in South Korea. The competition problem was to develop attacks and detection algorithms for CAN, a widely used standard of in-vehicle communication. The participants earned scores when they detect other team's attacks and inject critical or stealth attacks. The most significant difference from the events of Pwn2Own and SINCON is that we held attack and detection competitions simultaneously.The contributions of our competition are listed below:• We used a commercial car in the competition: Hyundai Avante CN7, a model released in 2020. The participants could inject attacks and see the following effects of a real vehicle. • The competition aimed to challenge participant's attacks and detection algorithms concurrently. On the day of the main contest, we captured the CAN traffic while the red team injects attack messages into the car and transmitted the traffic to the rest of the teams' (i.e., blue teams) detection systems. It is the first attempt to contest both attack and detection skills in the same car security contest to the best of our knowledge. • We ran a testbed with real vehicles before the finals, so even individual participants who do not have equipment could use the environment to inject and analyze CAN traffic. We believe this opportunity helped increasing interest in car security to researchers and students. • We could test and compare attack and detect methods of many research teams, including companies and universities in car security field. They showed statistical rulebased approach is effective to detect attacks, and reducing frequency of attack messages helps to avoid detection systems.
II. BACKGROUND
A. In-vehicle networkMost vehicles have standard protocols, i.e., LIN, CAN, MOST, and FlexRay, to communicate with in-vehicle nodes. In those protocols, the CAN protocol has high-integrity data communications for real-time applications, reliability, and excellent error detection. For such reasons, most common vehicles apply CAN to an in-vehicle network to transmit sensor data between the nodes: Electronic Control Unit (ECU), microcontrollers, and sensors [14]. It has characteristics such as multi-master bus access, bus topology, and message priority. An accessed CAN bus node can transmit CAN message without any configuration Abstract-Cybersecurity competitions can promote the importance of security and discover talented researchers. We hosted the Car Hacking: Attack & Defense Challenge from September 14, 2020 to November 27, 2020, and many security companies and researchers participated. To the best of our knowledge, it is the first competition to contest both attack and detection techniques on an in-vehicle network, specifically Controller Area Network (CAN). The participants developed various injection attacks and high-performance detection algorithms based on the real vehicle environment. Rule-based and ensemble tree-based models dominated the final round. Also, time interval and data byte patterns worked as major features to detect attacks.