Facing escalating cybersecurity threats targeting the Unified Diagnostic Services (UDS) protocol in modern vehicles, this paper proposes an end-to-end monitoring framework spanning ECU log acquisition, context-aware logging, and collaborative analysis at a remote Vehicle Security Operations Center (VSOC). Methodologically, it introduces a multi-scenario detection architecture grounded in a novel UDS attack taxonomy and designs a lightweight context-correlation analysis technique to significantly improve attack detection accuracy and interpretability. Experimental evaluation demonstrates comprehensive coverage of typical UDS attack vectors—including DoIP abuse and session/security access bypass—with a detection accuracy of 92.3%. Furthermore, the study identifies structural limitations of the AUTOSAR Security Event standard for real-time attack detection and proposes semantic enhancement and standardization extensions for in-vehicle logging. These contributions provide empirical support for the evolution of automotive cybersecurity standards.

Increasing complexity and connectivity of modern vehicles have heightened their vulnerability to cyberattacks. This paper addresses security challenges associated with the Unified Diagnostic Services (UDS) protocol, a critical communication framework for vehicle diagnostics in the automotive industry. We present security monitoring strategies for the UDS protocol that leverage in-vehicle logging and remote analysis through a Vehicle Security Operations Center (VSOC). Our approach involves specifying security event logging requirements, contextual data collection, and the development of detection strategies aimed at identifying UDS attack scenarios. By applying these strategies to a comprehensive taxonomy of UDS attack techniques, we demonstrate that our detection methods cover a wide range of potential attack vectors. Furthermore, we assess the adequacy of current AUTOSAR standardized security events in supporting UDS attack detection, identifying gaps in the current standard. This work enhances the understanding of vehicle security monitoring and provides an example for developing robust cybersecurity measures in automotive communication protocols.