAN is used in CAVs and other safety-critical applications. A significant problem of session key agreement over AU-TOSAR compliance is not resolved effectively even though various message authentication protocols are proposed for CAN communications. An AUTOSAR-compliant key management architecture is proposed in [70] by considering practical requirements for the automotive system. Further, a baseline session key distribution mechanism, SKDC is designed to provide various security functionalities, and a new secretsharing-based protocol, SSKT is proposed to achieve better communication efficiency results. The implementation of Arduino IDE and the CAN Bus Shield library confirm that SSKT provides better results for computation and communication efficiency. CAN FD is advantageous for data transmission in IVN because of its bit-rate capacity (of 8 Mbps) and payload size (of 64 bytes), but it is vulnerable to masquerade attacks due to the unavailability of adequate authentication protocols. In [71] , a two-stage scheme is proposed with two algorithms for security improvements for CAN FD communications. The first stage is performed to get the lower bound of an in-vehicle application by omitting most sequences through a quick sequence abandoning algorithm. Moreover, the laxity interval values are obtained from the lower bound to the deadline. In the second stage, the round accumulation algorithm is executed to improve the security by using MACs to CAN FD messages. The performance analysis results show that the proposed scheme is suitable for enhancing IVN communications security. In CAVs, it is necessary to protect telematics ECUs and OBD ports against message spoofing attacks due to their importance in IVN. A CAN bus authentication scheme is proposed in [72] that makes the use of message physical layer features, i.e., message arrival intervals and signal voltages, applying reinforcement learning approach to select the authentication mode and parameter. The proposed scheme achieves better authentication accuracy without modifying the CAN bus protocol's ECU parts. Moreover, a deep learning-based authentication scheme is proposed by using a hierarchical structure and two deep neural networks, reducing the exploration time and compressing the high-dimensional state space with fully exploiting physical layer features. Thus, it provides superior authentication efficiency over the CAN bus, as it is also verified through a test-bed setup with embedded devices. Various recent security experiments demonstrated the possibility of illegal access to car functionalities and vehicle theft, making modern vehicles vulnerable in different ways. To deal with these challenges, secure access, and feature activation scheme is proposed in [73] based on TPM 2.0 (acting as a trust anchor in a vehicle), and thereby, it provides a fine-granular authorization mechanism. Moreover, this proposed system can protect against potential security attacks in automotive scenarios. The experimental results on Raspberry Pi show that it can achieve reasonable performance results, but it could be improved for better performance efficiency to enable superior performance in the automotive systems. Secure exchange of cryptographic keys between ECUs is a significant challenge for secure IVN communications. In [74] , authors evaluated the key exchange protocol based on a standardized NIST elliptic curve and FourQ curve of the Diffie-Hellman. The implementation results of these protocols over Infineon and ARM core processor platforms show effective performance for CAN and CAN FD. It is also noticed that the computation time is more crucial than bandwidth, as the execution time of the elliptic curve is relatively high. Attackers can launch masquerade, suspension, and injection attacks on the CAN bus architecture due to the lack of appropriate built-in authentication and encryption mechanisms, resulting in life-damaging consequences. A transmitter authentication scheme in CAN, TACAN is proposed in [75] to offer secure authentication between deployed ECUs over the CAN bus architecture through three different covert channels (interarrival time-based, least significant bit-based, and hybrid). 6) Other Approaches: There are some other approaches which are useful to detect various security attacks and provide the protection against them. Anti Analysis: Attestation is the mechanism in which software verifies the authenticity and integrity of the hardware and software of a device. In today's CAVs, ECUs use flash memory that allows authorized entities to update or flash a new version of the firmware. Although firmware updates, especially common in CAVs, fix known bugs and security holes in the software, it increases the attack surface. Therefore, it is crucial to know when the system's integrity has been compromised, which can be achieved by using cryptographically secure techniques such as firmware attestation, MAC, and hash-value authentication. The firmware attestation scheme is a challenge and response type of protocol. Two main entities are involved in the attestation process, a challenger (the attester) and a respondent (the ECU being attested) [85] . The most important feature of anti-analysis-based ADPS is the integrity of the firmware, which allows each ECU to learn about the security stance of other ECUs in the vehicle. Furthermore, a decentralized attestation process is more robust and can independently attest to the state of the whole vehicle. However, anti-analysis-based IDS is ineffective against attacks on the program without affecting the state of the firmware. It includes attacks in the current memory program and on the trusted hardware, which affects the trustability of the attestation process. Post Protection: Firmware over-the-air (FOTA) update is the process of distributing new firmware via the wireless medium (i.e., Wi-Fi and cellular network) to update the application that runs on top of the operating system. The updates usually come with software fixes, new features, and enhancements for the vehicles. This process updates the whole software stack and replaces the operating system and application. FOTA is especially critical for CAVs, as they are constantly connected to the external networks and, thereby, need to be updated fast to deal with new threats and environments regularly. A secure firmware over-the-air update can prevent the firmware from compromising. Fuzzing: Fuzzing is a security testing technique that attempts to find software bugs by injecting randomly generated valid and invalid inputs into a program. A fuzzer software is usually used to create a set of test values automatically. A normal program would expect to receive structured inputs, and fuzzing stress tests the application to create unexpected behavior or crashes. CAN can expose unknown vulnerabilities in the ECU software while fuzzing is applied on CAN traffic [82] . Fuzzing on ECUs is more challenging due to car manufacturers' different proprietary CAN databases. The CAN database is specified in the DBC format file, a text file containing information for decoding raw CAN bus data to "physical values". While black-box methods such as bruteforce and random search can work without the CAN database, they are inefficient due to the infinite number of possible inputs. Fuzzing detects loopholes in software reliably without false positives, increasing the robustness of car software. With the advent of CAVs, fuzzing will be more important as more software is deployed and the connected vehicles suffer from similar security vulnerabilities as other computer-based network systems. In addition, fuzzing can help discover vehicle systems functions that car manufacturers may not know [83] . Modern vehicles are connected with external interfaces, several software modules, and many ECUs via OBD-II. This exposes CAVs for malicious activities with conventional and new security threats. The market for CAVs is rapidly increasing to provide more advanced transportation services and comfortable journeys. Hence, it has become essential to detect security vulnerabilities and faults in CAVs; otherwise, it can create chaos on the road, causing undesired consequences, human life risk, or infrastructure damage. Besides, there are also other approaches (i.e., keyless entry system, telematics, DSRC/Bluetooth/Wi-Fi communication technologies, and Global Positioning System) through which adversaries can target the automotive system for susceptible activities in CAVs. The keyless entry system has received the highest attention from adversaries for malicious actions by performing signal relay attacks. We, therefore, discuss key research problems and open challenges for ADPS of CAVs. Datasets with normal and attack scenarios are commonly used to identify security threats and validate novel attack detection techniques. However, limited research works are available on the collection and validation of the attacks data [7] . Such realistic datasets are valuable assets to the research community to continuously improve the resilience of security assessment solutions for CAVs and accurately measure the performance of attack detection strategies. Since the market of CAVs is increasing rapidly to enable society with advanced transportation services and applications, there is an immediate need to develop systematic fuzzing-based security testing techniques. Such fuzz testing methodologies may facilitate continuous testing for a variety of attacks to realize the resilience of CAV systems and evaluate the effectiveness of attacks detection and prevention approaches in a real environment based on different performance measurement parameters, e.g., accuracy, timing, sensitivity, etc. Moreover, the progress in fuzzing methodologies has opened new avenues to discover unforeseen (zero-day) attacks on CAVs. Such is crucial to fine tune the automotive security systems before deployment. In general, fuzzing approaches can be classified into Blackbox, Greybox and Whitebox. It is not feasible to use any form of Greybox fuzzing approaches [97] , as such approaches require instrumenting the ECU code. Whitebox approaches e.g., symbolic execution [98] is also not applicable for fuzzing commercial ECUs, as commercial ECUs are closed source. Existing blackbox fuzzing approaches [99], [100] are unlikely to be effective, as such techniques (i) do not learn from previous fuzzing campaigns, or (ii) are limited in terms of structured input generation, and these are important aspects for effective protocol fuzzing. Systematic blackbox fuzzing, which will generate structured inputs according to the targeted protocol and will learn from the fuzzing campaigns to automatically evolve the fuzzing process, is likely to be effective and practical for fuzzing components of CAVs. This can be accomplished with the goal to maximize the explored protocol features to uncover new vulnerabilities. CAV relies on a large number of multiple sensors, including cameras, radars, and LIDARs, enabling more accurate data results for worry-free journeys. However, these sensors enable adversaries for additional attack surface to launch sensor-based attacks (such as spoofing, eavesdropping, and jamming) on the vehicle's self-driving automated control system [96] . Such additional attack surfaces may lead to information leakage, false sensory data injection, DoS, and transmission of malicious commands in the IVN [86] . Since CAVs are highly mobile nodes and gather data from various sensors to perform different operations with limited resources, detecting malicious or faulty sensor nodes is challenging. Advanced attack detection systems that combine groundbreaking techniques (such as sensor fusion and machine learning with the abundance of information generated by CAVs) should be developed to detect sensor-based attacks effectively. Current security solutions can provide a specific level of security robustness over the CAN bus architecture to protect from forgery attacks (that are launched to disrupt the communication channel or automotive data). Available solutions are limited in scope (for data protection and communication channel) and are capable to withstand specific security attacks only. Thus, it is difficult to identify susceptible activities when a compromised part (i.e., ECU) performs attacks on the CAN bus architecture. To find the source of attacks, protocols based on electrical signal characteristics of ECUs are proposed [8] , [30] , [31] , [43] , [47] . Such solutions may not realize whether the source is already compromised or not due to the change in IVN environmental circumstances. ECUs can be compromised in two ways: (i) exposed ECU is mounted, and (ii) ECU is compromised after the installation. Zero-trust-based multifactor authentication protocols should be implemented by involving multiple entities during the deployment of ECUs to avert the first possibility of ECU compromisation. For effective attack identification from compromised ECUs, lightweight security protocols should be developed to quickly protect the system from compromised ECUs. CAN is not enabled with an in-built authentication and encryption mechanism to protect from forgery attacks over the CAN bus architecture. Therefore, researchers have focused on addressing the issue of forged communications by developing cryptographic-based security solutions. Hardware-based cryptography methods can be used to improve the security level to meet the real-time needs of CAVs. However, the high implementation cost, the compatibility with the existing infrastructure, and system modifications are important challenges to satisfy security requirements. Software-based cryptography methods can be applied, and it does not require any changes in the CAN bus architecture. However, the computation and communication overhead on the payload increase the requirement of additional computing capabilities on resource-constrained automotive systems, leading to a time-consuming process [7] , [8] , [16] , [68] . Researchers have developed various security schemes to provide security using different cryptographic primitives, but most of them require more computation cost and communication overhead. Therefore, the key challenge is to design lightweight security protocols for CAN-based communications with low latency. This is to perform necessary operations quickly with limited computing power and provide an adequate level of security to protect the automated system from various security attacks. CAVs are configured with different IoT and embedded devices to execute in-vehicle and outside network operations to make better decisions. These devices are very limited in security features to avert various threats [88] , and thereby they are the major targets of adversaries to launch traditional and new security attacks through malware codes. Since ECUs are connected to external sources through a gateway, realtime malware scanning can be applied at the gateway, but the need for excessive computing power is raised for a gateway, and it might not detect all malware codes with its limited on-board resources. Furthermore, it is tough to identify malware amongst the high number of associated ECUs in CAVs [89] . Thus, it opens an opportunity for adversaries to send malicious payloads to perform susceptible activities over the IVN, leading the automotive system to unanticipated situations and severe consequences. Hence, it is adequate to design the automotive system with malware code detection and protection to reduce the impact of security exposures and vulnerabilities. CAVs communicate with external devices (i.e., infrastructure, sensors, other vehicles, RSUs, and mobile devices) through V2X communications that connect a vehicle to its surroundings for rich data collection, thus improving accuracy of relevant outputs. However, V2X connectivity can be an entry point to perform adversarial activities (i.e., data injection, delayed communication, bogus data transmission, overwhelming resources, shutting off the functionalities, etc.) in the IVN. Thus, automated system operations are significantly impacted, disrupting the overall performance of platoon of CAVs. To improve safety and security, advanced and robust vehicular control systems and defenses should be developed to withstand traditional and new cyberattacks with limited resources [7] . Current research has mainly focused on the prevention and defense techniques for CAVs, but it is also required to focus on control and recovery strategies that can support the automated control system to recover from unexpected incidents and security vulnerabilities. Since CAVs are enabled with the automation system architecture to execute various operations without (or minor) human intervention and are highly mobile nodes, it is necessary to quickly restore the system from damaged conditions and perform different operations by following legal system procedures. Controloriented techniques are useful to manage the automated control and recovery from attacks that can reduce the damage level in CAVs. Hence, the research area of control-oriented techniques should be explored to create effective resilient and recovery strategies that can mitigate such network attacks in the IVN. Researchers suggested various machine learning-based models to detect security attacks in CAVs, and these models mainly work based on the collected data through installed devices. However, there are demonstrations that if pixel values of an input image are altered, then the model can produce erroneous results, and the understanding of images is successful under certain conditions only [90] , [91] . Besides, various mechanisms are trained to understand "patches", and they can be imposed on an object to mislead detectors and classifiers [92] , [93] . In such cases, the trained model cannot detect objects even though they are available on the way of CAVs, or they can come closer to CAVs. Thus, by launching adversarial attacks on reinforcement learning mechanisms that are developed for automotive system-based vehicles, an attacker may cause significant damage. Therefore, it is essential to develop reliable machine learning-based attacks detection systems for CAVs. This survey article gives an overview of CAVs in different aspects. Considering the significance, important applications, and mobility nature of CAVs, we have discussed vital security and privacy properties as well as performance evaluation parameters to understand their importance in CAVs. Moreover, a variety of attacks are briefly explained and their possible countermeasures are discussed. The possibility of such attacks have a great impact on the automotive system of CAVs and can produce unexpected consequences. We have extensively reviewed different categories of ADPS and have studied recent IVN solutions in a systematic way to classify them under the category of attacks detection and protection. To quickly provide an in-depth knowledge about the current research status on ADPS approaches, we present a comparative summary of relevant methods under each category by providing their key contributions, features, and scope for the enhancement. We hope that this survey will provide a strong base to study about recent ADPS solutions and research directions for new and more appropriate techniques to achieve better security level and performance efficiency. Cybersecurity for autonomous vehicles: Review of attacks and defense A Survey on Cyber-Security of Connected and Autonomous Vehicles (CAVs) Taxonomy and Definitions for Terms Related to Driving Automation Systems for On-Road Motor Vehicles Networking and communications in autonomous driving: A survey In-vehicle networks outlook: Achievements and challenges On the security of in-vehicle hybrid network: Status and challenges Cyberattacks and countermeasures for in-vehicle networks EASI: Edge-Based Sender Identification on Resource-Constrained Platforms for Automotive Networks CAN XL is knocking on the door A Survey of Attacks on Controller Area Networks and Corresponding Countermeasures The future of mobility Study of the Potential Energy Consumption Impacts of Connected and Automated Vehicles The eCommerce decade: How the 2010s changed online shopping How customer demands are reshaping last-mile delivery A practical wireless attack on the connected car and security protocol for in-vehicle CAN Potential cyberattacks on automated vehicles Cyber-physical systems security-A survey Comprehensive experimental analyses of automotive attack surfaces Remote exploitation of an unaltered passenger vehicle 0-days & mitigations: roadways to exploit and secure connected BMW cars Self-driving cars and data collection: Privacy perceptions of networked autonomous vehicles Internet of vehicles and autonomous connected car-privacy and security issues Vehicular blockchain-based collective learning for connected and autonomous vehicles Autonomous vehicles for smart and sustainable cities: An in-depth exploration of privacy and cybersecurity implications A survey of intrusion detection for in-vehicle networks A survey on security attacks and defense techniques for connected and autonomous vehicles Intrusion detection system for automotive Controller Area Network (CAN) bus system: a review Fingerprinting electronic control units for vehicle intrusion detection Viden: Attacker identification on in-vehicle networks Voltageids: Low-level communication characteristics for automotive intrusion detection system Scission: Signal characteristic-based sender identification and intrusion detection in automotive networks SIMPLE: Single-frame based physical layer identification for intrusion detection and prevention on in-vehicle networks Who Is in Control? Practical Physical Layer Attack and Defense for mmWave-Based Sensing in Autonomous Vehicles Evading voltage-based intrusion detection on automotive CAN Efficient intrusion detection with bloom filtering in controller area networks Tree-based intermittent connection fault diagnosis for controller area network Built-in depthsemantic coupled encoding for scene parsing, vehicle detection and road segmentation Optimizing Extensibility of CAN FD for Automotive Cyber-Physical Systems Error handling of invehicle networks makes them vulnerable Canvas: Fast and inexpensive automotive network mapping Catch ID if you CAN: Dynamic ID virtualization mechanism for the controller area network LibreCAN: Automated CAN message translator Shape of the cloak: Formal analysis of clock skew-based intrusion detection system in controller area networks On the performance of detecting injection of fabricated messages into the can bus Saiducant: Specification-based automotive intrusion detection using controller area network (can) timing SIEVE: Secure In-Vehicle Automatic Speech Recognition Systems TIDAL-CAN: Differential timing based intrusion detection and localization for controller area network WINDS: A Wavelet-Based Intrusion Detection System for Controller Area Network (CAN) CANTO-Covert Au-theNtication with Timing channels over Optimized traffic flows for CAN Intrusion Detection Method Using Bi-Directional GPT for in-Vehicle Controller Area Networks PLI-TDC: Super Fine Delay-Time Based Physical-Layer Identification with Time-to-Digital Converter for In-Vehicle Networks Security enhancement for real-time independent in-vehicle CAN-FD messages in vehicular networks Realtime sensor anomaly detection and identification in automated vehicles Anomaly detection for controller area network in braking control system with dynamic ensemble selection Anomaly detection in automated vehicles using multistage attention-based convolutional neural network Novel deep learning-enabled lstm autoencoder architecture for discovering anomalous events from intelligent transportation systems CAN-ADF: The controller area network attack detection framework Graphbased intrusion detection system for controller area networks Comparative Performance Evaluation of Intrusion Detection Based on Machine Learning in In-Vehicle Controller Area Network Bus Histogram-Based Intrusion Detection and Filtering Framework for Secure and Safe In-Vehicle Networks Seeing is not Always Believing": Detecting Perception Error Attacks Against Autonomous Vehicles Event-Triggered Interval-Based Anomaly Detection and Attack Identification Methods for an In-Vehicle Network LeiA: A lightweight authentication protocol for CAN Design and evaluation of a reconfigurable ecu architecture for secure and dependable automotive cps TRICKS-Time TRIggered Covert Key Sharing for Controller Area Networks Hold the Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft An efficient authentication scheme for intra-vehicular controller area network MAuth-CAN: Masquerade-Attack-Proof authentication for invehicle networks Session Key Distribution Made Practical for CAN and CAN-FD Message Authentication Security Enhancement for Real-Time Parallel In-Vehicle Applications by CAN FD Message Authentication Reinforcement Learning-Based Physical-Layer Authentication for Controller Area Networks Secure Role and Rights Management for Automotive Access and Feature Activation Fast and Efficient Group Key Exchange in Controller Area Networks (CAN) Covert Channel-Based Transmitter Authentication in Controller Area Networks Combining priors, appearance, and context for road detection December). Road context-aware intrusion detection system for autonomous cars A structured approach to anomaly detection for in-vehicle networks Elements of information theory Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms Hardware module-based message authentication in intra-vehicle networks ATG: An attack traffic generation tool for security testing of in-vehicle CAN bus An Enhanced Method for Reverse Engineering CAN Data Payload I know where you parked last summer: Automated reverse engineering and privacy analysis of modern cars Decentralized firmware attestation for in-vehicle networks A Survey on Sensor-Based Threats and Attacks to Smart Devices and Applications TSP security in intelligent and connected vehicles: Challenges and solutions A survey on IoT platforms: Communication, security, and privacy perspectives Defending connected vehicles against malware: Challenges and a solution framework Deep neural networks are easily fooled: High confidence predictions for unrecognizable images Securing connected & autonomous vehicles: Challenges posed by adversarial machine learning and the way forward Adversarial attacks on neural network policies Adversarial attack and defense in reinforcement learning-from AI security view In-vehicle network intrusion detection using deep convolutional neural network Anomaly detection approach using adaptive cumulative sum algorithm for controller area network A survey on security attacks and defense techniques for connected and autonomous vehicles Smart greybox fuzzing [99] How To Install and Use Radamsa to Fuzz Test Programs and Network Services on Ubuntu Implementation of the CAN-FD protocol in the fuzzing tool beSTORM This work is supported by the grant from Land Transport Authority (LTA), Singapore (LTA-UMGC-L011). We thank LTA colleagues and project team members for their helpful input.