A Lightweight Intrusion Detection System for CAN Protocol Using Neighborhood Similarity

Abstract

The Controller Area Network (CAN) protocol is the most commonly used communication protocol for in-vehicle networks due to its simplicity, efficiency and robustness. However, the CAN protocol is vulnerable to malicious attacks because it lacks basic security features such as message ID authentication, access control and message verification. Specifically, CAN pro-tocol fails to provide protection against message injection at-tacks. This paper presents a novel lightweight Intrusion Detection System (IDS) that translates CAN traffic into a mathematical abstraction i.e. temporal graph and then applies neighborhood-based graph similarity technique to detect CAN bus intrusions. The performance of the proposed approach is evaluated on a dataset from a real vehicle. The dataset consists of three types of message injection attack including spoofing, fuzzy and DoS attack is used for performance evaluation. Experimental results indicate that the proposed IDS can successfully detect these attacks with high detection accuracy. Specifically, the proposed IDS achieves detection accuracy of 96.01% as compared to best case scenario detection accuracy of 90.16% for existing state-of-the-art.