Abstract

This paper proposes a novel intrusion detection algorithm that aims to identify malicious CAN messages injected by attackers in the CAN bus of modern vehicles. The proposed algorithm identifies anomalies in the sequence of messages that flow in the CAN bus and is characterized by small memory and computational footprints, that make it applicable to current ECUs. Its detection performance are demonstrated through experiments carried out on real CAN traffic gathered from an unmodified licensed vehicle.

Highlights

  • As the automotive industry pushes toward the adoption of more advanced infotainment systems and self-driving capabilities, modern vehicles become mobile networks of computing devices, possibly connected to the Internet

  • In the case of a Replay attack, we can clearly see that, despite the length of the sequence of injected messages, the detection percentage does not follow any particular trend, and varies within a range of 20% to 40%. We remark that this represents a worst case scenario for the proposed anomaly detection algorithm, because attacks are a replay of message sequences already seen during training

  • In this paper we propose a novel intrusion detection algorithms that is based on the identification of recurrent patterns of IDs

Read more

Summary

INTRODUCTION

As the automotive industry pushes toward the adoption of more advanced infotainment systems and self-driving capabilities, modern vehicles become mobile networks of computing devices, possibly connected to the Internet. Since all the known attacks that pose relevant safety risks involve the injection of malicious messages within the CAN bus of the attacked vehicles, an interesting and still wide open research field is the identification of methods and algorithms for analyzing messages transmitted over the CAN bus, with the aim of identifying possible evidences of illicit activities. Within this field of research, this paper proposes a novel anomaly detection algorithm for the CAN bus of modern vehicles.

DETECTING ANOMALIES IN SEQUENCES OF CAN IDS
Structure of CAN data frames
Overview of the proposed algorithm
Training Phase
Detection phase
Memory and computational requirements
ATTACK SCENARIOS
Basic Injection
Realistic attacks
EXPERIMENTAL EVALUATION
Detection of basic injections
Detection of realistic attacks
RELATED WORK
Findings
CONCLUSION

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.