Deep learning approach for attack detection in controller area networks

Abstract

As autonomous driving technologies evolve, an in-vehicle network connecting numerous sensors, actuators, and electric control units (ECUs) has become increasingly important and has led to the critical need for ensuring the security of these networks. These ECUs and vehicle components in an in-vehicle network require a more reliable and fast data transport protocol than those in ordinary computer communication. To meet these requirements, the controller area network (CAN) protocol is used in which a CAN frame containing a small payload related to the state and control of a vehicle is sent. Because the CAN protocol broadcasts unencrypted messages to the bus, it is exposed to many security threats and vulnerabilities. In particular, a network can be easily compromised by attacks such as denial-of-service (DoS), fuzzy attacks, and spoofing as long as the attacker can access the CAN network. In this study, we develop a novel deep convolutional neural network (DCNN)-based attack detection technique for CAN. Specifically, we use two key characteristics that can be obtained by observing CAN traffic flows. The first is the statistical distribution of CAN frame appearances per unit time, and the second is the average interarrival time (IAT) of the CAN frames. These characteristics are measured at different levels of time granularity and are aggregated to constitute traffic samples for DCNN-based attack detection. By processing these samples and inputting them into the DCNN, we can determine the presence or absence of an attack during each time interval in real time. Because the proposed method utilizes statistical characteristics at different levels of time granularity, it can effectively detect attacks performed in both wide and narrow time intervals.