Analysis of ID Sequences Similarity Using DTW in Intrusion Detection for CAN Bus

Abstract

Connected vehicles have recently attracted considerable attention for revolutionizing the transportation industry. Although connectivity brings about a vast number of benefits, it can give rise to a wider attack surface as more physical access interfaces have been introduced. In particular, anomalous behaviour of the Electronic Control Units (ECUs) caused by malicious attacks can result in serious consequences and possibly lead to fatal accidents. Hence, it is important to develop methodologies that can sniff vehicular data and detect it for further attack analysis. In this article, we develop a novel similarity-based intrusion detection methodology named SIDuDTW, which identifies malicious messages inside vehicle network, e.g., Controller Area Network (CAN), by using Dynamic Time Warping (DTW) distance between CAN ID sequences. Subsequently, the theoretical analysis for the recurring sequence pattern, wave splitting strategies, similarity metric, and optimal parameters providing strong robustness against several kinds of attacks in SIDuDTW are detailed. A series of experiments demonstrate that the developed methodology can detect attacks with high accuracy. In addition, this proposed methodology significantly outperforms the intrusion detection capabilities of existing approaches in terms of basic injection, replay and suppression attacks. It is envisioned that this work will contribute to the development of safer autonomous vehicle conceptualized as a key unit within broader smart city.